train-k8s-container-mitre 2.1.0 → 2.2.0

data/CHANGELOG.md

@@ -5,6 +5,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.2.0](https://github.com/mitre/train-k8s-container/compare/v2.1.1...v2.2.0) (2025-12-24)
+
+
+### Features
+
+* Add BEADS-BOARD.md and v1/v2 comparison test data ([35bbf46](https://github.com/mitre/train-k8s-container/commit/35bbf46fc25d84ef88e9953a628cf3a4aa8d2da0))
+
+## [2.1.1](https://github.com/mitre/train-k8s-container/compare/v2.1.0...v2.1.1) (2025-12-12)
+
+
+### Bug Fixes
+
+* Parse PR number from JSON in auto-merge step ([09a3667](https://github.com/mitre/train-k8s-container/commit/09a3667cb67010c58837d3ff1ddcf5b197dc3d0d))
+
+
+### Documentation
+
+* Add ARCHITECTURE.md with technical overview ([acfe73a](https://github.com/mitre/train-k8s-container/commit/acfe73a5ad16faa9b481d0c7802d2a8f6f64efb9))
+* Enhance ARCHITECTURE.md with comprehensive technical details ([519675d](https://github.com/mitre/train-k8s-container/commit/519675db04d3766ac3d00575989e748da738a7ea))
+* Fix inaccurate claims in README acknowledgments ([fa2e53c](https://github.com/mitre/train-k8s-container/commit/fa2e53c0eee41638edfa04a583bdcea4fd7eb272))
+* Update release process documentation for automated workflow ([23d1fcf](https://github.com/mitre/train-k8s-container/commit/23d1fcfb38b1415c12029564b92dbcb9df34715d))
+
 ## [2.1.0](https://github.com/mitre/train-k8s-container/compare/v2.0.3...v2.1.0) (2025-12-12)
 
 

data/CONTRIBUTING.md

@@ -135,60 +135,149 @@ open coverage/index.html
 5. **CI Passing**: All GitHub Actions checks must pass
 6. **Merge**: Maintainers will merge approved PRs
 
-## Release Process
+## Versioning and Commit Messages
+
+This project uses [Conventional Commits](https://www.conventionalcommits.org/) and [Semantic Versioning](https://semver.org/). Your commit message prefix determines how the version number changes.
+
+**Official References:**
+- [Conventional Commits Specification](https://www.conventionalcommits.org/en/v1.0.0/)
+- [Angular Commit Message Guidelines](https://github.com/angular/angular/blob/main/CONTRIBUTING.md#-commit-message-format) (original source)
+- [Semantic Versioning](https://semver.org/)
+
+### Commit Prefix → Version Bump
+
+| Commit Prefix | Version Change | When to Use |
+|---------------|----------------|-------------|
+| `feat:` | **Minor** (2.0.0 → 2.1.0) | New features, capabilities, or enhancements |
+| `fix:` | **Patch** (2.0.0 → 2.0.1) | Bug fixes, corrections, error handling |
+| `docs:` | **Patch** | Documentation changes only |
+| `style:` | **Patch** | Code style, formatting (no logic change) |
+| `refactor:` | **Patch** | Code restructuring (no behavior change) |
+| `perf:` | **Patch** | Performance improvements |
+| `test:` | **Patch** | Adding or updating tests |
+| `chore:` | **Patch** | Maintenance, dependencies, tooling |
+| `ci:` | **Patch** | CI/CD pipeline changes |
+| `build:` | **Patch** | Build system changes |
+| `revert:` | **Patch** | Reverting a previous commit |
+| `feat!:` | **Major** (2.0.0 → 3.0.0) | Breaking changes (note the `!`) |
+| `fix!:` | **Major** | Breaking bug fix |
+| `BREAKING CHANGE:` | **Major** | In commit body, forces major bump |
+
+### Type Descriptions
+
+- **feat**: A new feature for the user (not a build script feature)
+- **fix**: A bug fix for the user (not a build script fix)
+- **docs**: Documentation only changes (README, CONTRIBUTING, inline docs)
+- **style**: Changes that don't affect code meaning (whitespace, formatting, semicolons)
+- **refactor**: Code change that neither fixes a bug nor adds a feature
+- **perf**: Code change that improves performance
+- **test**: Adding missing tests or correcting existing tests
+- **chore**: Changes to build process, auxiliary tools, libraries
+- **ci**: Changes to CI configuration files and scripts
+- **build**: Changes that affect the build system or external dependencies
+- **revert**: Reverts a previous commit (include reverted commit SHA in body)
+
+### Examples
 
