From dd996939e6bb7e7a58649158a1679e424ff8c63f Mon Sep 17 00:00:00 2001
From: matt <matt.adam.wisnowski@gmail.com>
Date: Thu, 2 Apr 2026 10:47:33 -0700
Subject: [PATCH] chore: prepare release 4.5.3

---
 .env.example                 |  2 +-
 CHANGELOG.md                 |  3 +++
 RELEASE_NOTES_TEMPLATE.md    |  3 +++
 docker-compose.yml           |  2 +-
 dockerhub-docker-compose.yml |  2 +-
 docs/releases/v4.5.3.md      | 17 +++++++++++++++++
 pyproject.toml               |  2 +-
 7 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 docs/releases/v4.5.3.md

diff --git a/.env.example b/.env.example
index 6637455..0af064c 100644
--- a/.env.example
+++ b/.env.example
@@ -13,7 +13,7 @@
 # HOST=0.0.0.0                       # Uvicorn bind host (only when APP_MODE=web).
 # PORT=8080                          # Uvicorn port.
 # WORKERS=1                          # Uvicorn worker count.
-APP_VERSION=v4.5.2                 # Matches dockerhub compose.
+APP_VERSION=v4.5.3                 # Matches dockerhub compose.
 
 ############################
 # Theming
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4da5b1e..f505fe0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,9 @@ This format follows Keep a Changelog principles and aims for Semantic Versioning
 - Link PRs/issues inline when helpful, e.g., (#123) or [#123]. Reference-style links at the bottom are encouraged for readability.
 
 ## [Unreleased]
+_No unreleased changes yet._
+
+## [4.5.3] - 2026-04-02
 ### Added
 - **SBOM & supply chain provenance**: Every tagged release now attaches source SBOMs (SPDX + CycloneDX JSON) for Python dependencies and a CycloneDX container image SBOM to the GitHub Release assets. Build provenance attestations (SLSA-style) are published for the multi-arch Docker image via the GitHub Attestations API. `provenance: mode=max` is enabled on all arch builds.
 
diff --git a/RELEASE_NOTES_TEMPLATE.md b/RELEASE_NOTES_TEMPLATE.md
index d63bc20..73a6132 100644
--- a/RELEASE_NOTES_TEMPLATE.md
+++ b/RELEASE_NOTES_TEMPLATE.md
@@ -1,6 +1,9 @@
 # MTG Python Deckbuilder
 
 ## [Unreleased]
+_No unreleased changes yet._
+
+## [4.5.3] - 2026-04-02
 ### Added
 - **SBOM & supply chain provenance**: Every tagged release now attaches source SBOMs (SPDX + CycloneDX JSON) for Python dependencies and a CycloneDX container image SBOM to the GitHub Release assets. Build provenance attestations (SLSA-style) are published for the multi-arch Docker image via the GitHub Attestations API. `provenance: mode=max` is enabled on all arch builds.
 
diff --git a/docker-compose.yml b/docker-compose.yml
index c9512cc..24ec490 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -144,7 +144,7 @@ services:
       # WEB_THEME_FILTER_PREWARM: "0"
       WEB_AUTO_ENFORCE: "0"         # 1=auto-run compliance export after builds
       WEB_CUSTOM_EXPORT_BASE: ""    # Optional: custom base dir for deck export artifacts
-      APP_VERSION: "v4.5.2"         # Displayed version label (set per release/tag)
+      APP_VERSION: "v4.5.3"         # Displayed version label (set per release/tag)
 
       # ------------------------------------------------------------------
       # Misc / Land Selection (Step 7) Environment Tuning
diff --git a/dockerhub-docker-compose.yml b/dockerhub-docker-compose.yml
index 26c7d30..b215fea 100644
--- a/dockerhub-docker-compose.yml
+++ b/dockerhub-docker-compose.yml
@@ -146,7 +146,7 @@ services:
       # WEB_THEME_FILTER_PREWARM: "0"
       WEB_AUTO_ENFORCE: "0"         # 1=auto-run compliance export after builds
       WEB_CUSTOM_EXPORT_BASE: ""    # Optional: custom base dir for deck export artifacts
-      APP_VERSION: "v4.5.2"         # Displayed version label (set per release/tag)
+      APP_VERSION: "v4.5.3"         # Displayed version label (set per release/tag)
 
       # ------------------------------------------------------------------
       # Misc / Land Selection (Step 7) Environment Tuning
diff --git a/docs/releases/v4.5.3.md b/docs/releases/v4.5.3.md
new file mode 100644
index 0000000..99d2891
--- /dev/null
+++ b/docs/releases/v4.5.3.md
@@ -0,0 +1,17 @@
+# MTG Python Deckbuilder v4.5.3
+
+## Added
+- **SBOM & supply chain provenance**: Every tagged release now attaches source SBOMs (SPDX + CycloneDX JSON) for Python dependencies and a CycloneDX container image SBOM to the GitHub Release assets. Build provenance attestations (SLSA-style) are published for the multi-arch Docker image via the GitHub Attestations API. `provenance: mode=max` is enabled on all arch builds.
+
+### Verifying attestations
+
+```bash
+gh attestation verify oci://docker.io/mwisnowski/mtg-python-deckbuilder:latest \
+  --repo mwisnowski/mtg_python_deckbuilder
+```
+
+### Inspecting an SBOM
+
+```bash
+syft convert sbom-source.cyclonedx.json -o table
+```
diff --git a/pyproject.toml b/pyproject.toml
index 2c73b99..0946d6b 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,7 +5,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "mtg-deckbuilder"
-version = "4.5.2"
+version = "4.5.3"
 description = "A command-line tool for building and analyzing Magic: The Gathering decks"
 readme = "README.md"
 license = {file = "LICENSE"}