docs: add project documentation and enhance release workflow

Add comprehensive documentation: API reference, contributing guide,
getting started, release process, security policy, troubleshooting,
and WebSocket protocol. Overhaul release workflow with tag validation,
CI gate, Docker multi-platform builds, GitHub Release creation, and
changelog generation script.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: pacphi

.github/scripts/generate-changelog.sh

@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+# Changelog Generation Script for Mimir
+# Usage: ./generate-changelog.sh <version> [output-file]
+#
+# Examples:
+#   ./generate-changelog.sh 0.1.0
+#   ./generate-changelog.sh 1.0.0-alpha.1 changelog-test.md
+#
+# Arguments:
+#   version      - Version number without v prefix (e.g., 0.1.0)
+#   output-file  - Output file path (default: changelog.md)
+
+set -euo pipefail
+
+if [[ $# -lt 1 ]]; then
+  echo "Usage: $0 <version> [output-file]" >&2
+  echo "Example: $0 0.1.0 changelog.md" >&2
+  exit 1
+fi
+
+VERSION="$1"
+OUTPUT_FILE="${2:-changelog.md}"
+
+CURRENT_TAG="v${VERSION}"
+REPO="${GITHUB_REPOSITORY:-pacphi/mimir}"
+
+echo "Generating changelog for $CURRENT_TAG" >&2
+
+# Get previous tag (most recent tag before current)
+ALL_TAGS=$(git tag -l "v*" --sort=-version:refname)
+PREVIOUS_TAG=""
+
+found_current=false
+while IFS= read -r tag; do
+  [[ -z "$tag" ]] && continue
+  if [[ "$found_current" == "true" ]]; then
+    PREVIOUS_TAG="$tag"
+    break
+  fi
+  if [[ "$tag" == "$CURRENT_TAG" ]]; then
+    found_current=true
+  fi
+done <<< "$ALL_TAGS"
+
+if [[ -z "$PREVIOUS_TAG" ]]; then
+  echo "No previous tag found, using all commits up to $CURRENT_TAG" >&2
+  FIRST_COMMIT=$(git rev-list --reverse HEAD 2>/dev/null | head -1) || true
+  if [[ -n "$FIRST_COMMIT" ]]; then
+    COMMIT_RANGE="${FIRST_COMMIT}^..$CURRENT_TAG"
+  else
+    COMMIT_RANGE="$CURRENT_TAG"
+  fi
+else
+  echo "Generating changelog from $PREVIOUS_TAG to $CURRENT_TAG" >&2
+  COMMIT_RANGE="$PREVIOUS_TAG..$CURRENT_TAG"
+fi
+
+# Initialize changelog sections
+features=""
+fixes=""
+docs=""
+deps=""
+perf=""
+refactor=""
+chore=""
+tests=""
+other=""
+
+# Parse commits
+while IFS= read -r commit; do
+  [[ -z "$commit" ]] && continue
+
+  hash="${commit:0:7}"
+  message="${commit:8}"
+
+  case "$message" in
