gamosoft
diff --git a/‎.github/workflows/docker-publish.yml‎
Lines changed: 70 additions & 12 deletions b/‎.github/workflows/docker-publish.yml‎
Lines changed: 70 additions & 12 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 1 deletion b/‎.gitignore‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile‎
Lines changed: 3 additions & 2 deletions b/‎Dockerfile‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 42 additions & 23 deletions b/‎README.md‎
Lines changed: 42 additions & 23 deletions
@@ -1,12 +1,6 @@
 name: Build and Push Docker Image to GHCR
 
 on:
-  pull_request:
-    types:
-      - closed
-    branches:
-      - main
-      - master
   push:
     tags:
       - 'v*.*.*'
@@ -18,19 +12,16 @@ env:
 
 jobs:
   build-and-push:
-    # Only run if PR was merged (not just closed) or if triggered by tag/manual
-    if: |
-      (github.event_name == 'pull_request' && github.event.pull_request.merged == true) ||
-      github.event_name == 'push' ||
-      github.event_name == 'workflow_dispatch'
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       packages: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetch all history for release notes
 
       - name: Set up QEMU for multi-architecture builds
         uses: docker/setup-qemu-action@v3
@@ -73,3 +64,70 @@ jobs:
       - name: Image digest
         run: echo "Image pushed with digest ${{ steps.build-push.outputs.digest }}"
 
+      - name: Generate release notes
+        id: release_notes
+        run: |
+          # Get the previous tag
+          PREVIOUS_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
+          
+          # Generate commit log - extract PR descriptions from merge commits
+          if [ -z "$PREVIOUS_TAG" ]; then
+            # First release, get only merge commits (PR merges)
+            RAW_COMMITS=$(git log --merges --pretty=format:"%s|||%b|||%h" --first-parent)
+          else
+            # Get merge commits since last tag
+            RAW_COMMITS=$(git log ${PREVIOUS_TAG}..HEAD --merges --pretty=format:"%s|||%b|||%h" --first-parent)
+          fi
+          
+          # Process commits to extract meaningful messages
+          COMMITS=""
+          while IFS= read -r line; do
+            if [ -n "$line" ]; then
+              SUBJECT=$(echo "$line" | cut -d'|' -f1)
+              BODY=$(echo "$line" | cut -d'|' -f4 | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+              HASH=$(echo "$line" | cut -d'|' -f7)
+              
+              # If body exists and is not empty, use it; otherwise use subject
+              if [ -n "$BODY" ] && [ "$BODY" != "" ]; then
+                # Capitalize first letter of body
+                MESSAGE=$(echo "$BODY" | sed 's/^./\U&/')
+                COMMITS="${COMMITS}- ${MESSAGE} (${HASH})"$'\n'
+              else
+                COMMITS="${COMMITS}- ${SUBJECT} (${HASH})"$'\n'
+              fi
+            fi
+          done <<< "$RAW_COMMITS"
+          
+          # Create release notes
+          echo "## What's Changed" > release_notes.md
+          echo "" >> release_notes.md
+          if [ -z "$COMMITS" ]; then
+            echo "- Minor updates and improvements" >> release_notes.md
+          else
+            echo "$COMMITS" >> release_notes.md
+          fi
+          echo "" >> release_notes.md
+          echo "## Docker Images" >> release_notes.md
+          echo "" >> release_notes.md
+          echo "This release is available as a Docker image:" >> release_notes.md
+          echo '```bash' >> release_notes.md
+          echo "docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${GITHUB_REF_NAME#v}" >> release_notes.md
+          echo '```' >> release_notes.md
+          echo "" >> release_notes.md
+          if [ -z "$PREVIOUS_TAG" ]; then
+            echo "**Full Changelog**: https://github.com/${{ github.repository }}/commits/${GITHUB_REF_NAME}" >> release_notes.md
+          else
+            echo "**Full Changelog**: https://github.com/${{ github.repository }}/compare/${PREVIOUS_TAG}...${GITHUB_REF_NAME}" >> release_notes.md
+          fi
+          
+          cat release_notes.md
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          body_path: release_notes.md
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
@@ -28,7 +28,7 @@ env/
 .venv
 
 # Data directories
-search_index/
+data/
 *.db
 *.sqlite
 
 
@@ -27,9 +27,10 @@ COPY frontend ./frontend
 COPY config.yaml .
 COPY plugins ./plugins
 COPY themes ./themes
+COPY generate_password.py .
 
