It sounds like you are bypassing normal conventions just to avoid process overhead/audits. That... strikes me as concerning.
What you are doing is effectively making an extra version number (your minor PCI digit) somewhat intentionally in order to move your feature/minor version numbers back a place, to no longer trigger your internal audit criteria.
Anyways, getting to your question about semantic versioning, the spec for Semantic Versioning states:
Given a version number MAJOR.MINOR.PATCH, increment the:
- MAJOR version when you make incompatible API changes,
- MINOR version when you add functionality in a backwards-compatible manner, and
- PATCH version when you make backwards-compatible bug fixes.
- Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
Emphasis mine.
So the question is, are you using the fourth character for pre-release/build metadata? Or is it basically another version indication that you are releasing?
If "yes" then semantic versioning's spec does allow for it. If "no" then you technically are not following semantic versioning.
And as a higher-level and more arguable side question, does it really even matter?
Whether you want to rigidly follow it or not is a decision you and your team have to make. The purpose of semantic versioning is to help with API compatibility:
Bug fixes not affecting the API increment the patch version, backwards compatible API additions/changes increment the minor version, and backwards incompatible API changes increment the major version.
I call this system "Semantic Versioning." Under this scheme, version numbers and the way they change convey meaning about the underlying code and what has been modified from one version to the next.
It's a system that helps make it more clear when versioning affects downstream users of the API.
As long as your API is similarly clear it's not a huge deal which way you choose. Semantic versioning just happens to be straightforward, for example if I'm using 3.4.2 and need to upgrade to 3.4.10 I know I can do so without breaking anything. If the new version is 3.5.1 I know it's backwards compatible. And I know version 4.0.1 would be a breaking change.
That's all part of what the version numbers mean.
@enderland Yes basically. MAJOR(PCI).MINOR(PCI).FEATURE.HOTFIX+BUILD. We're basically only allowed to change the 3rd and 4th component without getting PCI (and subsequently the PCI overlords at the company) involved. To me it feels like this is a bit contrived, I am not sure they are justified in the way they manage the version number, but I do not know enough about PCI and audit process to say otherwise.
Ok, this is fine. You have a system which works for you and meets your needs. That's the point of versioning.
If your API is private (only internally facing) it really doesn't matter how you version as long as it makes sense to you and everyone using it. Where versioning in a standard format matters is when you have many other consumers of your API that need to know "what does this version mean?"
Having an arbitrary versioning system will confuse people who are used to other systems, such as semantic versioning. But if no-one is really using your versioning system except the people creating it - it doesn't really matter.
Best Answer
The semantic versioning rules are applied to your software from the perspective of your users. If your API has changed and is not backwards-compatible, you should update your major version number. It sounds like this isn't the case, though. It sounds like your API hasn't changed - clients who were using your previous version can simply drop in the new version without any other changes. This would be a minor version increase.
This is confirmed in the Semantic Versioning FAQ:
Based on the comments, it appears you are using Semantic Versioning for an application. This isn't a typical use case. Semantic Versioning is designed for APIs and libraries. Another question here on Software Engineering Stack Exchange addresses the use of Semantic Versioning in applications.
In the instance of a GUI-based application, the GUI is your public interface. I would use definitions like this:
If you add functionality without changing any existing workflows, it's a minor version. If you change existing workflows, it's a major version. Patch versions are bug fixes that do not change how users interact with your software.