docs: update release+contrib documentation

Author: seansica

docs/CONTRIBUTING.md

@@ -1,22 +1,65 @@
 # Contributors
 
 ## Reporting Issues
-If you encounter an issue with the `mitreattack-python` library, please let us know by filing a [Github issue](https://github.com/mitre-attack/mitreattack-python/issues). When doing so, please make sure you provide the following information:
-* Describe (in detail as possible) what occurred and what you were expecting to occur. Any information you can provide, such stack traces or errors are very helpful.
-* Describe the steps necessary to replicate the issue.
-* Indicate your OS and python versions.
+
+If you encounter an issue with the `mitreattack-python` library, please let us know by filing a [GitHub issue](https://github.com/mitre-attack/mitreattack-python/issues). When doing so, please make sure you provide the following information:
+
+- Describe (in as much detail as possible) what occurred and what you were expecting to occur. Any information you can provide, such as stack traces or errors, is very helpful.
+- Describe the steps necessary to replicate the issue.
+- Indicate your OS and Python versions.
 
 ## Suggested New Features
-If you have an idea for a new feature for `mitreattack-python`, please let us know by filing a [Github issue](https://github.com/mitre-attack/mitreattack-python/issues). When doing so, please make sure you provide the following information:
-* Explain the functionality you are proposing, and its use case - what would it be useful for or allow you to do?
-* List what existing ATT&CK tools or resources map to the proposed functionality
-* If applicable, provide examples of other requests for the proposed functionality
+
+If you have an idea for a new feature for `mitreattack-python`, please let us know by filing a [GitHub issue](https://github.com/mitre-attack/mitreattack-python/issues). When doing so, please make sure you provide the following information:
+
+- Explain the functionality you are proposing, and its use case — what would it be useful for or allow you to do?
+- List what existing ATT&CK tools or resources map to the proposed functionality.
+- If applicable, provide examples of other requests for the proposed functionality.
 
 ## Developing
-If you want to work on the `mitreattack-python` library and contribute to its ongoing development, we welcome merge requests! You can set up an environment for development by following this process:
-1. Clone the repository - `git clone https://github.com/mitre-attack/mitreattack-python`.
-2. Create a virtual environment, and activate it - `python3 -m venv venv`/`. venv/bin/activate`.
-3. Install the appropriate python modules via pip - `pip install -r requirements-dev.txt`.
 
-### Merge Requests
-When making a merge request, please make sure to include a summary of what the changes are intended to do, functionality wise, and the testing performed to validate the changes (ideally in the form of new pytests integrated into the `tests/` collection, though this is not strictly required). In addition, the complete pytest test battery `tests/` must be passed without errors in order for any code to actually be merged. 
+We welcome pull requests! To set up a local development environment:
+
+### Prerequisites
+
+- [Python 3.11+](https://www.python.org/downloads/)
+- [uv](https://docs.astral.sh/uv/getting-started/installation/) — fast Python package manager
+- [just](https://github.com/casey/just#installation) — command runner (optional, but recommended)
+
+### Setup
+
+```bash
+# Clone the repository
+git clone https://github.com/mitre-attack/mitreattack-python
+cd mitreattack-python
+
+# Install all dependencies (including dev and docs extras)
+just install
+# or without just:
+uv sync --all-extras
+
+# (Optional) Install pre-commit hooks for local linting and commit message validation
+just setup-hooks
+# or without just:
+uv run pre-commit install
+uv run pre-commit install --hook-type commit-msg
+```
+
+### Common Commands
+
+Run `just` with no arguments to see all available commands. Here are the most common ones:
+
+```bash
+just lint          # Run pre-commit hooks (ruff format) on all files
+just test          # Run tests
+just test-cov      # Run tests with coverage report
+just build         # Build the package
+```
+
+### Pull Requests
+
+When making a pull request, please make sure to:
+
+- Include a summary of what the changes are intended to do and the testing performed to validate them (ideally in the form of new pytests in the `tests/` collection, though this is not strictly required).
+- **Use a [Conventional Commits](https://www.conventionalcommits.org) formatted PR title** (e.g., `feat: add new export format`, `fix: handle missing data sources`). PRs are squash-merged, so the PR title becomes the merge commit message — individual commit messages within the PR do not need to follow any convention.
+- All pytest tests in `tests/` must pass, and ruff linting/formatting checks must be clean.

docs/RELEASE.md

@@ -1,92 +1,63 @@
 # Release Process
 
-This guide walks maintainers through releasing a new version of **mitreattack-python**.
-The process uses [Poetry](https://python-poetry.org/) for dependency management and building,
-and [GitHub Actions](https://github.com/mitre-attack/mitreattack-python/actions) for automated linting, testing, and publishing to PyPI.
+Releases of **mitreattack-python** are fully automated. When commits are pushed (or squash-merged) to `main`, [Python Semantic Release (PSR)](https://python-semantic-release.readthedocs.io/) analyzes the commit messages and, if warranted, bumps the version, tags the release, creates a GitHub Release, and publishes the package to PyPI — all within the [CI pipeline](https://github.com/mitre-attack/mitreattack-python/actions).
 
