This document describes the checklist to publish a release for notation-go.
- Check if there are any security vulnerabilities fixed and security advisories published before a release. Security advisories should be linked on the release notes.
- Determine a SemVer2-valid version prefixed with the letter
v
for release. For example,version="v1.0.0-rc.1"
. - If there is new release in notation-core-go library that are required to be upgraded in notation-go, update the dependency versions in the follow
go.mod
andgo.sum
files of notation-go: - Open a bump up PR and submit the changes in step 3 to the notation-go repository.
- After PR from step 4 is merged. Create another PR to update the value of
signingAgent
defined in file signer/signer.go withnotation-go/<version>
, where<version>
is$version
from step 2 without thev
prefix. For example,notation-go/1.0.0-rc.1
. The commit message MUST follow the conventional commit and could bebump: release $version
. Record the digest of that commit as<commit_digest>
. This PR is also used for voting purpose of the new release. Add the link of change logs and repo-level maintainer list in the PR's description. The PR title could bebump: release $version
. Make sure to reach a majority of approvals from the repo-level maintainers before merging it. This PR MUST be merged using Create a merge commit method in GitHub. - After the voting PR is merged, execute
git clone https://github.com/notaryproject/notation-go.git
to clone the repository to your local file system. - Enter the cloned repository and execute
git checkout <commit_digest>
to switch to the specified branch based on the voting result. - Create a tag by running
git tag -am $version $version -s
. - Run
git tag
and ensure the desired tag name in the list looks correct, then push the new tag directly to the repository by runninggit push origin $version
. - On notation-go GitHub page, goto Tags. Your newly pushed tag should be shown on the top. Create a new release from the tag. Generate the release notes, revise the release description and change logs, and publish the release.
- Announce the new release in the Notary Project community.
- Check if there are any security vulnerabilities fixed and security advisories published before a release. Security advisories should be linked on the release notes.
- Determine a SemVer2-valid version prefixed with the letter
v
for release. For example,version="v1.2.0-rc.1"
. - If a new release branch is needed, from main branch's commit list, find the commit that you want to cut the release. Click
<>
(Browse repository at this point). Create branch with namerelease-<version>
from the commit, where<version>
is$version
from step 2 with the major and minor versions only. For examplerelease-1.2
. If the release branch already exists, skip this step. - If there is new release in notation-core-go library that are required to be upgraded in notation-go, update the dependency versions in the follow
go.mod
andgo.sum
files of notation-go: - Open a bump up PR and submit the changes in step 4 to the release branch.
- After PR from step 5 is merged. Create another PR to update the value of
signingAgent
defined in filesigner/signer.go
withnotation-go/<version>
, where<version>
is$version
from step 2 without thev
prefix. For example,notation-go/1.2.0-rc.1
. The commit message MUST follow the conventional commit and could bebump: release $version
. Record the digest of that commit as<commit_digest>
. This PR is also used for voting purpose of the new release. Add the link of change logs and repo-level maintainer list in the PR's description. The PR title could bebump: release $version
. Make sure to reach a majority of approvals from the repo-level maintainers before merging it. This PR MUST be merged using Create a merge commit method in GitHub. - After the voting PR is merged, execute
git clone https://github.com/notaryproject/notation-go.git
to clone the repository to your local file system. - Enter the cloned repository and execute
git checkout <commit_digest>
to switch to the specified branch based on the voting result. - Create a tag by running
git tag -am $version $version -s
. - Run
git tag
and ensure the desired tag name in the list looks correct, then push the new tag directly to the repository by runninggit push origin $version
. - On notation-go GitHub page, goto Tags. Your newly pushed tag should be shown on the top. Create a new release from the tag. Generate the release notes, revise the release description and change logs, and publish the release.
- Announce the new release in the Notary Project community.