+    feat:*|feat\(*)       features+="- $message ($hash)"$'\n' ;;
+    fix:*|fix\(*)         fixes+="- $message ($hash)"$'\n' ;;
+    docs:*|docs\(*)       docs+="- $message ($hash)"$'\n' ;;
+    deps:*|deps\(*)       deps+="- $message ($hash)"$'\n' ;;
+    perf:*|perf\(*)       perf+="- $message ($hash)"$'\n' ;;
+    refactor:*|refactor\(*) refactor+="- $message ($hash)"$'\n' ;;
+    chore:*|chore\(*)     chore+="- $message ($hash)"$'\n' ;;
+    test:*|test\(*)       tests+="- $message ($hash)"$'\n' ;;
+    ci:*|ci\(*)           chore+="- $message ($hash)"$'\n' ;;
+    style:*|style\(*)     chore+="- $message ($hash)"$'\n' ;;
+    *)                    other+="- $message ($hash)"$'\n' ;;
+  esac
+done < <(git log --oneline "$COMMIT_RANGE" 2>/dev/null || git log --oneline)
+
+# Build changelog content
+changelog="## [${VERSION}] - $(date +%Y-%m-%d)"$'\n\n'
+
+[[ -n "$features" ]] && changelog+="### Added"$'\n\n'"$features"$'\n'
+[[ -n "$fixes" ]] && changelog+="### Fixed"$'\n\n'"$fixes"$'\n'
+[[ -n "$docs" ]] && changelog+="### Documentation"$'\n\n'"$docs"$'\n'
+[[ -n "$deps" ]] && changelog+="### Dependencies"$'\n\n'"$deps"$'\n'
+[[ -n "$perf" ]] && changelog+="### Performance"$'\n\n'"$perf"$'\n'
+[[ -n "$refactor" ]] && changelog+="### Changed"$'\n\n'"$refactor"$'\n'
+[[ -n "$tests" ]] && changelog+="### Tests"$'\n\n'"$tests"$'\n'
+[[ -n "$chore" ]] && changelog+="### Maintenance"$'\n\n'"$chore"$'\n'
+[[ -n "$other" ]] && changelog+="### Other"$'\n\n'"$other"$'\n'
+
+# Installation section
+changelog+="### Installation"$'\n\n'
+changelog+='```bash'$'\n'
+changelog+="# Pull Docker images"$'\n'
+changelog+="docker pull ghcr.io/${REPO}/api:${VERSION}"$'\n'
+changelog+="docker pull ghcr.io/${REPO}/web:${VERSION}"$'\n\n'
+changelog+="# Or use latest stable"$'\n'
+changelog+="docker pull ghcr.io/${REPO}/api:latest"$'\n'
+changelog+="docker pull ghcr.io/${REPO}/web:latest"$'\n'
+changelog+='```'$'\n\n'
+
+# Add diff link if previous tag exists
+if [[ -n "$PREVIOUS_TAG" ]] && [[ "$PREVIOUS_TAG" != "$CURRENT_TAG" ]]; then
+  changelog+="**Full Changelog**: https://github.com/${REPO}/compare/$PREVIOUS_TAG...$CURRENT_TAG"$'\n'
+fi
+
+echo "$changelog" > "$OUTPUT_FILE"
+
+echo "Changelog written to $OUTPUT_FILE" >&2
+echo "Changelog for ${CURRENT_TAG} generated successfully!" >&2

