docs: add CHANGELOG.md and update release.md

.github/pull_request_template.md

@@ -5,6 +5,7 @@ A detailed explanation of the changes in your PR.
 Feel free to remove this section if it is overkill for your PR, and the title of your PR is sufficiently descriptive.
 
 ## Checklist
+- [ ] Patch has a change log entry **OR** does not need one.
 - [ ] Investigated and inspected CI test results
 - [ ] Updated documentation accordingly
 

CHANGELOG.md

@@ -0,0 +1,69 @@
+# Change log
+
+This document is maintained in a best effort manner. If you consider
+your change is worthy of a note, please add a line to the list below. If
+possible include a PR number for easier tracking.
+
+## Next
+
+* ROX-30256: track files and directories being renamed (#308)
+* ROX-33198: Instrument inode tracking on file open lsm hook (#391)
+* ROX-33217: Instrument inode tracking on directory being created path mkdir (#465)
+* ROX-33216: implement inode tracking for path_rename (#487)
+* ROX-33218: Instrument inode tracking on directory being deleted (#530)
+* ROX-33199: unlink inode tracking (#429)
+* ROX-33197: implement periodic scanning of host paths (#329)
+* feat: make the maximum number of tracked inodes configurable (#409)
+* Moves glob/wildcard matching into Fact. (#323)
+* ROX-33540: adds rate limiting (#499)
+* ROX-33471: do not attach progs when no paths configured (#371)
+* ROX-31937: Generate third-party deps license files. (#192)
+* cleanup(bpf): reduce preemption fragility in overlayfs dedup (#558)
+* ROX-33133: Enable post-quantum crypto-policies for fact (#349)
+* ROX-33133: Enable post-quantum crypto-policies for upstream fact (#364)
+* ROX-32841: Quote args (#295)
+* ROX-31266: Implement tests with valid and invalid utf 8 strings (#251)
+* test: add tests for files being created and modified with text editors (#215)
+* chore(tests): replace __eq__ with diff() for detailed test diagnostics (#314)
+* Update edition to 2024 (#413)
+* cleanup: restrict broadcast channels to the output component (#557)
+
+## v0.2
+
+* feat: sanitize paths generated by calling d_path (#181)
+* ROX-30258: Track file ownership changes (#156)
+* ROX-30257: implement permission change tracking (#157)
+* ROX-31430: delegate TLS to host implementation (#168)
+* feat(ebpf): use bpf_loop for local d_path implementation (#175)
+* 087a210 ROX-30437: basic inode tracking for host path resolution (#166)
+* Add performance test pipeline (#104)
+* ROX-30630: run BPF bootstrap test in CI (#131)
+* Replace custom d_path with bpf_d_path (#154)
+* fix(fact-ebpf): improve kernel compatibility (#125)
+* ROX-30836: implement hotreloading for monitored paths (#120)
+* ROX-30836: implement hotreloading configuration for outputs (#119)
+* ROX-30836: implement configuration hotreloading (#110)
+* ROX-30255: track file deletions (#86)
+* ROX-30438: Reimplement kernel side path filtering (#79)
+* ROX-30254: Track file creation events (#65)
+* ROX-30746: implement layered configuration (#53)
+* ROX-30294: Add prometheus metrics (#40)
+* ROX-30260: Konflux arm64 builds (#35)
+* ROX-30260: add support for arm64 [upstream] (#30)
+
+## v0.1
+
+* Initial release
+* file_open added as the only supported LSM hook.
+* JSON and gRPC outputs.
+* Pre-flight check for BPF LSM support.
+* Miscellaneous helper functions for host information querying.
+* Basic health check endpoint.
+* Basic configuration via CLI and environment variables only.
+* Basic gRPC mock server for validation.
+* CI
+  * Basic job for compiling, testing and linting.
+  * x86 container builds.
+  * Onboarded to Konflux (only half way through).
+  * Integrated with MintMaker.
+  * Integration tests on Fedora coreos for both GHA and Konflux builds.

docs/release.md

@@ -31,15 +31,42 @@ which the release is forked.
     git push --set-upstream origin "release-${FACT_RELEASE}"
     ```
 