-Releases are automated using [release-please](https://github.com/googleapis/release-please) and managed by project maintainers.
+```bash
+# Patch version bump (2.1.0 → 2.1.1)
+git commit -m "fix: handle nil response in platform detection"
+git commit -m "docs: update installation instructions"
+git commit -m "chore: update rubocop dependency"
+git commit -m "test: add integration tests for Alpine containers"
 
-### How It Works
+# Minor version bump (2.1.0 → 2.2.0)
+git commit -m "feat: add support for Windows containers"
+git commit -m "feat: add retry logic for transient kubectl failures"
 
-1. **Commit with Conventional Commits**: Use prefixes like `feat:`, `fix:`, `docs:`, `chore:`
-   - `feat:` triggers a minor version bump (e.g., 2.0.0 → 2.1.0)
-   - `fix:` triggers a patch version bump (e.g., 2.0.0 → 2.0.1)
-   - `feat!:` or `BREAKING CHANGE:` triggers a major version bump
+# Major version bump (2.1.0 → 3.0.0)
+git commit -m "feat!: change URI format to k8s://namespace/pod/container"
+git commit -m "fix!: remove deprecated connection options"
+```
 
-2. **Release PR Created Automatically**: When commits are pushed to `main`, release-please creates/updates a Release PR that:
-   - Bumps the version in `VERSION` file
-   - Updates `CHANGELOG.md` with commit messages
-   - Shows the proposed version change
+### Commit Message Format
 
-3. **Merge to Release**: When maintainers merge the Release PR:
-   - A git tag is created (e.g., `v2.1.0`)
-   - GitHub Actions builds and publishes the gem to RubyGems.org
-   - A GitHub Release is created with auto-generated notes
+```
+<type>(<optional scope>): <description>
 
-### Example Workflow
+[optional body]
 
+[optional footer(s)]
+```
+
+**Examples:**
 ```bash
-# Make changes with conventional commit messages
-git commit -m "feat: add support for Windows containers"
-git push origin main
+# Simple
+git commit -m "fix: handle empty shell response"
 
-# release-please automatically creates a PR like:
-# "chore(main): release 2.1.0"
+# With scope
+git commit -m "feat(platform): add FreeBSD detection"
 
-# After review, maintainer merges the PR
-# → Tag v2.1.0 is created
-# → Gem is published to RubyGems.org
+# With body
+git commit -m "feat: add Windows container support
+
+This adds support for Windows containers running in Kubernetes.
+Tested with Windows Server 2022 and Windows Server Core images."
+
+# Breaking change with body
+git commit -m "feat!: require Ruby 3.1+
+
+BREAKING CHANGE: Ruby 2.7 and 3.0 are no longer supported.
+This allows us to use pattern matching and other Ruby 3.1 features."
 ```
 
-### Manual Releases (Emergency Only)
+## Release Process
 
-For hotfixes that need immediate release without waiting for release-please:
+Releases are **fully automated** using [release-please](https://github.com/googleapis/release-please) with auto-merge enabled.
 
