{"id":32422689,"url":"https://github.com/raulgomis/semversioner","last_synced_at":"2025-10-25T18:53:55.001Z","repository":{"id":37041490,"uuid":"302907475","full_name":"raulgomis/semversioner","owner":"raulgomis","description":"The easiest way to manage semantic versioning in your project and generate CHANGELOG.md file automatically.","archived":false,"fork":false,"pushed_at":"2025-07-23T12:36:10.000Z","size":145,"stargazers_count":41,"open_issues_count":7,"forks_count":7,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-25T08:23:34.168Z","etag":null,"topics":["cicd","devops","semver","versioning"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/raulgomis.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-10-10T13:25:03.000Z","updated_at":"2025-08-23T20:34:52.000Z","dependencies_parsed_at":"2023-12-24T07:08:34.049Z","dependency_job_id":"4116d6a2-61ef-4283-a6e4-e98f07c9e92e","html_url":"https://github.com/raulgomis/semversioner","commit_stats":{"total_commits":61,"total_committers":7,"mean_commits":8.714285714285714,"dds":0.3770491803278688,"last_synced_commit":"477eafe4481e61535ff8ced08444615ac274a267"},"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"purl":"pkg:github/raulgomis/semversioner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raulgomis%2Fsemversioner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raulgomis%2Fsemversioner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raulgomis%2Fsemversioner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raulgomis%2Fsemversioner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/raulgomis","download_url":"https://codeload.github.com/raulgomis/semversioner/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raulgomis%2Fsemversioner/sbom","scorecard":{"id":762812,"data":{"date":"2025-08-11","repo":{"name":"github.com/raulgomis/semversioner","commit":"377de8ccf3c38adbc44af170c9e9b704d8fd127c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":9,"reason":"11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":1,"reason":"Found 2/15 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-and-publish.yml:1","Warn: no topLevel permission defined: .github/workflows/build-and-test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/raulgomis/semversioner/build-and-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/raulgomis/semversioner/build-and-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-publish.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/raulgomis/semversioner/build-and-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-publish.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/raulgomis/semversioner/build-and-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-publish.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/raulgomis/semversioner/build-and-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/raulgomis/semversioner/build-and-test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/raulgomis/semversioner/build-and-test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/raulgomis/semversioner/build-and-test.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/build-and-publish.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/build-and-publish.yml:53","Warn: pipCommand not pinned by hash: .github/workflows/build-and-publish.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/build-and-publish.yml:23","Warn: pipCommand not pinned by hash: .github/workflows/build-and-publish.yml:24","Warn: pipCommand not pinned by hash: .github/workflows/build-and-test.yml:23","Warn: pipCommand not pinned by hash: .github/workflows/build-and-test.yml:24","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T23:52:10.300Z","repository_id":37041490,"created_at":"2025-08-22T23:52:10.300Z","updated_at":"2025-08-22T23:52:10.300Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281003915,"owners_count":26428018,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-25T02:00:06.499Z","response_time":81,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cicd","devops","semver","versioning"],"created_at":"2025-10-25T18:53:51.983Z","updated_at":"2025-10-25T18:53:54.996Z","avatar_url":"https://github.com/raulgomis.png","language":"Python","readme":"# Semversioner\n\nThe easiest way to manage [semantic versioning](https://semver.org/) in your project and generate CHANGELOG.md file automatically.\n\nSemversioner will provide the tooling to automate semver release process for libraries, docker images, etc.\n\nThis project was inspired by the way AWS manages their versioning for [AWS-cli](https://github.com/aws/aws-cli/).\n\n## Semantic Versioning\n\nThe [semantic versioning](https://semver.org/) spec involves several possible variations, but to simplify, in _Semversioner_ we are using the three-part version number:\n\n`\u003cmajor\u003e.\u003cminor\u003e.\u003cpatch\u003e`\n\nConstructed with the following guidelines:\n\n- Breaking backward compatibility or major features bumps the major (and resets the minor and patch).\n- New additions without breaking backward compatibility bumps the minor (and resets the patch).\n- Bug fixes and misc changes bumps the patch.\n\nAn example would be 1.0.0\n\n## How it works\n\nAt any given time, the ``.semversioner/`` directory looks like:\n\n    .semversioner\n    └── next-release\n        ├── minor-20181227010225.json\n        └── major-20181228010225.json\n    ├── 1.1.0.json\n    ├── 1.1.1.json\n    ├── 1.1.2.json\n\nThe release process takes everything in ``next-release`` and aggregates them all together in a single JSON file for that release (e.g ``1.12.0.json``).  This\nJSON file is a list of all the individual JSON files from ``next-release``.\n\n## Install\n\n```shell\npip install semversioner\n```\n\n## Usage\n\n### Bumping the version\n\nIn your local environment your will use the CLI to create the different changeset files that will be committed with your code. For example:\n\n```shell\nsemversioner add-change --type patch --description \"Fix security vulnerability with authentication.\"\n```\n\nThen, in your CI/CD tool you will need to release (generating automatically version number) and creating the the changelog file.\n\n```shell\nsemversioner release\n```\n\n### Generating Changelog\n\nAs a part of your CI/CD workflow, you will be able to generate the changelog file with all changes.\n\n```shell\nsemversioner changelog \u003e CHANGELOG.md\n```\n\nYou can customize the changelog by creating a template and passing it as parameter to the command. For example:\n\n```shell\nsemversioner changelog --template .semversioner/config/template.j2\n```\n\nThe template is using [Jinja2](https://jinja.palletsprojects.com/en/2.11.x/), a templating language for Python. For example:\n\n```\n# Changelog\n{% for release in releases %}\n\n## {{ release.version }}\n\n{% for change in release.changes %}\n- {{ change.type }}: {{ change.description }}\n{% endfor %}\n{% endfor %}\n```\n\nSince semversioner `2.0` you can also add custom attributes to the changeset file that will be available in the release template:\n\n```shell\nsemversioner add-change --type patch --description \"My custom changelog message with attributes.\" --attributes pr_id=322 --attributes issue_id=123\n```\n\nThen, you can show the attributes in the changelog template. For example:\n\n```\n# Changelog\nNote: version releases in the 0.x.y range may introduce breaking changes.\n{% for release in releases %}\n\n## {{ release.version }} (\u003cDATE\u003e)\n\n{% for change in release.changes %}\n- {{ change.type }}: {{ change.description }}{{ ' (#' + change.attributes.pr_id + ')' if change.attributes }}{{ ' (J' + change.attributes.issue_id + ')' if change.attributes }}\n{% endfor %}\n{% endfor %}\n```\n\nYou can filter the changelog by only showing changes for a specific version:\n\n```shell\nsemversioner changelog --version \"1.0.0\"\n```\n\nAlternatively, you can use the following command to filter changes by the last released version:\n\n```shell\nsemversioner changelog --version $(semversioner current-version)\n```\n\n### Getting next version\n\nAs part of the CI/CD workflow, sometimes you want to release dev, rc, or other pre-release packages. For this purpose,\nthe next-version command can be issued, to compute the next version based on the current change set. This will\nnot change any files on disk, and they are as such preserved for any future release.\n\n```shell\nsemversioner next-version\n```\n\n## License\n\nCopyright (c) 2023 Raul Gomis.\nMIT licensed, see [LICENSE](LICENSE) file.\n\n---\nMade with ♥ by `Raul Gomis \u003chttps://twitter.com/rgomis\u003e`.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraulgomis%2Fsemversioner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fraulgomis%2Fsemversioner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraulgomis%2Fsemversioner/lists"}