feat: implement tag-based release workflow (#458)

Add football terminology naming convention and separate CI/CD pipelines.

Changes:
- Add CHANGELOG.md with A-Z football terminology naming table
- Add Release Management section to AGENTS.md
- Add Releases section to README.md with 3-step workflow
- Create node-ci.yml for CI only (no Docker publishing)
- Create node-cd.yml for tag-triggered CD:
  - Build/push Docker images (linux/amd64) to GHCR
  - Tag with semver, term name, and latest
  - Auto-generate changelog from commits
  - Create GitHub Releases with auto-generated notes
- Remove old node.js.yml (merge-based publishing)
- Add Node.js CD badge to README.md

Release format: v{MAJOR}.{MINOR}.{PATCH}-{TERM} (e.g., v1.0.0-assist ⚽)

Author: nanotaboada

.github/workflows/node-cd.yml

@@ -0,0 +1,137 @@
+# Continuous Deployment - Tag-based releases
+# Publishes Docker images and creates GitHub Releases
+
+name: Node.js CD
+
+on:
+  push:
+    tags:
+      - "v*.*.*-*"
+
+env:
+  NODE_VERSION: "lts/krypton"
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6.2.0
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: "npm"
+          cache-dependency-path: package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Compile application
+        run: npm run build
+
+      - name: Run tests with coverage
+        run: npm run coverage
+
+  release:
+    needs: test
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+        with:
+          fetch-depth: 0
+
+      - name: Extract version from tag
+        id: version
+        run: |
+          TAG_NAME=${GITHUB_REF#refs/tags/}
+          echo "tag=${TAG_NAME}" >> $GITHUB_OUTPUT
+          VERSION=$(echo ${TAG_NAME} | sed -E 's/^v([0-9]+\.[0-9]+\.[0-9]+)-.*/\1/')
+          echo "semver=${VERSION}" >> $GITHUB_OUTPUT
+          TERM=$(echo ${TAG_NAME} | sed -E 's/^v[0-9]+\.[0-9]+\.[0-9]+-(.+)/\1/')
+          echo "term=${TERM}" >> $GITHUB_OUTPUT
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3.7.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.12.0
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6.18.0
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64
+          provenance: false
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.semver }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.term }}
+
+      - name: Generate changelog
+        id: changelog
+        run: |
+          PREVIOUS_TAG=$(git tag --sort=-creatordate | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+-' | sed -n '2p')
+          if [ -z "$PREVIOUS_TAG" ]; then
+            CHANGELOG=$(git log --pretty=format:"- %s (%h)" --no-merges)
+          else
+            CHANGELOG=$(git log ${PREVIOUS_TAG}..HEAD --pretty=format:"- %s (%h)" --no-merges)
+          fi
+          echo "changelog<<EOF" >> $GITHUB_OUTPUT
+          echo "$CHANGELOG" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2.5.0
+        with:
+          name: ${{ steps.version.outputs.tag }} ⚽
+          body: |
+            ## Release ${{ steps.version.outputs.semver }} - ${{ steps.version.outputs.term }} ⚽
+
+            ### 📦 Docker Images
+
+            Pull this release:
+
+            ```bash
+            # By semantic version (recommended)
+            docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.semver }}
+
+            # By term name
+            docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.term }}
+
+            # Latest
+            docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+            ```
+
+            ### 📝 Changes
+
+            ${{ steps.changelog.outputs.changelog }}
+
+            ### 🔗 Links
+
+            - [CHANGELOG.md](https://github.com/${{ github.repository }}/blob/master/CHANGELOG.md)
+            - [Docker Image](${{ env.REGISTRY }}/${{ env.IMAGE_NAME }})
+            - [API Documentation](https://github.com/${{ github.repository }}#api-endpoints)
+          generate_release_notes: true
+          draft: false
+          prerelease: false

.github/workflows/node.js.yml .github/workflows/node-ci.yml.github/workflows/node.js.yml renamed to .github/workflows/node-ci.yml

@@ -102,39 +102,3 @@ jobs:
         uses: codacy/codacy-coverage-reporter-action@v1.3.0
         with:
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
-
-  container:
-    needs: coverage
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
-
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6.0.2
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v3.7.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.12.0
-
-      - name: Build and push Docker image to GitHub Container Registry
-        uses: docker/build-push-action@v6.18.0
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64
-          provenance: false
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          tags: |
-            ghcr.io/${{ github.repository }}:latest
-            ghcr.io/${{ github.repository }}:sha-${{ github.sha }}

AGENTS.md

@@ -1,8 +1,8 @@
 # AGENTS.md
 
-> **⚡ Token Efficiency Note**: This file contains complete operational instructions (~2,500 tokens).  
-> **Auto-loaded**: NO (load explicitly with `#file:AGENTS.md` when you need detailed procedures)  
-> **When to load**: Complex workflows, troubleshooting, CI/CD setup, detailed architecture questions  
+> **⚡ Token Efficiency Note**: This file contains complete operational instructions (~2,500 tokens).
+> **Auto-loaded**: NO (load explicitly with `#file:AGENTS.md` when you need detailed procedures)
+> **When to load**: Complex workflows, troubleshooting, CI/CD setup, detailed architecture questions
 > **Related files**: See `#file:.github/copilot-instructions.md` for quick context (auto-loaded, ~500 tokens)
 
 ---
@@ -70,11 +70,13 @@ npx tsc --noEmit
 ```
 
 **Pre-commit checklist**:
+
 1. Run `npm run lint` - must pass with no errors
 2. Run `npx tsc --noEmit` - must pass type checking
 3. Run `npm run coverage` - all tests must pass with coverage
 
