Merge pull request #628 from digitalfabrik/develop

Release 2025.11.0

Author: sascha11110

.circleci/config.yml

@@ -191,11 +191,20 @@ jobs:
             # Bump version to next alpha version
             echo "Bump to the next version"
             bumpver update -n -t alpha --no-commit
+      - run:
+          name: Generate SBOM
+          command: |
+            curl -sSfL https://get.anchore.io/syft | sudo sh -s -- -b /usr/local/bin
+            export SYFT_SOURCE_VERSION=$(python -c "import lunes_cms; print(lunes_cms.__version__)")
+            export SYFT_SOURCE_NAME="integreat-cms"
+            export SYFT_FORMAT_SPDX_JSON_PRETTY=true
+            syft scan . -o spdx-json=integreat_cms/_manifest/spdx_2.2/manifest.spdx.json
       - persist_to_workspace:
           root: .
           paths:
-            - setup.cfg
+            - pyproject.toml
             - lunes_cms/__init__.py
+            - lunes_cms/_manifest
   bump-version:
     docker:
       - image: cimg/python:3.11
@@ -236,6 +245,16 @@ jobs:
             # Amend to bump version commit
             git add CHANGELOG.md
             git commit --amend --no-edit
+      - run:
+          name: Generate SBOM
+          command: |
+            curl -sSfL https://get.anchore.io/syft | sudo sh -s -- -b /usr/local/bin
+            export SYFT_SOURCE_VERSION=$(python -c "import lunes_cms; print(lunes_cms.__version__)")
+            export SYFT_SOURCE_NAME="integreat-cms"
+            export SYFT_FORMAT_SPDX_JSON_PRETTY=true
+            syft scan . -o spdx-json=integreat_cms/_manifest/spdx_2.2/manifest.spdx.json
+            git add lunes_cms/_manifest
+            git commit --amend --no-edit
       - run:
           name: Tag and push commit
           command: |
@@ -260,8 +279,9 @@ jobs:
           name: Build lunes-cms package
           command: |
             source .venv/bin/activate
-            pip install wheel
-            python setup.py sdist bdist_wheel
+            pip install .
+            python -m build --sdist .
+            python -m build --wheel .
       - persist_to_workspace:
           root: .
           paths:
@@ -284,6 +304,7 @@ jobs:
           command: |
             source .venv/bin/activate
             pip install twine
+            ls -lh ./dist/*
             twine upload --non-interactive --verbose ./dist/lunes*.tar.gz
   create-release:
     docker:

.gitignore

@@ -13,3 +13,4 @@ docs/dist/
 docs/src/ref/
 docs/src/changelog.rst
 lunes_cms/lunes-cms.log
+.python-version

CHANGELOG.md

@@ -1,6 +1,20 @@
 UNRELEASED
 ----------
 
+* [ [#601](https://github.com/digitalfabrik/lunes-cms/pull/601) ] Create APIv2 with words endpoint
+* [ [#607](https://github.com/digitalfabrik/lunes-cms/pull/607) ] Add endpoint for jobs
+* [ [#610](https://github.com/digitalfabrik/lunes-cms/pull/610) ] Add endpoint for units of a job
+* [ [#611](https://github.com/digitalfabrik/lunes-cms/pull/611) ] Add endpoint to get all words of a unit
+* [ [#616](https://github.com/digitalfabrik/lunes-cms/pull/616) ] Add API endpoint for all words of a given job
+* [ [#618](https://github.com/digitalfabrik/lunes-cms/pull/618) ] Add sponsors endpoint to api v2
+* [ [#619](https://github.com/digitalfabrik/lunes-cms/pull/619) ] Add cms v2 Feedback model and api v2 feedback endpoint
+* [ [#612](https://github.com/digitalfabrik/lunes-cms/pull/612) ] Add example sentence to Word and Unit-Word relationship
+* [ [#606](https://github.com/digitalfabrik/lunes-cms/pull/606) ] Add v1_id column for cmsv2 models migration
+* [ [#556](https://github.com/digitalfabrik/lunes-cms/pull/556) ] Fix overflow in sidebar
+* [ [#603](https://github.com/digitalfabrik/lunes-cms/pull/603) ] Replace setup.cfg with pyproject.toml
+* [ [#609](https://github.com/digitalfabrik/lunes-cms/pull/609) ] Add SBOM in dev and prod releases
+* [ [#578](https://github.com/digitalfabrik/lunes-cms/pull/578) ] Create SECURITY.md
+
 
 2025.10.0
 ---------

MANIFEST.in

@@ -14,9 +14,6 @@ global-exclude __pycache__
 # Exclude existing log file
 exclude lunes_cms/lunes-cms.log
 
-# Exclude pyproject.toml
-exclude pyproject.toml
-
 # Exclude source of translation files
 exclude lunes_cms/locale/de/LC_MESSAGES/django.po
 exclude lunes_cms/locale/de/LC_MESSAGES/djangojs.po

SECURITY.md

@@ -0,0 +1,28 @@
+# Security
+
+## Reporting Potential Security Issues
+
+If you have encountered a potential security vulnerability in this project,
+please report it to us at <security@tuerantuer.org>. We will work with you to
+verify the vulnerability and patch it.
+
+When reporting issues, please provide the following information:
+
+- Component(s) affected
+- A description indicating how to reproduce the issue
+- A summary of the security vulnerability and impact
+
+We request that you contact us via the email address above and give the
+project contributors a chance to resolve the vulnerability and issue a new
+release prior to any public exposure; this helps protect the project's
+users, and provides them with a chance to upgrade and/or update in order to
+protect their applications.
+
+## Policy
+
+If we verify a reported security vulnerability, our policy is:
+
+- We will patch the default branch and immediately issue a new security fix release.
+
+- A security advisory will be released on the project website detailing the
+  vulnerability, as well as recommendations for end-users to protect themselves.

docs/src/conf.py

@@ -38,7 +38,7 @@
 #: The project author
 author = "Lunes"
 #: The full version, including alpha/beta/rc tags
-release = "2025.10.0"
+release = "2025.10.1"
 #: GitHub username
 github_username = "digitalfabrik"
 #: GitHub repository name

lunes_cms/__init__.py

@@ -1,4 +1,5 @@
 """
 Content Management System for the Lunes Vocabulary Trainer App
 """
-__version__ = "2025.10.0"
+
+__version__ = "2025.10.1"