-```bash
-# Update VERSION manually
-echo "2.0.2" > VERSION
+### How It Works
+
+1. **Release PR Created Automatically**: When commits are pushed to `main`, release-please creates/updates a Release PR with auto-merge enabled that:
+   - Bumps the version in `lib/train-k8s-container/version.rb`
+   - Updates `CHANGELOG.md` with commit messages
+   - Shows the proposed version change
+
+2. **Auto-Merge When CI Passes**: The Release PR automatically merges once all CI checks pass:
+   - Unit tests (Ruby 3.1, 3.2, 3.3)
+   - Integration tests (Kubernetes 1.29, 1.30, 1.31)
+   - Security audit
+   - Branch protection enforces all checks must pass
+
+3. **Automatic Publishing**: After merge, release-please creates a GitHub Release which triggers:
+   - Gem build
+   - Publish to RubyGems.org (via OIDC trusted publishing)
+   - Gem artifact attached to GitHub Release
+
+### Complete Automated Flow
 
-# Update CHANGELOG.md manually
+```
+Push commit → CI runs → Release PR created (auto-merge enabled)
+                                    ↓
+                            CI passes on PR
+                                    ↓
+                            PR auto-merges
+                                    ↓
+                        GitHub Release created
+                                    ↓
+                        Gem published to RubyGems
+```
+
+### Example
+
+```bash
+# Make changes with conventional commit messages
+git commit -m "feat: add support for Windows containers"
+git push origin main
 
-# Commit, tag, and push
-git add VERSION CHANGELOG.md
-git commit -m "chore: release v2.0.2"
-git tag v2.0.2
-git push origin main --tags
+# Everything else is automatic:
+# 1. release-please creates PR: "chore(main): release 2.2.0"
+# 2. CI runs on the PR
+# 3. PR auto-merges when CI passes
+# 4. Tag v2.2.0 is created
+# 5. Gem is published to RubyGems.org
 ```
 
-**Note:** Manual releases should be rare. Prefer the automated release-please flow.
+No manual intervention required for releases.
 
 ## Getting Help
 

data/DEVELOPMENT.md

@@ -295,29 +295,24 @@ See `.github/workflows/ci.yml` for details.
 
 ## Releasing
 
-Releases are automated using [release-please](https://github.com/googleapis/release-please).
+Releases are **fully automated** using [release-please](https://github.com/googleapis/release-please) with auto-merge enabled. No manual intervention required.
 
-### Automated Release Process (Recommended)
+### How It Works
 
-1. **Make commits using Conventional Commits format**:
+1. **Push commits with Conventional Commits format**:
    ```bash
    git commit -m "feat: add Windows container support"
    git commit -m "fix: handle empty shell response"
-   git commit -m "docs: update installation instructions"
-   ```
-
-2. **Push to main** - release-please will automatically create a Release PR:
-   ```bash
    git push origin main
-   # release-please creates PR: "chore(main): release 2.1.0"
    ```
 
-3. **Review and merge the Release PR** - this triggers:
-   - Version bump in `VERSION` file
-   - `CHANGELOG.md` update
-   - Git tag creation (e.g., `v2.1.0`)
-   - Gem build and publish to RubyGems.org
-   - GitHub Release creation
+2. **Automatic flow**:
+   - Release-please creates/updates a Release PR with auto-merge enabled
+   - CI runs on the PR (unit tests, integration tests, security audit)
+   - Branch protection requires all checks to pass
+   - PR auto-merges when CI is green
+   - Release-please creates a GitHub Release
+   - `release-tag.yml` triggers and publishes gem to RubyGems.org
 
 ### Conventional Commits Cheat Sheet
 
@@ -329,25 +324,28 @@ Releases are automated using [release-please](https://github.com/googleapis/rele
 | `chore:` | Patch | `chore: update dependencies` |
 | `feat!:` | Major (2.0.0 → 3.0.0) | `feat!: change URI format` |
 
-### Manual Release (Emergency Only)
-
-For hotfixes that can't wait for the release-please flow:
-
-```bash
-# Update VERSION file
-echo "2.0.2" > VERSION
-
-# Update CHANGELOG.md manually
+### Complete Flow Diagram
 
-# Commit and tag
-git add VERSION CHANGELOG.md
-git commit -m "chore: release v2.0.2"
-git tag v2.0.2
-git push origin main --tags
 ```
+Push commit → CI runs on main → Release-please creates PR (auto-merge on)
+                                              ↓
+                                     CI runs on PR
+                                              ↓
+                                   PR auto-merges when green
+                                              ↓
+                                 GitHub Release created (v2.x.x)
+                                              ↓
+                               release-tag.yml triggers
+                                              ↓
+                              Gem published to RubyGems.org
+```
+
+### Key Files
 
