uv-sbom 2.2.0

SBOM generation tool for uv projects - Generate CycloneDX SBOMs from uv.lock files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

# Release Checklist for uv-sbom

This document outlines the steps to release a new version of uv-sbom.

## Pre-release Checklist

### 1. Code Quality Verification

```bash
# Run all tests
cargo test --all

# Run clippy
cargo clippy --all-targets --all-features -- -D warnings

# Format check
cargo fmt --all -- --check

# Build release binary
cargo build --release

# Verify binary works
./target/release/uv-sbom --version
./target/release/uv-sbom --help
```

### 2. Update Version Numbers

Update version in the following files:
- [ ] `Cargo.toml` - Update `version` field
- [ ] `CHANGELOG.md` - Move items from `[Unreleased]` to new version section
- [ ] `README.md` - Update version numbers in installation examples (if showing specific version)

### 3. Update CHANGELOG.md

1. Move items from `[Unreleased]` section to new version section with date
2. Add comparison link at bottom of file:
   ```markdown
   [0.2.0]: https://github.com/Taketo-Yoda/uv-sbom/compare/v0.1.0...v0.2.0
   [0.1.0]: https://github.com/Taketo-Yoda/uv-sbom/releases/tag/v0.1.0
   ```

### 4. Commit and Tag

```bash
# Commit version bump
git add Cargo.toml CHANGELOG.md README.md
git commit -m "chore: bump version to v0.x.0"

# Create and push tag
git tag -a v0.x.0 -m "Release v0.x.0"
git push origin main
git push origin v0.x.0
```

## Release Process

### 5. GitHub Actions Automatic Build

After pushing the tag, GitHub Actions will automatically:
1. Build binaries for all supported platforms
2. Create a GitHub Release
3. Upload binary artifacts

**Monitor the workflow**: https://github.com/Taketo-Yoda/uv-sbom/actions

### 6. Publish to crates.io

```bash
# Dry run first
cargo publish --dry-run

# Actual publish
cargo publish
```

**Note**: You need to login first with `cargo login` if you haven't already.

### 7. Verify Release

- [ ] Check GitHub Release page: https://github.com/Taketo-Yoda/uv-sbom/releases
- [ ] Download and test each platform's binary
- [ ] Verify crates.io page: https://crates.io/crates/uv-sbom
- [ ] Test installation from crates.io: `cargo install uv-sbom`

## Post-release Tasks

### 8. Announcements (Optional)

- [ ] Update project homepage if exists
- [ ] Post on Reddit (r/rust, r/python)
- [ ] Tweet about the release
- [ ] Update documentation sites

### 9. Prepare for Next Development Cycle

```bash
# Create [Unreleased] section in CHANGELOG.md
```

## Troubleshooting

### GitHub Actions Build Fails

1. Check the Actions logs: https://github.com/Taketo-Yoda/uv-sbom/actions
2. Fix the issue in the code
3. Delete the tag: `git tag -d v0.x.0 && git push origin :refs/tags/v0.x.0`
4. Fix and re-tag

### crates.io Publish Fails

Common issues:
- Missing required fields in `Cargo.toml` (description, license, etc.)
- Package size too large (check `exclude` in `Cargo.toml`)
- Existing version already published (can't republish the same version)

### Binary Download Issues

If users report download issues:
1. Verify all artifacts uploaded correctly in GitHub Release
2. Check file permissions
3. Verify SHA256 checksums match

## Version Numbering

We follow [Semantic Versioning](https://semver.org/):

- **MAJOR** (1.x.x): Breaking changes
- **MINOR** (x.1.x): New features, backward compatible
- **PATCH** (x.x.1): Bug fixes, backward compatible

## Release Schedule

- Patch releases: As needed for critical bugs
- Minor releases: When new features are ready
- Major releases: When breaking changes are necessary

---

Last updated: 2025-01-02