Release Process

This document describes the step-by-step process for creating a new release of NeoPRISM.

Versioning

NeoPRISM follows Semantic Versioning (semver). The current version is stored in two places:

File	Location
`version`	Repository root — single source of truth
`Cargo.toml`	Workspace root — must match `version`

Before starting a release, ensure you have:

Write access to the hyperledger-identus/neoprism repository
A GitHub personal access token with repo scope for pushing tags
Conventional commits — all commits in the release should follow the Conventional Commits standard. PR titles are validated against the conventional commits format by .github/workflows/pr-lint.yml (using amannn/action-semantic-pull-request@v6), and git-cliff uses conventional commit messages to generate the changelog automatically.
Nix — all release commands run inside nix develop

git checkout main
git pull origin main

Create the release branch to the current main:

git checkout -b release

Run the automated version bump command from inside nix develop:

nix develop -c just release::bump-version

The release::bump-version recipe does all of the following automatically:

Determines the next version — uses git-cliff to compute the next version based on conventional commits since the last tag
Updates version and Cargo.toml — writes the new version to both files
Generates the changelog — runs git-cliff to rebuild CHANGELOG.md from the commit history
Regenerates Docker Compose configs — runs just build-config to update the auto-generated Docker Compose files with the new version

git add .
git commit -s -m 'chore(release): prepare for the next release'

git push origin release

Open a pull request from release into main on GitHub. Once CI checks pass, merge the PR.

After the PR is merged to main, create a tag for the release and push it:

git checkout main
git pull origin main
VERSION=$(cat version)
git tag "v$VERSION"
git push origin "v$VERSION"

Note: The release workflow is triggered manually — it does not run automatically on tags.

Go to the Release workflow on GitHub Actions and click Run workflow. Enter the version number (without the v prefix) in the tag input field.

The workflow will:

Check out the tagged commit
Build Docker images for linux/amd64 and linux/arm64 using Nix
Create a multi-arch Docker manifest and push it to Docker Hub under $DOCKERHUB_ORG/identus-neoprism:<VERSION>

Trigger the Deploy Docs Site workflow manually to publish the updated mdBook site to GitHub Pages.

Navigate to the Releases page and click Draft a new release. Select the v<VERSION> tag.

Optional: Curate the notable changes or highlight the breaking changes or other notes which require attention.

Docker Hub: Confirm the multi-arch image is available at docker pull $DOCKERHUB_ORG/identus-neoprism:<VERSION>
GitHub Releases: Confirm the release is published on the Releases page
Docs site: Confirm the updated documentation is live on GitHub Pages

The CI pipeline for releases is defined in .github/workflows/release.yml. Key details:

Aspect	Detail
Trigger	`workflow_dispatch` with a version tag
Architecture	Builds both `amd64` and `arm64`, combines into a multi-arch manifest
Registry	Docker Hub (`$DOCKERHUB_ORG/identus-neoprism`)
Build system	Nix (`nix build .#neoprism-docker-linux-amd64`, `nix build .#neoprism-docker-linux-arm64`)

File	Purpose
`version`	Current version number
`Cargo.toml`	Workspace metadata (version must match `version` file)
`justfile`	Main justfile (loads the `release` module from `tools/just-recipes/release.just`)
`tools/just-recipes/release.just`	Contains the `release::bump-version` and `release::set-version` recipes
`CHANGELOG.md`	Auto-generated changelog (rebuilt by `release::bump-version` via `git-cliff`)
`cliff.toml`	`git-cliff` configuration controlling changelog format
`.github/workflows/release.yml`	Release CI workflow
`.github/workflows/deploy-docs.yml`	Docs site deployment