unreleased

unreleased lets you view the commits to your GitHub repos since their last release.

Read more about how I leverage unreleased for my needs here.

💾 Installation

homebrew:

brew install dhth/tap/unreleased

cargo:

cargo install unreleased

Or get the binaries directly from a Github release. Read more about verifying the authenticity of released artifacts here.

⚡️ Usage

unreleased requires a TOML config file which looks like the following.

# array of repos to run for
[[repos]]
# repository name in the format "owner/repo"
repo = "dhth/bmm"

[[repos]]
repo = "dhth/hours"
# head ref to use when generating commit log
# optional
# default: main
head_ref = "some-branch"

[[repos]]
repo = "dhth/unreleased"
# whether to consider a pre-release as the last release
# optional
# default: false
consider_prereleases = true

$ unreleased report -h

Usage: unreleased report [OPTIONS]

Options:
  -c, --config-path <PATH>      Path to the unreleased's file (defaults to <YOUR_CONFIG_DIR>/unreleased/unreleased.toml)
      --debug                   Output debug information without doing anything
  -f, --filter <REGEX>          Regex to use for filtering repos
  -o, --output-format <FORMAT>  Output format [default: stdout] [possible values: stdout, html]
      --stdout-plain            Whether to output text to stdout without color
      --html-output <PATH>      Path for the HTML output file [default: unreleased.html]
      --html-title <STRING>     Title for HTML report [default: unreleased]
      --html-template <PATH>    Path to custom HTML template file
  -h, --help                    Print help

stdout report

By default, unreleased prints its report to stdout.

HTML report

unreleased can also generate an HTML version of its report. Mine is deployed here.

🔐 Verifying release artifacts

In case you get the unreleased binary directly from a release, you may want to verify its authenticity. Checksums are applied to all released artifacts, and the resulting checksum file is attested using Github Attestations.

Steps to verify (replace A.B.C in the commands below with the version you want):

1. Download the sha256 checksum file for your platform from the release:

   curl -sSLO https://github.com/dhth/unreleased/releases/download/vA.B.C/unreleased-x86_64-unknown-linux-gnu.tar.xz.sha256

2. Verify the integrity of the checksum file using gh.

   gh attestation verify unreleased-x86_64-unknown-linux-gnu.tar.xz.sha256 --repo dhth/unreleased

3. Download the compressed archive you want, and validate its checksum:

   curl -sSLO https://github.com/dhth/unreleased/releases/download/vA.B.C/unreleased-x86_64-unknown-linux-gnu.tar.xz
   sha256sum --ignore-missing -c unreleased-x86_64-unknown-linux-gnu.tar.xz.sha256

4. If checksum validation goes through, uncompress the archive:

   tar -xzf unreleased-x86_64-unknown-linux-gnu.tar.xz
   cd unreleased-x86_64-unknown-linux-gnu
   ./unreleased -h
   # profit!