-## 1. Prepare for Release
+## How It Works
 
-- Ensure all desired changes are merged into the `main` branch.
-- If releasing for a new ATT&CK version, update `LATEST_VERSION` in `mitreattack/release_info.py`.
+1. **Commit messages drive versioning.** We follow the [Conventional Commits](https://www.conventionalcommits.org) specification. PSR parses commit messages to determine the appropriate [SemVer](https://semver.org/) bump:
 
-## 2. Update Version and Metadata
+   | Commit prefix | Version bump | Example |
+   |---|---|---|
+   | `feat:` | Minor (`0.X.0`) | `feat: add analytics to excel output` |
+   | `fix:`, `perf:` | Patch (`0.0.X`) | `fix: handle missing data sources` |
+   | `BREAKING CHANGE` in footer, or `!` after type | Major (`X.0.0`) | `feat!: drop Python 3.10 support` |
+   | `build:`, `chore:`, `ci:`, `docs:`, `style:`, `refactor:`, `test:` | No release | `ci: update uv setup action` |
 
-- Run `cz bump --files-only`
-  - This will increment the version field in `pyproject.toml` and other places according to semantic versioning rules.
-  - It will also update the `CHANGELOG.md` with all commit messages that are compatible with [Conventional Commits](https://www.conventionalcommits.org).
-  - NOTE: You should double-check the generated `CHANGELOG.md` file and make sure it looks good.
-- Update other metadata as needed in `pyproject.toml` (dependencies, etc.).
-  - `poetry update --with dev --with docs`
+2. **PRs are squash-merged.** Individual commits within a PR do not need to follow conventional commits — only the PR title matters, as it becomes the squash merge commit message. The [`pr-title.yml`](../.github/workflows/pr-title.yml) workflow validates PR titles on open.
 
-## 3. Local Validation (Recommended)
+3. **On push to `main`, the CI pipeline** (`.github/workflows/ci.yml`) runs:
+   - **commitlint** — validates the squash merge commit message
+   - **lint** — ruff check and format verification
+   - **test** — pytest with coverage
+   - **release** — PSR evaluates commits since the last tag, bumps version, tags, and creates a GitHub Release with build artifacts
+   - **publish** — uploads the package to PyPI via trusted publishing (OIDC)
 
-Before tagging and pushing, validate the release locally. Following these steps:
+## For Maintainers
 
-```bash
-# Pre-requisite: Install Poetry if not already installed
-# https://python-poetry.org/docs/#installing-with-the-official-installer
-curl -sSL https://install.python-poetry.org | python3 -
+### Triggering a Release
+
+No manual steps are needed. Simply merge a PR to `main` with a conventional commit title that includes a release-triggering prefix (`feat:`, `fix:`, or `perf:`). PSR will handle the rest.
 
-# Clean previous builds
-rm -rf dist/
+### Pre-release Validation (Optional)
 
+If you want to validate locally before merging:
+
+```bash
 # Install dependencies (including dev tools)
-poetry install --with=dev
+just install
 
 # Lint and format
-poetry run ruff check
-poetry run ruff format --check
+just lint
 
-# Build docs
-# This is managed directly by the Readthedocs site which is configured to watch our repository, but we should test it locally too
-# https://app.readthedocs.org/projects/mitreattack-python/
-cd docs/
-poetry run python -m sphinx -T -b html -d _build/doctrees -D language=en . _build/html
-cd ..
-
-# Run tests
-poetry run pytest --cov=mitreattack --cov-report html
+# Run tests with coverage
+just test-cov
 
 # Build the package
-poetry build
+just build
 
 # (Optional) Validate wheel contents
-poetry run check-wheel-contents dist/
-
-# (Optional) Install locally and smoke test
-poetry run pip install --find-links=./dist mitreattack-python
-poetry run python -c "import mitreattack; print(mitreattack.__version__)"
-```
-
-## 4. Commit and Tag the Release
+uv run check-wheel-contents dist/
 
-Make sure that after the above local testing you commit all changes!
-
-Perform the following steps to tag the release and push to GitHub:
-
-```bash
-# Tag the release
-git tag -a "vX.Y.Z" -m "mitreattack-python version X.Y.Z"
-
-# Push the commit and tag
-git push
-git push --tags
+# (Optional) Dry run semantic release
+just release-dry-run
 ```
 
-## 5. Automated Publishing
-
-Once the tag is pushed to GitHub:
-
-- GitHub Actions will automatically lint, test, build, and publish the package to PyPI using the workflow in `.github/workflows/lint-publish.yml`.
-
-## 6. Verify Release
-
-Check the [GitHub Actions](https://github.com/mitre-attack/mitreattack-python/actions) for a successful workflow run.
+### Updating ATT&CK Version Metadata
 
-Confirm the new version is available on [PyPI](https://pypi.org/project/mitreattack-python/).
+If releasing for a new ATT&CK version, update `LATEST_VERSION` in `mitreattack/release_info.py` before merging.
 
 ## Notes
 
-- All build and publish steps are handled by GitHub Actions once you push the tag.
-- Manual local validation is optional but recommended before tagging.
-- Readthedocs is used for documentation builds. [Check the status here](https://app.readthedocs.org/projects/mitreattack-python/).
+- All build, release, and publish steps are handled by GitHub Actions — no manual tagging or uploading.
+- Version is tracked in `pyproject.toml` (`project.version`) and synced to `docs/conf.py` and `mitreattack/__init__.py` by PSR.
+- Documentation builds are managed by [ReadTheDocs](https://app.readthedocs.org/projects/mitreattack-python/), which watches the repository.