-# Create data directories
-RUN mkdir -p data/notes data/search_index
+# Create data directory
+RUN mkdir -p data
 
 # Expose port
 EXPOSE 8000
 
@@ -32,6 +32,7 @@ NoteDiscovery is a **lightweight, self-hosted note-taking application** that put
 ### Key Benefits
 
 - 🔒 **Total Privacy** - Your notes never leave your server
+- 🔐 **Optional Authentication** - Simple password protection for self-hosted deployments
 - 💰 **Zero Cost** - No subscriptions, no hidden fees
 - 🚀 **Fast & Lightweight** - Instant search and navigation
 - 🎨 **Beautiful Themes** - Multiple themes, easy to customize
@@ -47,20 +48,21 @@ NoteDiscovery is a **lightweight, self-hosted note-taking application** that put
 
 Use the pre-built image directly from GHCR - no building required!
 
-> **💡 Tip**: Always use `ghcr.io/gamosoft/notediscovery:latest` to get the newest features and fixes. Images are automatically built when PRs are merged to main.
+> **💡 Tip**: Always use `ghcr.io/gamosoft/notediscovery:latest` to get the newest features and fixes.
 
 > **📁 Important - Volume Mapping**: The container needs local folders/files to work:
-> - **Required**: `data` folder (your notes will be stored here)
-> - **Required**: `themes` folder with theme `.css` files (at least light.css and dark.css)
+> - **Required**: `data` folder - **Your personal notes** will be stored here (create an empty folder)
+> - **Required**: `themes` folder with theme `.css` files (at least a single theme must exist)
 > - **Required**: `plugins` folder (can be empty for basic functionality)
 > - **Required**: `config.yaml` file (needed for the app to run)
+> - **Optional**: `documentation` folder - If you cloned the repo, mount this to view app docs inside NoteDiscovery
 > 
 > **Setup Options:**
 > 
 > 1. **Minimal** (quick test - download just the essentials):
 >    ```bash
 >    # Linux/macOS
->    mkdir -p data plugins themes
+>    mkdir -p data plugins themes  # data/ is for YOUR notes
 >    curl -O https://raw.githubusercontent.com/gamosoft/notediscovery/main/config.yaml
 >    # Download at least light and dark themes
 >    curl -o themes/light.css https://raw.githubusercontent.com/gamosoft/notediscovery/main/themes/light.css
@@ -69,20 +71,23 @@ Use the pre-built image directly from GHCR - no building required!
 >    
 >    ```powershell
 >    # Windows PowerShell
->    mkdir data, plugins, themes -Force
+>    mkdir data, plugins, themes -Force  # data\ is for YOUR notes
 >    Invoke-WebRequest -Uri https://raw.githubusercontent.com/gamosoft/notediscovery/main/config.yaml -OutFile config.yaml
 >    # Download at least light and dark themes
 >    Invoke-WebRequest -Uri https://raw.githubusercontent.com/gamosoft/notediscovery/main/themes/light.css -OutFile themes/light.css
 >    Invoke-WebRequest -Uri https://raw.githubusercontent.com/gamosoft/notediscovery/main/themes/dark.css -OutFile themes/dark.css
 >    ```
 > 
-> 2. **Full Setup** (recommended - includes all themes, plugins, sample notes):
+> 2. **Full Setup** (recommended - includes all themes, plugins, and documentation):
 >    ```bash
 >    git clone https://github.com/gamosoft/notediscovery.git
 >    cd notediscovery
->    # Now you have everything - run docker-compose below
+>    # The data/ folder is empty - for your personal notes
+>    # The documentation/ folder has app docs you can optionally mount
 >    ```
 
+> **🔐 Security Note**: Authentication is **disabled by default** with password `admin`. For testing/local use, this is fine. If exposing to a network, **change the password immediately** - see [AUTHENTICATION.md](documentation/AUTHENTICATION.md) for instructions on how to enable it.
+
 **Option 1: Docker Compose (Recommended)**
 
 > 💡 **Multi-Architecture Support**: Docker images are available for both `x86_64` and `ARM64` (Raspberry Pi, Apple Silicon, etc.)
@@ -95,6 +100,7 @@ curl -O https://raw.githubusercontent.com/gamosoft/notediscovery/main/docker-com
 docker-compose -f docker-compose.ghcr.yml up -d
 
