Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
github-release-notes
Advanced tools
Create a release from a tag and uses issues or commits to creating the release notes. It also can generate a CHANGELOG.md file based on the release notes (or generate a brand new).
gren
🤖Github release notes and changelog generator
gren
do for me?gren
is a small helpful robot that will do for you just create a release from a tag and compile the release notes using issues or commits.
It also can generate a CHANGELOG.md
file based on the release notes (or generate a brand new).
Everyone loves neat, transparent, informative release notes. Everyone would also rather avoid maintaining them. What a hassle to have to evaluate what issues have been solved between two points in project's timeline, what types of problems they were, are they important to inform the users about, what issues solved them, etc.
Wouldn't it be great to get fantastic release notes compiled for you automatically based on all the hard work you put into your GitHub issues and pull requests?
The main motivation for bringing gren
to life was the need for auto-generating release notes for every tag in a project.
The process, as explained here, requires the tagger to go to your project's releases page in GitHub, draft that tag as a new release and manually add what has changed.
Let gren
take care of that for you. It automates this process and also writes release notes for you, creating something like this:
v0.6.0 (14/03/2017)
Framework Enhancements:
- #32 Unwrap github-api promises
- #26 Use external config file
- #23 Introduce templates for the issues
- #19 Add an "ignore label" flag
- #12 Add the chance to rebuild the history of release notes
Bug Fixes:
(yes, this is one of 🤖 's actual releases)
gren
🤖Where is the data coming from? There are two options:
issues
(⭐)If you manage your project with issues, that's where all the information about a change are.
Issue labels increase the level of depth of what the release notes should show, helping gren
to group the notes.
e.g. if you see the example above, the issues are grouped by the two labels enhancement
and bug
, then customised via a config file.
gren
generates those notes by collecting all the issues closed between a tag (defaults to latest) and the tag before it (or a tag that you specify).
If you want to be more accurate on the issues that belong to a release, you can group them in milestones and use only the issues that belong to that Milestone.
The output above is a result of release notes built from issues.
In order to have splendidly generated release notes, we recommend to follow these conventions:
gren
has the option to ignore issues that have one of the specified labels.commits
The simplest way of getting data is from the commits you write. Even though it doesn't require a machine-readable commit, it is still better to have them in a nice format.
The output then uses commit messages (title + description) to look something like:
v0.9.0 (17/05/2017)
- Filter milestones (#75)
- Create milestones data-source option
- Add documentation for the milestones option
- Support GitHub enterprise (#73)
- Support GitHub enterprise
- Add api-url to options documentation
- Update CHANGELOG.md
In order to have splendidly generated release notes, we recommend to follow these conventions:
Install github-release-notes
via npm:
npm install github-release-notes -g
First, generate a GitHub token
, with repo scope, at this link.
Then add this line to ~/.bash_profile
(or ~/.zshrc
):
export GREN_GITHUB_TOKEN=your_token_here
Show the internet that you use gren for automating your release notes ->
[![Automated Release Notes by gren](https://img.shields.io/badge/%F0%9F%A4%96-release%20notes-00B2EE.svg)](https://github-tools.github.io/github-release-notes/)
gren
gets the repo information directly from the folder where git
is initialised.
# Navigate to your project directory
cd ~/Path/to/repo
# Run the task (see below)
gren release
Otherwise, you can run it anywhere passing the repo information:
gren release --username=[username] --repo=[repo name]
If you don't want to save the token, you can specify one as an option:
gren release --token=[your token]
There are two main commands that can be ran with 🤖:
gren release
gren
will look for the latest tag, draft a new release using the issues closed between when that tag and the one before were created and publish that release in your release panel in your GitHub repo. (@see how to feed 🤖).
gren changelog
Create a CHANGELOG.md
file using all the release notes of the repo (like the ones generated by 🤖 ).
If the file exists already, use the --override
option to proceed.
gren changelog --override
To generate a brand new release notes, using the same approach as per the releases, you have to run the command with the --generate
option.
gren changelog --generate
gren
is using Commander.js which generates the --help
section.
To trigger the help of a command, run:
# General usage
gren --help
# Command usage
gren help release # or gren release --help
It's also possible to see all the examples here or directly in the terminal:
gren examples release
You can create a configuration file where the task will be run to specify your options. See how to set up the config file The accepted file extensions are the following:
.grenrc
.grenrc.json
.grenrc.yml
.grenrc.yaml
.grenrc.js
If you need help to create the configuration file, you can run the following command and follow the instructions
gren init
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
Create a release from a tag and uses issues or commits to creating the release notes. It also can generate a CHANGELOG.md file based on the release notes (or generate a brand new).
The npm package github-release-notes receives a total of 536 weekly downloads. As such, github-release-notes popularity was classified as not popular.
We found that github-release-notes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.