Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CODEOWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,5 @@
# Define the code owners for the repository manually
# See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
# for more information

* @szymonmaszke
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ SPDX-License-Identifier: Apache-2.0
<!-- pyml disable-num-lines 30 line-length-->

<p align="center">
<em>Commit-based semantic versioning — verifiable, immutable, and tag-free.</em>
<em>Commit-based semantic versioning - highly configurable and tag-free.</em>
</p>

<div align="center">
Expand Down Expand Up @@ -73,6 +73,8 @@ Semantic versioning based on Git tags has a few limitations:
[__Double versioning scheme__](https://open-nudge.github.io/comver/tutorials/why);
one version for technical changes, another for public releases is
a viable mitigation.
- Tag creation by `bot`s (e.g. during automated releases) lead to problems
with `branch protection` (see [here](https://github.com/orgs/community/discussions/25305)).
- Not all commits are relevant for release versions
(e.g., CI changes, bot updates, or tooling config),
yet many schemes count them in. With filtering, `comver` can exclude
Expand Down
21 changes: 15 additions & 6 deletions SECURITY-SELF-ASSESSMENT.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,15 @@ Source: https://tag-security.cncf.io/community/assessments/guide/self-assessment

## Overview

Commit-based semantic versioning — verifiable, immutable, and tag-free.
Commit-based semantic versioning - highly configurable and tag-free.

### Background

TBD
Tool creating versions directly from commits (no tag creation, no tag usage),
which makes it largely immutable.

Usable with any language as long as the project is git based, but
created in and tailored largely towards Python.

### Actors

Expand All @@ -69,15 +73,18 @@ TBD

### Actions

TBD
- All security features are provided by
[opentemplate](https://github.com/open-nudge/opentemplate) [](templateskip)

### Goals

TBD
Making [semantic versioning](https://semver.org/) more reliable
and flexible by introducing double versioning scheme.

### Non-goals

TBD
Changing current software versioning standards; this project looks to build
upon them and improve the weak points.

## Self-assessment use

Expand Down Expand Up @@ -147,7 +154,9 @@ file.

### Incident response

TBD
As defined in [`SECURITY.md`](https://github.com/open-nudge/cogeol/blob/master/SECURITY.md#reporting-a-vulnerability.),
usually response should take up to a few working days, if not please reach out
at `security@opennudge.com`.

## Appendix

Expand Down
3 changes: 2 additions & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ requires = [
[project]
name = "comver"

description = "Commit-based semantic versioning — verifiable, immutable, and tag-free."
description = "Commit-based semantic versioning - highly configurable and tag-free."
readme = "README.md"

license = "Apache-2.0"
Expand Down Expand Up @@ -426,6 +426,7 @@ ignore_undeclared = [
]

ignore_unused = [
"hatchling",
"basedpyright",
"cairosvg",
"cffconvert",
Expand Down
3 changes: 2 additions & 1 deletion src/comver/_version.py
Original file line number Diff line number Diff line change
Expand Up @@ -511,7 +511,8 @@ def from_message( # noqa: PLR0913
if unrecognized_message == "error":
raise error.MessageUnrecognizedError(message)

return version
# Based on hypothesis testing this line may not run
return version # pragma: no cover

@classmethod
def from_string(cls, version: str) -> Version:
Expand Down
Loading