-The `release-tag.yml` workflow triggers on tag push and will:
-1. Run tests
-2. Build gem
-3. Publish to RubyGems.org (via OIDC trusted publishing)
-4. Create GitHub release
+| File | Purpose |
+|------|---------|
+| `lib/train-k8s-container/version.rb` | VERSION constant (updated by release-please) |
+| `release-please-config.json` | Release-please configuration |
+| `.release-please-manifest.json` | Current version tracking |
+| `.github/workflows/release-please.yml` | Creates PRs with auto-merge |
+| `.github/workflows/release-tag.yml` | Publishes gem on release |

data/README.md

@@ -2,6 +2,7 @@
 
 A Train transport plugin that enables Chef InSpec and Cinc Auditor to execute compliance checks against containers running in Kubernetes clusters via kubectl exec.
 
+[![Gem Version](https://badge.fury.io/rb/train-k8s-container-mitre.svg)](https://badge.fury.io/rb/train-k8s-container-mitre)
 [![CI](https://github.com/mitre/train-k8s-container/actions/workflows/ci.yml/badge.svg)](https://github.com/mitre/train-k8s-container/actions/workflows/ci.yml)
 [![Security](https://github.com/mitre/train-k8s-container/actions/workflows/security.yml/badge.svg)](https://github.com/mitre/train-k8s-container/actions/workflows/security.yml)
 
@@ -29,7 +30,7 @@ This plugin allows InSpec/Cinc Auditor to scan containers running in Kubernetes
 **Important:** Always install Train plugins using `inspec plugin install` or `cinc-auditor plugin install`. Do NOT use `gem install` directly, as this can cause issues with plugin discovery and management.
 
 ```bash
-# Using Cinc Auditor (recommended - open source, license-free)
+# Using Cinc Auditor (open source, license-free)
 cinc-auditor plugin install train-k8s-container-mitre
 
 # Or using Chef InSpec
@@ -204,6 +205,18 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
 4. Run `bundle exec rspec && bundle exec rake style`
 5. Submit a pull request
 
+### Versioning
+
+This project uses [Conventional Commits](https://www.conventionalcommits.org/) for automated releases:
+
+| Commit Prefix | Version Bump | Example |
+|---------------|--------------|---------|
+| `feat:` | Minor (2.1.0) | New features |
+| `fix:` | Patch (2.0.1) | Bug fixes |
+| `feat!:` | Major (3.0.0) | Breaking changes |
+
+See [CONTRIBUTING.md](CONTRIBUTING.md#versioning-and-commit-messages) for full details.
+
 ## Security
 
 See [SECURITY.md](SECURITY.md) for security policy and reporting vulnerabilities.
@@ -224,13 +237,12 @@ This project is maintained by the MITRE SAF (Security Automation Framework) team
 
 ## Acknowledgments
 
-This project is a fork of [inspec/train-k8s-container](https://github.com/inspec/train-k8s-container), significantly enhanced with:
+This project is a fork of [inspec/train-k8s-container](https://github.com/inspec/train-k8s-container), enhanced with:
 
 - Train v2 plugin architecture
 - Detect+Context platform detection pattern
 - Comprehensive CI/CD with pod-to-pod testing
-- Security hardening and SBOM generation
-- MITRE SAF ecosystem integration
+- Automated releases via release-please
 
 ---