 **Style rules**:
+
 - ESLint configuration in `eslint.config.mjs`
 - Prettier configuration in `.prettierrc`
 - TypeScript strict mode enabled in `tsconfig.json`
@@ -134,20 +136,106 @@ curl http://localhost:9000/health
 
 **First run behavior**: Container initializes SQLite database with seed data. Volume persists data between runs.
 
+## Release Management
+
+### CHANGELOG Maintenance
+
+**Important**: Update CHANGELOG.md continuously as you work, not just before releases.
+
+**For every meaningful commit**:
+
+1. Add your changes to the `[Unreleased]` section in CHANGELOG.md
+2. Categorize under the appropriate heading:
+   - **Added**: New features
+   - **Changed**: Changes in existing functionality
+   - **Deprecated**: Soon-to-be removed features
+   - **Removed**: Removed features
+   - **Fixed**: Bug fixes
+   - **Security**: Security vulnerability fixes
+3. Use clear, user-facing descriptions (not just commit messages)
+4. Include PR/issue numbers when relevant (#123)
+
+**Example**:
+
+```markdown
+## [Unreleased]
+
+### Added
+- User authentication with JWT tokens (#145)
+- Rate limiting middleware for API endpoints
+
+### Deprecated
+- Legacy authentication endpoint /api/v1/auth (use /api/v2/auth instead)
+
+### Fixed
+- Null reference exception in player service (#147)
+
+### Security
+- Fix SQL injection vulnerability in search endpoint (#148)
+```
+
+### Creating a Release
+
+When ready to release:
+
+1. **Update CHANGELOG.md**: Move items from `[Unreleased]` to a new versioned section:
+
+   ```markdown
+   ## [1.1.0 - bicyclekick] - YYYY-MM-DD
+   ```
+
+   Commit and push this change before creating the tag.
+
+2. **Create and push tag**:
+
+   ```bash
+   git tag -a v1.1.0-bicyclekick -m "Release 1.1.0 - Bicycle-kick"
+   git push origin v1.1.0-bicyclekick
+   ```
+
+3. **CD workflow runs automatically** to publish Docker images and create GitHub Release
+
+See [CHANGELOG.md](CHANGELOG.md#how-to-release) for complete release instructions and football terminology naming convention.
+
 ## CI/CD Pipeline
 
-### Continuous Integration (node.js.yml)
+### Continuous Integration (node-ci.yml)
 
-**Trigger**: Push to `main`/`master` or PR
+**Trigger**: Push to `master` or PR
 
 **Jobs**:
+
 1. **Setup**: Node.js 24 installation, npm ci (clean install)
 2. **Lint**: ESLint + commitlint validation
 3. **Build**: TypeScript compilation (`npm run build`)
 4. **Test**: Jest with coverage report
 5. **Coverage**: Upload to Codecov and Codacy
 
+**Note**: CI only validates code - it does NOT publish Docker images.
+
+### Continuous Deployment (node-cd.yml)
+
+**Trigger**: Version tags in format `v{MAJOR}.{MINOR}.{PATCH}-{TERM}`
+
+Example:
+
+```bash
+git tag -a v1.0.0-assist -m "Release 1.0.0 - Assist"
+git push origin v1.0.0-assist
+```
+
+**Pipeline automatically**:
+
+- Runs full test suite with coverage
+- Builds multi-stage Docker image
+- Pushes to GHCR with multiple tags (version, term name, latest)
+- Generates changelog from commits
+- Creates GitHub Release with auto-generated notes
+
+**Football terminology convention**: Alphabetically ordered codenames (assist, bicyclekick, corner, etc.)
+
 **Local validation** (run this before pushing):
+
 ```bash
 # Matches CI exactly
 npm run lint && \
@@ -192,6 +280,7 @@ tests/                  # Integration tests
 ```
 
 **Key patterns**:
+
 - Native ESM (not CommonJS) - uses `import/export`
 - TypeScript strict mode - full type safety
 - Sequelize ORM for database operations
@@ -215,12 +304,14 @@ DB_PATH=./storage/players.db
 ## Troubleshooting
 
 ### Port already in use
+
 ```bash
 # Kill process on port 9000
 lsof -ti:9000 | xargs kill -9
 ```
 
 ### Module import errors
+
 ```bash
 # Clean install dependencies
 rm -rf node_modules package-lock.json
@@ -231,6 +322,7 @@ node --version  # Should be v24.x
 ```
 
 ### TypeScript compilation errors
+
 ```bash
 # Clean build artifacts
 rm -rf dist/
@@ -243,6 +335,7 @@ npx tsc --noEmit
 ```
 
 ### Database locked errors
+
 ```bash
 # Stop all running instances
 pkill -f "node dist/server.js"
@@ -253,6 +346,7 @@ rm storage/players.db
 ```
 
 ### Jest test failures
+
 ```bash
 # Clear Jest cache
 npx jest --clearCache
@@ -262,6 +356,7 @@ npm test -- --verbose
 ```
 
 ### Docker issues
+
 ```bash
 # Clean slate
 npm run docker:down
@@ -272,12 +367,15 @@ npm run docker:up
 ## Testing the API
 
 ### Using Swagger UI (Recommended)
-Open http://localhost:9000/api-docs - Interactive documentation with "Try it out"
+
+Open <http://localhost:9000/api-docs> - Interactive documentation with "Try it out"
 
 ### Using Postman
+
 Pre-configured collection available in `postman-collections/`
 
 ### Using curl
+
 ```bash
 # Health check
 curl http://localhost:9000/health