EdgePlug is a multi-component repository. Version tags and release notes may refer to one or more of:
marketplace/— Go API and Docker imageui/— npm package@edgeplug/uiruntime/— embedded firmware runtimemodels/— ML training and conversion toolingmarketplace/desktop/— Electron desktop client
- Use semantic versioning per artifact where it is published (for example
v1.2.0for the API image, separate tags for UI package bumps if published to a registry). - Document in each GitHub Release which components changed and any migration steps.
- Prefer meaningful commit messages; optionally adopt Conventional Commits to drive automated changelog generation.
- For user-visible API or manifest (
manifest.proto) changes, call them out explicitly in release notes.
- Go: run
govulncheck ./...frommarketplace/before tagging (also enforced in CI). - Container images: rebuild from pinned base images; SBOM generation is configured in
.github/workflows/marketplace.ymlfor pushes tomainand for tags. - JavaScript: lockfiles under
ui/andmarketplace/desktop/; Dependabot updates are configured in.github/dependabot.yml. - Python: lockfile
models/uv.lock; sync withuv lockafter changingmodels/pyproject.toml.
Configure in Settings → Branches (or org rulesets):
- Require pull request reviews before merging to
main. - Require status checks to pass (UI, Marketplace, Runtime, Models, Desktop as applicable).
- Enable secret scanning and push protection where available.
These items cannot be committed as files; they are enforced on the hosting platform.