RubyGems - train-k8s-container-mitre - Versions diffs - 2.0.1 → 2.0.3 - Mend

train-k8s-container-mitre 2.0.1 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.release-please-manifest.json +1 -1
data/CHANGELOG.md +35 -0
data/CONTRIBUTING.md +51 -5
data/DEVELOPMENT.md +44 -6
data/README.md +5 -3
data/lib/train-k8s-container/version.rb +1 -1
data/release-please-config.json +1 -3
data/train-k8s-container.gemspec +22 -0
metadata +23 -4
data/VERSION +0 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: af608609f892f66f0f7210823ce896919a01be49eacf9181be6b5ec451ad6e7f
-  data.tar.gz: 81f951dba94aca48878c00208baaada55af3e2f4b7fc614d48f23c85dc47cd84
+  metadata.gz: 6aef3c36a97fd15eb144078a356e94c15711cad2ce7f267fd76a68d2d96043ef
+  data.tar.gz: fb7929665b4f7cac1d057f6277ca86defa5f28511a040fac38aff31b4adf762c
 SHA512:
-  metadata.gz: 85ca8fb769a50ea96f91276822e171cbfdf2b43cc7debcbf4c2a5699953a6ec024535b50c0d7a9cd94f8511dd167e8168f7262fb23fb3a2f6f4811abfff7b8e5
-  data.tar.gz: d71d192ea3808b3879d78b44a3e292c516d8e70298ce012c97567605d8e059dbfb64948ee17d1d05da7e30885ac5115ee6d88e8ebdd6b85bed83eef1b80ec976
+  metadata.gz: 1625625532721a6da204352a46e4ee65168c21b68a9ef03bb660613fa78a03acded5d370ad1ac6ab63f6fb5faad79d3c6db7fd1cc915715c5e503b16f6b611cb
+  data.tar.gz: fea6a3be4230ee420687fd5d116145eba00b8693d9706dfed4581253ee56cb0410b45ee8359090b7c1daba67964155a388999f817425b145ff9db369737e2ddd

data/.release-please-manifest.json CHANGED Viewed

@@ -1,3 +1,3 @@
 {
-  ".": "2.0.1"
+  ".": "2.0.3"
 }

data/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,41 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.0.3](https://github.com/mitre/train-k8s-container/compare/v2.0.2...v2.0.3) (2025-12-12)
+### Bug Fixes
+* Remove duplicate tests from release workflow ([dc9080a](https://github.com/mitre/train-k8s-container/commit/dc9080a48be97cc4c2c4526628d1697636fbe879))
+* Use PAT for release-please to trigger CI on PRs ([725a1e3](https://github.com/mitre/train-k8s-container/commit/725a1e359425ca3df6ee2347906935c15fd34de0))
+## [2.0.2](https://github.com/mitre/train-k8s-container/compare/v2.0.1...v2.0.2) (2025-12-12)
+### Bug Fixes
+* Add post-install warning for correct plugin installation ([832e1c3](https://github.com/mitre/train-k8s-container/commit/832e1c36920d59e51ca34fce786fea4749fc4fc4))
+* Configure release-please to use simple v* tags ([aefc7ba](https://github.com/mitre/train-k8s-container/commit/aefc7baa4f86608dcfe91479491b150850989d43))
+### Documentation
+* Update CHANGELOG for v2.0.1 release ([2237873](https://github.com/mitre/train-k8s-container/commit/2237873cc5142f48ca416242f985be0f41550e4d))
+* Update installation instructions and add post-install warning ([8649575](https://github.com/mitre/train-k8s-container/commit/86495758a6794ae00505e50391f109442487d72a))
+* Update release process documentation for release-please ([a9f4fd3](https://github.com/mitre/train-k8s-container/commit/a9f4fd3ce1da48557aa3442d62ca97ab983b3d21))
+## [2.0.1] - 2025-12-05
+### Fixed
+- Add shim file for train-k8s-container-mitre gem name compatibility
+- Reset version tracking for release-please integration
+### Miscellaneous Tasks
+- Add release-please for automated versioning and changelog
+- Bump version to 2.0.1 for first MITRE RubyGems release
 ## [2.0.0] - 2025-12-05
 ### Added