 # Access at http://localhost:8000
+# Login with default password: admin
 
 # View logs
 docker-compose -f docker-compose.ghcr.yml logs -f
@@ -197,15 +203,25 @@ python run.py
 Want to learn more? **The full documentation lives inside the app as interactive notes!**
 
 Once you've started NoteDiscovery, you'll find comprehensive guides on:
-- 🎨 **THEMES.md** - Theme customization and creating custom themes
-- ✨ **FEATURES.md** - Complete feature list and keyboard shortcuts
-- 🧮 **MATHJAX.md** - LaTeX/Math notation examples and syntax reference
-- 🔌 **PLUGINS.md** - Plugin system and available plugins
-- 🌐 **API.md** - REST API documentation and examples
-
-**Can't wait to start the app?** Browse the documentation notes directly on GitHub in the [`data/notes/`](data/notes/) folder!
+- 🎨 **[THEMES.md](documentation/THEMES.md)** - Theme customization and creating custom themes
+- ✨ **[FEATURES.md](documentation/FEATURES.md)** - Complete feature list and keyboard shortcuts
+- 🧮 **[MATHJAX.md](documentation/MATHJAX.md)** - LaTeX/Math notation examples and syntax reference
+- 🔌 **[PLUGINS.md](documentation/PLUGINS.md)** - Plugin system and available plugins
+- 🌐 **[API.md](documentation/API.md)** - REST API documentation and examples
+- 🔐 **[AUTHENTICATION.md](documentation/AUTHENTICATION.md)** - Enable password protection for your instance
+
+**Can't wait to start the app?** Browse the documentation notes directly on GitHub in the [`documentation/`](documentation/) folder!
+
+💡 **Pro Tip:** If you clone this repository, you can mount the `documentation/` folder to view these docs inside the app:
+
+```yaml
+# In your docker-compose.yml
+volumes:
+  - ./data:/app/data              # Your personal notes
+  - ./documentation:/app/data/docs:ro  # Mount docs subfolder inside the data folder (read-only)
+```
 
-💡 **Tip:** These documentation files are regular markdown notes—edit them, add your own notes, or use them as templates. It's your knowledge base!
+Then access them at `http://localhost:8000` - the docs will appear as a `docs/` folder in the file browser!
 
 ## 💖 Support Development
 
@@ -217,18 +233,21 @@ NoteDiscovery is designed for **self-hosted, private use**. Please keep these se
 
 ### Network Security
 - ⚠️ **Do NOT expose directly to the internet** without additional security measures
-- Run behind a reverse proxy (nginx, Caddy) with HTTPS and authentication if needed
+- Run behind a reverse proxy (nginx, Caddy) with HTTPS for production use
 - Keep it on your local network or use a VPN for remote access
 - By default, the app listens on `0.0.0.0:8000` (all network interfaces)
 
-### No Built-in Authentication
-- The app has **no authentication by design** (single-user, self-hosted)
-- Anyone with network access can read and modify your notes
-- Use network-level security (firewall, VPN) for access control
-- Consider adding authentication via reverse proxy if needed
+### Authentication
+- **Password protection is ENABLED by default** with password: `admin`
+- ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network!
+- See **[AUTHENTICATION.md](documentation/AUTHENTICATION.md)** for complete setup instructions
+- To disable auth, set `security.enabled: false` in `config.yaml`
+- Change password with Docker: `docker-compose exec notediscovery python generate_password.py`
+- Perfect for single-user or small team deployments
+- For multi-user setups, consider a reverse proxy with OAuth/SSO
 
 ### Data Privacy
-- Your notes are stored as **plain text markdown files** in `data/notes/`
+- Your notes are stored as **plain text markdown files** in the `data/` folder
 - No data is sent to external services
 - Regular backups are recommended
 
@@ -239,7 +258,7 @@ NoteDiscovery is designed for **self-hosted, private use**. Please keep these se
 - Review and audit any plugins you install
 - Set appropriate file permissions on the `data/` directory
 
-**TL;DR**: Perfect for personal use on your local machine or home network. Add a reverse proxy with authentication if exposing to wider networks.
+**TL;DR**: Perfect for personal use on your local machine or home network. Enable built-in password protection if needed, or use a reverse proxy with authentication if exposing to wider networks.
 
 ## 📄 License