-At this point you will need to wait for the downstream release engineers
-to create the git resources for Konflux before proceeding.
+## Update CHANGELOG.md and version on main
 
-## Update Konflux resources and application version
+1.  Set the following environment variable:
+
+    *   `FACT_RELEASE`: The next version of fact to be released.
+
+    ```sh
+    export FACT_RELEASE=0.2
+    ```
+
+1.  On the `main` branch, run the following commands.
+
+    ```sh
+    sed -i \
+        -e "s/^## Next/&\n\n## ${FACT_RELEASE}.0/" \
+        CHANGELOG.md
+
+    sed -i \
+        -e "/^version = / s/\".*\"/\"${FACT_RELEASE}.0-dev\"/" \
+        fact/Cargo.toml
+    ```
+
+1. Create a new branch for these changes and push it to the repository.
+    ```sh
+    git checkout -b "release/update-versions-${FACT_RELEASE}"
+    git add .
+    git commit -m "chore: update change log and application version for ${FACT_RELEASE}"
+    git push --set-upstream origin "release/update-versions-${FACT_RELEASE}"
+    ```
+
+1. Create a PR pointing to the main branch and get it merged.
+
+## Pin compiler version and update the application version
 
 1.  Set the following environment variables:
 
-    *   `STACKROX_SUFFIX`: The major and minor versions of ACS that will
-        use this `fact` version (e.g., `4-10`).
     *   `FACT_RELEASE`: The release version you set in the previous
         section.
     *   `FACT_PATCH`: The patch version for this release (e.g., `0`).
@@ -48,52 +75,36 @@ to create the git resources for Konflux before proceeding.
         (e.g., `1.88`).
 
     ```sh
-    export STACKROX_SUFFIX=4-10
     export FACT_RELEASE=0.2
     export FACT_PATCH=0
     export RUST_VERSION=1.88
     ```
 
-1.  On the release branch, run the following commands to update the
-Konflux build configuration and the application version.
+1.  On the release branch, run the following commands.
 
     ```sh
-    sed -i \
-        -e "/appstudio.openshift.io\/application: / s/$/-${STACKROX_SUFFIX}/" \
-        -e "/appstudio.openshift.io\/component: / s/$/-${STACKROX_SUFFIX}/" \
-        -e "/serviceAccountName: / s/$/-${STACKROX_SUFFIX}/" \
-        .tekton/fact-build.yaml
+    sed -i -e "s/^RUST_VERSION .*/RUST_VERSION ?= ${RUST_VERSION}/" \
+        constants.mk
 
     sed -i \
         -e "/^version = / s/\".*\"/\"${FACT_RELEASE}.0\"/" \
         fact/Cargo.toml
     ```
 
-1.  Run the following command to pin the Rust version to be used.
-
-    ```sh
-    sed -i -e "/^RUST_VERSION / s/stable/${RUST_VERSION}/" \
-        constants.mk
-    ```
-
-1.  Run the following command to stop mintmaker from attempting to
-    update our crate dependencies.
-
-    ```sh
-    sed -i -e "/\"cargo\",/d" .github/renovate.json5
-    ```
-
 1. Create a new branch for these changes and push it to the repository.
     ```sh
-    git checkout -b "release/konflux-resources-${FACT_RELEASE}"
+    git checkout -b "release/prepare-${FACT_RELEASE}"
     git add .
-    git commit -m "Update Konflux resources for release ${FACT_RELEASE}"
-    git push --set-upstream origin "release/konflux-resources-${FACT_RELEASE}"
+    git commit -m "chore: prepare release branch for ${FACT_RELEASE}"
+    git push --set-upstream origin "release/prepare-${FACT_RELEASE}"
     ```
 
 1. Create a PR pointing to the release branch and get it merged.
-1. Once the PR is in, you can go ahead and tag the fact release.
 
+1. Since the release of artifacts via Konflux require some additional
+configuration, you will need to wait for the release engineer to make
+these and request a tag for fact. Once this happens, you can create a
+new tag with the following commands:
     ```sh
     git checkout "release-${FACT_RELEASE}"
     git pull --ff-only