data/CONTRIBUTING.md CHANGED Viewed

@@ -137,12 +137,58 @@ open coverage/index.html
 ## Release Process
-Releases are managed by project maintainers:
+Releases are automated using [release-please](https://github.com/googleapis/release-please) and managed by project maintainers.
-1. Version bump in `VERSION` file
-2. Update `CHANGELOG.md`
-3. Create release tag (e.g., `v2.0.0`)
-4. GitHub Actions automatically publishes to RubyGems.org
+### How It Works
+1. **Commit with Conventional Commits**: Use prefixes like `feat:`, `fix:`, `docs:`, `chore:`
+   - `feat:` triggers a minor version bump (e.g., 2.0.0 → 2.1.0)
+   - `fix:` triggers a patch version bump (e.g., 2.0.0 → 2.0.1)
+   - `feat!:` or `BREAKING CHANGE:` triggers a major version bump
+2. **Release PR Created Automatically**: When commits are pushed to `main`, release-please creates/updates a Release PR that:
+   - Bumps the version in `VERSION` file
+   - Updates `CHANGELOG.md` with commit messages
+   - Shows the proposed version change
+3. **Merge to Release**: When maintainers merge the Release PR:
+   - A git tag is created (e.g., `v2.1.0`)
+   - GitHub Actions builds and publishes the gem to RubyGems.org
+   - A GitHub Release is created with auto-generated notes
+### Example Workflow
+```bash
+# Make changes with conventional commit messages
+git commit -m "feat: add support for Windows containers"
+git push origin main
+# release-please automatically creates a PR like:
+# "chore(main): release 2.1.0"
+# After review, maintainer merges the PR
+# → Tag v2.1.0 is created
+# → Gem is published to RubyGems.org
+```
+### Manual Releases (Emergency Only)
+For hotfixes that need immediate release without waiting for release-please:
+```bash
+# Update VERSION manually
+echo "2.0.2" > VERSION
+# Update CHANGELOG.md manually
+# Commit, tag, and push
+git add VERSION CHANGELOG.md
+git commit -m "chore: release v2.0.2"
+git tag v2.0.2
+git push origin main --tags
+```
+**Note:** Manual releases should be rare. Prefer the automated release-please flow.
 ## Getting Help

data/DEVELOPMENT.md CHANGED Viewed

@@ -295,21 +295,59 @@ See `.github/workflows/ci.yml` for details.
 ## Releasing
-Releases are automated via GitHub Actions when a tag is pushed:
+Releases are automated using [release-please](https://github.com/googleapis/release-please).
+### Automated Release Process (Recommended)
+1. **Make commits using Conventional Commits format**:
+   ```bash
+   git commit -m "feat: add Windows container support"
+   git commit -m "fix: handle empty shell response"
+   git commit -m "docs: update installation instructions"
+   ```
+2. **Push to main** - release-please will automatically create a Release PR:
+   ```bash
+   git push origin main
+   # release-please creates PR: "chore(main): release 2.1.0"
+   ```
+3. **Review and merge the Release PR** - this triggers:
+   - Version bump in `VERSION` file
+   - `CHANGELOG.md` update
+   - Git tag creation (e.g., `v2.1.0`)
+   - Gem build and publish to RubyGems.org
+   - GitHub Release creation
+### Conventional Commits Cheat Sheet
+| Prefix | Version Bump | Example |
+|--------|-------------|---------|
+| `feat:` | Minor (2.0.0 → 2.1.0) | `feat: add retry logic` |
+| `fix:` | Patch (2.0.0 → 2.0.1) | `fix: handle nil response` |
+| `docs:` | Patch | `docs: update README` |
+| `chore:` | Patch | `chore: update dependencies` |
+| `feat!:` | Major (2.0.0 → 3.0.0) | `feat!: change URI format` |
+### Manual Release (Emergency Only)
+For hotfixes that can't wait for the release-please flow:
 ```bash
 # Update VERSION file
-echo "2.1.0" > VERSION
+echo "2.0.2" > VERSION
+# Update CHANGELOG.md manually
 # Commit and tag
 git add VERSION CHANGELOG.md
-git commit -m "Release v2.1.0"
-git tag v2.1.0
+git commit -m "chore: release v2.0.2"
+git tag v2.0.2
 git push origin main --tags
 ```
-The `release-tag.yml` workflow will:
+The `release-tag.yml` workflow triggers on tag push and will:
 1. Run tests
 2. Build gem
-3. Publish to RubyGems.org
+3. Publish to RubyGems.org (via OIDC trusted publishing)
 4. Create GitHub release