.github/workflows/release.yml

@@ -5,14 +5,127 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
-  build-and-push:
-    name: Build & Push Docker Images
+  # ── Job 1: Validate tag format ─────────────────────────────────────
+  validate-tag:
+    name: Validate Tag
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.parse.outputs.version }}
+      is_prerelease: ${{ steps.parse.outputs.is_prerelease }}
+    steps:
+      - name: Parse and validate tag
+        id: parse
+        run: |
+          TAG="${GITHUB_REF#refs/tags/}"
+          echo "Tag: $TAG"
+
+          if [[ ! "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "::error::Invalid tag format: $TAG (expected v<major>.<minor>.<patch>[-prerelease])"
+            exit 1
+          fi
+
+          VERSION="${TAG#v}"
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+          if [[ "$VERSION" == *-* ]]; then
+            echo "is_prerelease=true" >> "$GITHUB_OUTPUT"
+            echo "Pre-release detected: $VERSION"
+          else
+            echo "is_prerelease=false" >> "$GITHUB_OUTPUT"
+            echo "Stable release: $VERSION"
+          fi
+
+  # ── Job 2: Full CI gate ─────────────────────────────────────────────
+  ci:
+    name: CI Gate
+    needs: [validate-tag]
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: "24"
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
 
+      - name: Get pnpm store directory
+        id: pnpm-cache
+        run: echo "store=$(pnpm store path)" >> "$GITHUB_OUTPUT"
+
+      - name: Cache pnpm store
+        uses: actions/cache@v5
+        with:
+          path: ${{ steps.pnpm-cache.outputs.store }}
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Format check
+        run: pnpm format:check
+
+      - name: Generate Prisma client
+        run: pnpm db:generate
+
+      - name: Type check
+        run: pnpm typecheck
+
+      - name: Lint
+        run: pnpm lint
+
+      - name: Unit tests
+        run: pnpm test
+
+      - name: Production build
+        run: pnpm build
+
+  # ── Job 3: Generate changelog ───────────────────────────────────────
+  generate-changelog:
+    name: Generate Changelog
+    needs: [validate-tag]
+    runs-on: ubuntu-latest
+    outputs:
+      changelog_file: changelog-${{ needs.validate-tag.outputs.version }}.md
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Generate changelog
+        run: |
+          chmod +x .github/scripts/generate-changelog.sh
+          .github/scripts/generate-changelog.sh \
+            "${{ needs.validate-tag.outputs.version }}" \
+            "changelog-${{ needs.validate-tag.outputs.version }}.md"
+
+      - name: Upload changelog artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: changelog
+          path: changelog-${{ needs.validate-tag.outputs.version }}.md
+
+  # ── Job 4: Build and push Docker images ─────────────────────────────
+  docker-images:
+    name: Docker Images
+    needs: [validate-tag, ci]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - app: api
+            dockerfile: apps/api/Dockerfile
+          - app: web
+            dockerfile: apps/web/Dockerfile
     steps:
       - uses: actions/checkout@v6
 
@@ -26,30 +139,77 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Extract version from tag
-        id: version
-        run: echo "version=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT"
+      - name: Generate image tags
+        id: tags
+        run: |
+          VERSION="${{ needs.validate-tag.outputs.version }}"
+          IS_PRE="${{ needs.validate-tag.outputs.is_prerelease }}"
+          IMAGE="ghcr.io/${{ github.repository }}/${{ matrix.app }}"
+
+          TAGS="${IMAGE}:${VERSION}"
+
+          if [[ "$IS_PRE" == "false" ]]; then
+            MAJOR_MINOR=$(echo "$VERSION" | cut -d. -f1,2)
+            TAGS="${TAGS},${IMAGE}:${MAJOR_MINOR},${IMAGE}:latest"
+          fi
 
-      - name: Build and push API image
+          echo "tags=$TAGS" >> "$GITHUB_OUTPUT"
+
+      - name: Build and push
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: apps/api/Dockerfile
+          file: ${{ matrix.dockerfile }}
           push: true
-          tags: |
-            ghcr.io/${{ github.repository }}/api:${{ steps.version.outputs.version }}
-            ghcr.io/${{ github.repository }}/api:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          tags: ${{ steps.tags.outputs.tags }}
+          cache-from: type=gha,scope=${{ matrix.app }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.app }}
 
-      - name: Build and push Web image
-        uses: docker/build-push-action@v6
+  # ── Job 5: Create GitHub Release + update CHANGELOG.md ─────────────
+  create-release:
+    name: Create Release
+    needs: [validate-tag, ci, generate-changelog, docker-images]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
         with:
-          context: .
-          file: apps/web/Dockerfile
-          push: true
-          tags: |
-            ghcr.io/${{ github.repository }}/web:${{ steps.version.outputs.version }}
-            ghcr.io/${{ github.repository }}/web:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Download changelog artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: changelog
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          body_path: changelog-${{ needs.validate-tag.outputs.version }}.md
+          prerelease: ${{ needs.validate-tag.outputs.is_prerelease == 'true' }}
+          generate_release_notes: false
+
+      - name: Update CHANGELOG.md
+        run: |
+          VERSION="${{ needs.validate-tag.outputs.version }}"
+          CHANGELOG_FILE="changelog-${VERSION}.md"
+          MARKER="<!-- This file is auto-maintained by the release workflow on each tag. -->"
+
+          if grep -q "$MARKER" CHANGELOG.md; then
+            # Insert new entry after the marker line
+            sed -i "/$MARKER/r $CHANGELOG_FILE" CHANGELOG.md
+            # Add a blank line after the marker before the new content
+            sed -i "/$MARKER/a\\" CHANGELOG.md
+          else
+            # Append to end of file
+            echo "" >> CHANGELOG.md
+            cat "$CHANGELOG_FILE" >> CHANGELOG.md
+          fi
+
+      - name: Push CHANGELOG.md update
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add CHANGELOG.md
+          git diff --cached --quiet && exit 0
+          git commit -m "docs: update CHANGELOG.md for v${{ needs.validate-tag.outputs.version }} [skip ci]"
+          git push origin HEAD:main

CHANGELOG.md

@@ -0,0 +1,8 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+<!-- This file is auto-maintained by the release workflow on each tag. -->