ghcr-manager 0.9.10 → 1.0.1

package/CHANGELOG.md

@@ -7,6 +7,35 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ## [Unreleased]
 
+## [v1.0.1] - 2026-06-05
+
+### Fixed
+
+- The GitHub release job now grants correct permissions.
+
+## [v1.0.0] - 2026-06-05
+
+`v1.0.0` is the first stable `v1.x` release of `ghcr-manager`.
+
+This milestone reflects the current project shape after repeated live testing, cleanup-planner tuning, visualizer
+refinement, and a full documentation pass.
+
+### Added
+
+- Added one merged graph-scenario SQLite database to the GitHub release assets as
+  `ghcr-manager-release-scenarios.sqlite`, so users can explore real before/after cleanup cases immediately in the
+  visualizer.
+- Added dedicated user docs for live test scenarios, package setup, and the workflow-to-visualizer path.
+
+### Changed
+
+- The release workflow now builds and attaches the merged scenario DB as part of the GitHub release publish flow.
+- Visualizer docs are now centered on one canonical `visualizer/README.md`, with richer screenshots and a release-asset
+  quick-demo path.
+- README and companion docs now explain the stable action/CLI/visualizer workflows more directly, including permission
+  guidance for dry-runs versus live cleanup and explicit Node.js 24 requirements for local npm installs.
+- Visualizer node labeling was clarified so manifest metadata is easier to interpret during graph inspection.
+
 ## [0.9.10] - 2026-06-04
 
 ### Changed

package/README.md

@@ -5,13 +5,19 @@
 [![Immutable Releases](https://img.shields.io/badge/releases-immutable-blue?labelColor=333)](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases)
 [![Tests](https://img.shields.io/github/actions/workflow/status/ghcr-manager/ghcr-manager/.github/workflows/ci_change-validation.yml?branch=main&label=test&style=flat-square)](https://github.com/ghcr-manager/ghcr-manager/actions/workflows/ci_change-validation.yml)
 
-Inspect, review, and manage GitHub Container Registry packages.
+Inspect, analyze, and manage large GitHub Container Registry packages.
 
 `ghcr-manager` is a GitHub Action for:
 
-- scanning one GHCR package into a SQLite database artifact
-- running cleanup with a GitHub step summary and optional DB artifact
-- previewing cleanup decisions with `dry-run` before making changes
+- scan GHCR packages: into SQLite database artifacts
+- cleanup packages: with a GitHub step summary and optional DB artifact
+- preview cleanup: with `dry-run` before making changes
+- visualize graphs: and their changes with the
+  [visualizer](https://github.com/ghcr-manager/ghcr-manager/blob/main/visualizer/README.md)
+
+![Example compare view: red-bordered manifests are present in the older scan and removed in the newer one.](https://raw.githubusercontent.com/ghcr-manager/ghcr-manager/main/docs/images/visualizer/graph-2images-cosign--wide.png "Example compare view: red-bordered manifests are present in the older scan and removed in the newer one.")
+
+_Example graph compare view: red-bordered manifests are present in the older scan and removed in the newer one._
 
 ## Quick Start
 
@@ -32,7 +38,7 @@ jobs:
 
       - name: Preview GHCR cleanup
         id: ghcr-manager
-        uses: ghcr-manager/ghcr-manager@0.9.10
+        uses: ghcr-manager/ghcr-manager@v1.0.1
         with:
           command: cleanup
           token: ${{ github.token }}
@@ -46,6 +52,12 @@ jobs:
           upload-artifacts: true
 ```
 
+> Permission notes:
+>
+> - `scan` and `cleanup` dry-runs need `packages: read`
+> - live `cleanup` that mutates GHCR needs `packages: write`
+> - artifact upload needs `actions: write`
+
 After the run:
 
 1. Open the GitHub step summary for the action run.
@@ -69,7 +81,7 @@ The action supports two commands:
 ### Preview cleanup
 
