- Remove type=sha tags that were producing invalid formats like ':-f0d0654'
- Keep latest/dev tags for branches and semver tags for releases
- SHA is still tracked via image digest and labels
- Add format=short to SHA tags to prevent malformed tags
- Standardize dev tag naming across workflows (was 'development')
- Ensure branch name is properly included in SHA prefix
- Add Trivy vulnerability scanner after image build
- Upload SARIF results to GitHub Security tab
- Display critical/high severity issues in workflow logs
- Add security-events permission for SARIF upload
- Skip scanning on pull requests to save time
- Change ruff>=0.15 to ruff>=0.6.0 (0.15 doesn't exist yet)
- Replace CPMP_GHCR_TOKEN with GITHUB_TOKEN for GHCR authentication
- GITHUB_TOKEN is automatically provided by GitHub Actions with correct permissions
Major Updates:
- Rewrote all docs in beginner-friendly 'ELI5' language
- Created docs index with user journey navigation
- Added complete getting-started guide for novice users
- Set up GitHub Container Registry (GHCR) automation
- Configured GitHub Pages deployment for documentation
Documentation:
- docs/index.md - Central navigation hub
- docs/getting-started.md - Step-by-step beginner guide
- docs/github-setup.md - CI/CD setup instructions
- README.md - Complete rewrite in accessible language
- CONTRIBUTING.md - Contributor guidelines
- Multiple comprehensive API and schema docs
CI/CD Workflows:
- .github/workflows/docker-build.yml - Multi-platform builds to GHCR
- .github/workflows/docs.yml - Automated docs deployment to Pages
- Supports main (latest), development (dev), and version tags
- Automated testing of built images
- Beautiful documentation site with dark theme
Benefits:
- Zero barrier to entry for new users
- Automated Docker builds (AMD64 + ARM64)
- Professional documentation site
- No Docker Hub account needed (uses GHCR)
- Complete CI/CD pipeline
All 7 implementation phases complete - project is production ready!
