v0.2.0 Release Checklist

Use this checklist to publish common-fwk v0.2.0.

Preflight

  • Confirm working tree is clean (git status --short).
  • Confirm current branch is main and updated (git pull --ff-only origin main).
  • Confirm CI is green on main.
  • Confirm issue #29 is closed.

Verification

  • Run full test suite: go test ./...
  • Run build validation: go build ./...
  • Validate README quickstart snippets remain aligned with public API.
  • Validate config snippets use canonical kebab-case file keys (ttl-minutes, http-only, same-site, client-id, client-secret, auth-url, token-url, redirect-url).
  • Validate JWT mode-aware docs include HS256 default behavior and RS256 bootstrap keys (algorithm, rs256-key-source, rs256-key-id, PEM fields).
  • Verify RS256 key-source coverage in tests (generated, public-pem, private-pem).
  • Verify HS256 backward compatibility tests remain green.
  • Validate migration guide at docs/migration/auth-provider-ms-v0.1.0.md is complete.
  • Validate logging docs include GetLogger(name) lifecycle/error contract and deterministic same-name behavior.
  • Validate logging config docs include precedence matrix for root/per-logger values (logging.enabled, logging.level, logging.format, logging.loggers.<name>.enabled, logging.loggers.<name>.level).
  • Validate JSON/text output contract docs include required fields logger, ts, level, msg.
  • Validate Loki guidance remains collector-first and preserves structured keys end-to-end.

Publication

Release Workflow Labels

  • Release PR carries exactly one colon label: release-type:patch, release-type:minor, or release-type:major.
  • Non-release PRs use release:skip to prevent release generation.
  • Legacy slash labels (release-type/patch|minor|major) are migrated when encountered.

Dependency Gate (Required)

v0.2.0 tag publication is blocked until issue #29 (feat(config/viper): enforce kebab-case keys for configuration) is closed.

  • Issue #29 is closed and linked evidence is available (tests/docs alignment notes).
  • Create annotated tag: git tag -a v0.2.0 -m "Release v0.2.0"
  • Push branch and tag: git push origin main && git push origin v0.2.0
  • Create GitHub Release notes from the baseline below.

Post-release Validation

  • In auth-provider-ms, update dependency to github.com/matiasmartin-labs/[email protected].
  • Run go mod tidy and go test ./... in auth-provider-ms.
  • Verify critical auth parity cases pass (missing/invalid/expired token, issuer/audience checks, claims context injection).

Release Notes Baseline

Use this baseline to draft the official release notes.

Included capabilities

  • Config core model and validation (config).
  • Optional viper adapter (config/viper) with canonical kebab-case file keys.
  • JWT validation and resolver contracts (security/jwt, security/keys, security/claims).
  • Gin auth middleware integration (http/gin).
  • Instance-based bootstrap boundary (app).
  • Exported auth error code constants (errors).
  • Deterministic named logger registry with stdlib log/slog backend and root/per-logger precedence.

Migration impact

  • Consumers should replace local pkg abstractions with common-fwk package imports.
  • Startup wiring should move to app.Application (UseConfig, UseServer, UseServerSecurity).
  • Middleware wiring should use http/gin.NewAuthMiddleware and exported error codes.
  • File-based config snippets should use kebab-case key style.
  • Consumers may adopt app.GetLogger(name) and root/per-logger logging keys without changing app bootstrap order.

Known limitations

  • No provider-specific Google OAuth implementation in this framework.
  • No app-global singleton model.
  • No advanced lifecycle orchestrator (DI container, centralized shutdown coordinator).

Migration note summary (issue-32)

  • Added deterministic named logger access via app.GetLogger(name) with explicit lifecycle errors.
  • Added root/per-logger logging config model and deterministic precedence resolution.
  • Added collector-first Loki guidance with required structured keys preservation (logger, ts, level, msg).