data/README.md CHANGED Viewed

@@ -26,12 +26,14 @@ This plugin allows InSpec/Cinc Auditor to scan containers running in Kubernetes
 ### From RubyGems (Recommended)
+**Important:** Always install Train plugins using `inspec plugin install` or `cinc-auditor plugin install`. Do NOT use `gem install` directly, as this can cause issues with plugin discovery and management.
 ```bash
 # Using Cinc Auditor (recommended - open source, license-free)
-cinc-auditor plugin install train-k8s-container
+cinc-auditor plugin install train-k8s-container-mitre
 # Or using Chef InSpec
-inspec plugin install train-k8s-container
+inspec plugin install train-k8s-container-mitre
 ```
 ### From Source
@@ -40,7 +42,7 @@ inspec plugin install train-k8s-container
 git clone https://github.com/mitre/train-k8s-container.git
 cd train-k8s-container
 gem build train-k8s-container.gemspec
-cinc-auditor plugin install train-k8s-container-*.gem
+cinc-auditor plugin install train-k8s-container-mitre-*.gem
 ```
 ## Prerequisites

data/lib/train-k8s-container/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module TrainPlugins
   module K8sContainer
-    VERSION = File.read(File.expand_path('../../VERSION', __dir__)).strip
+    VERSION = '2.0.3'
   end
 end

data/release-please-config.json CHANGED Viewed

@@ -1,15 +1,13 @@
 {
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
   "release-type": "ruby",
+  "include-component-in-tag": false,
   "packages": {
     ".": {
       "package-name": "train-k8s-container-mitre",
       "changelog-path": "CHANGELOG.md",
       "bump-minor-pre-major": true,
       "bump-patch-for-minor-pre-major": true,
-      "extra-files": [
-        "VERSION"
-      ],
       "version-file": "lib/train-k8s-container/version.rb"
     }
   },

data/train-k8s-container.gemspec CHANGED Viewed

@@ -36,6 +36,28 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
+  spec.post_install_message = <<~MESSAGE
+    ╔════════════════════════════════════════════════════════════════════╗
+    ║  train-k8s-container-mitre installed successfully!                 ║
+    ╠════════════════════════════════════════════════════════════════════╣
+    ║                                                                    ║
+    ║  WARNING: If you installed this gem using 'gem install', you       ║
+    ║  may experience issues with 'inspec plugin list'.                  ║
+    ║                                                                    ║
+    ║  RECOMMENDED: Install using the InSpec/Cinc plugin system:         ║
+    ║                                                                    ║
+    ║    gem uninstall train-k8s-container-mitre                         ║
+    ║    cinc-auditor plugin install train-k8s-container-mitre           ║
+    ║                                                                    ║
+    ║  Or for Chef InSpec:                                               ║
+    ║                                                                    ║
+    ║    inspec plugin install train-k8s-container-mitre                 ║
+    ║                                                                    ║
+    ╚════════════════════════════════════════════════════════════════════╝
+  MESSAGE
   # NOTE: Do not list 'train' or 'inspec' as dependencies.
   # Train plugins are loaded within InSpec's environment, which already provides
   # train, train-core, and all their dependencies. Declaring train as a dependency

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: train-k8s-container-mitre
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.0.3
 platform: ruby
 authors:
 - MITRE SAF Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-12-05 00:00:00.000000000 Z
+date: 2025-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base64
@@ -59,7 +59,6 @@ files:
 - README.md
 - Rakefile
 - SECURITY.md
-- VERSION
 - docs/README.md
 - lib/train-k8s-container-mitre.rb
 - lib/train-k8s-container.rb
@@ -89,7 +88,26 @@ metadata:
   changelog_uri: https://github.com/mitre/train-k8s-container/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/mitre/train-k8s-container/issues
   documentation_uri: https://github.com/mitre/train-k8s-container#readme
-post_install_message:
+post_install_message: |2+
+  ╔════════════════════════════════════════════════════════════════════╗
+  ║  train-k8s-container-mitre installed successfully!                 ║
+  ╠════════════════════════════════════════════════════════════════════╣
+  ║                                                                    ║
+  ║  WARNING: If you installed this gem using 'gem install', you       ║
+  ║  may experience issues with 'inspec plugin list'.                  ║
+  ║                                                                    ║
+  ║  RECOMMENDED: Install using the InSpec/Cinc plugin system:         ║
+  ║                                                                    ║
+  ║    gem uninstall train-k8s-container-mitre                         ║
+  ║    cinc-auditor plugin install train-k8s-container-mitre           ║
+  ║                                                                    ║
+  ║  Or for Chef InSpec:                                               ║
+  ║                                                                    ║
+  ║    inspec plugin install train-k8s-container-mitre                 ║
+  ║                                                                    ║
+  ╚════════════════════════════════════════════════════════════════════╝
 rdoc_options: []
 require_paths:
 - lib
@@ -110,3 +128,4 @@ specification_version: 4
 summary: Train transport plugin for scanning Kubernetes containers with InSpec/Cinc
   Auditor.
 test_files: []
+...

data/VERSION DELETED Viewed

	@@ -1 +0,0 @@
1	- 2.0.1