 ```yaml
-- uses: ghcr-manager/ghcr-manager@0.9.10
+- uses: ghcr-manager/ghcr-manager@v1.0.1
   with:
     command: cleanup
     token: ${{ github.token }}
@@ -90,7 +102,7 @@ The action supports two commands:
 ### Apply cleanup
 
 ```yaml
-- uses: ghcr-manager/ghcr-manager@0.9.10
+- uses: ghcr-manager/ghcr-manager@v1.0.1
   with:
     command: cleanup
     token: ${{ github.token }}
@@ -106,10 +118,13 @@ If `scan-after-cleanup` is `true`, `cleanup` performs a second scan so the uploa
 
 Note: the second scan only runs if cleanup actually makes changes.
 
+Live cleanup permission note: change the workflow permission from `packages: read` to `packages: write` before turning
+off `dry-run`.
+
 ### Scan one package
 
 ```yaml
-- uses: ghcr-manager/ghcr-manager@0.9.10
+- uses: ghcr-manager/ghcr-manager@v1.0.1
   with:
     command: scan
     token: ${{ github.token }}
@@ -182,13 +197,46 @@ Current naming:
 
 ## Documentation Map
 
-- [GitHub Action usage](docs/action-usage.md): action commands, including `cleanup` and `scan`
-- [Visualizer](docs/visualizer.md): local graph inspection and scan-to-scan comparison
-- [Multi-package workflows](docs/db-merge-workflows.md): cleaning up multiple packages with one combined DB
-- [SQLite schema guide](docs/schema-description.md): practical explanation of the SQLite schema
-- [CLI usage](docs/cli-usage.md): companion CLI usage
+- [GitHub Action usage](https://github.com/ghcr-manager/ghcr-manager/blob/main/docs/action-usage.md): action commands,
+  including `cleanup` and `scan`
+- [Visualizer](https://github.com/ghcr-manager/ghcr-manager/blob/main/visualizer/README.md): local graph inspection and
+  scan-to-scan comparison
+- [Multi-package workflows](https://github.com/ghcr-manager/ghcr-manager/blob/main/docs/db-merge-workflows.md): cleaning
+  up multiple packages with one combined DB
+- [SQLite schema guide](https://github.com/ghcr-manager/ghcr-manager/blob/main/docs/schema-description.md): practical
+  explanation of the SQLite schema
+- [CLI usage](https://github.com/ghcr-manager/ghcr-manager/blob/main/docs/cli-usage.md): companion CLI usage
+
+## Explore A Real Scenario DB
+
+The release assets also include one merged SQLite DB from `ghcr-manager`'s live scenario workflows. You can use it as a
+quick visualizer demo and as a compact way to inspect dozens of real cleanup and graph cases.
+
+```sh
+curl -LO https://github.com/ghcr-manager/ghcr-manager/releases/latest/download/ghcr-manager-release-scenarios.sqlite
+npx ghcr-manager-visualizer --db ./ghcr-manager-release-scenarios.sqlite
+```
+
+For a first look in the visualizer, start with:
+
+- owner: `ghcr-manager-test`
+- package: select one with `2images` or `2multiarch` in the name
+- tag search: `image` or `multiarch`
+
+For more details, see
+[visualizer/README.md](https://github.com/ghcr-manager/ghcr-manager/blob/main/visualizer/README.md).
+
+## Project
+
+Main project and issue tracker:
+
+- Repository: <https://github.com/ghcr-manager/ghcr-manager>
+- Issues: <https://github.com/ghcr-manager/ghcr-manager/issues>
 
-## Acknowledgment
+## Similar Tools
 
-This project was influenced by [dataaxiom/ghcr-cleanup-action](https://github.com/dataaxiom/ghcr-cleanup-action), with a
-similar problem focus and a different implementation approach.
+- [ghcr-manager/ghcr-untag-action](https://github.com/ghcr-manager/ghcr-untag-action): focused tag removal without the
+  broader scan and cleanup workflow.
+- [dataaxiom/ghcr-cleanup-action](https://github.com/dataaxiom/ghcr-cleanup-action): another GHCR cleanup action with a
+  similar problem focus.
+- [mkoepf/ghcrctl](https://github.com/mkoepf/ghcrctl): CLI tooling for working with GHCR packages and graph deletions.

package/package.json

@@ -10,7 +10,7 @@
     "url": "https://github.com/ghcr-manager/ghcr-manager"
   },
   "license": "MIT",
-  "version": "0.9.10",
+  "version": "v1.0.1",
   "type": "module",
   "workspaces": [
     "visualizer"