v0.1.0 Release Checklist

Use this checklist to publish the first stable release of common-fwk.

Preflight

  • Confirm working tree is clean (git status --short).
  • Confirm current branch is main and updated (git pull --ff-only origin main).
  • Confirm CI is green on main.
  • Confirm issue #7 is closed.
  • Confirm issue #6 is closed.

Verification

  • Run full test suite: go test ./...
  • Run build validation: go build ./...
  • Validate README quickstart snippets remain aligned with public API.
  • Validate config snippets use canonical kebab-case file keys (ttl-minutes, http-only, same-site, client-id, client-secret, auth-url, token-url, redirect-url).
  • Validate migration guide at docs/migration/auth-provider-ms-v0.1.0.md is complete.

Publication

Release Workflow Labels

  • Release PR carries exactly one colon label: release-type:patch, release-type:minor, or release-type:major.
  • Non-release PRs use release:skip to prevent release generation.
  • Legacy slash labels (release-type/patch|minor|major) are migrated when encountered.

Dependency Gate (Required)

v0.1.0 tag publication is blocked until issue #6 (test(migration): port and adapt tests from auth-provider-ms/pkg) is closed.

  • Issue #6 is closed and linked evidence is available (tests/parity notes).
  • Create annotated tag: git tag -a v0.1.0 -m "Release v0.1.0"
  • Push branch and tag: git push origin main && git push origin v0.1.0
  • Create GitHub Release notes from the baseline below.

Post-release Validation

  • In auth-provider-ms, update dependency to github.com/matiasmartin-labs/[email protected].
  • Run go mod tidy and go test ./... in auth-provider-ms.
  • Verify critical auth parity cases pass (missing/invalid/expired token, issuer/audience checks, claims context injection).

Release Notes Baseline

Use this baseline to draft the official release notes.

Included capabilities

  • Config core model and validation (config).
  • Optional viper adapter (config/viper).
  • JWT validation and resolver contracts (security/jwt, security/keys, security/claims).
  • Gin auth middleware integration (http/gin).
  • Instance-based bootstrap boundary (app).
  • Exported auth error code constants (errors).

Migration impact

  • Consumers should replace local pkg abstractions with common-fwk package imports.
  • Startup wiring should move to app.Application (UseConfig, UseServer, UseServerSecurity).
  • Middleware wiring should use http/gin.NewAuthMiddleware and exported error codes.

Known limitations

  • No provider-specific Google OAuth implementation in this framework.
  • No app-global singleton model.
  • No advanced lifecycle orchestrator (DI container, centralized shutdown coordinator).