Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add GPG validation onboarding step #966

Merged
merged 1 commit into from
Jan 12, 2024
Merged

docs: add GPG validation onboarding step #966

merged 1 commit into from
Jan 12, 2024

Conversation

UlisesGascon
Copy link
Member

Related: #965

@UlisesGascon UlisesGascon marked this pull request as ready for review December 4, 2023 10:03
@UlisesGascon UlisesGascon mentioned this pull request Dec 4, 2023
Open
3 tasks
RafaelGSS
RafaelGSS approved these changes Dec 4, 2023
View reviewed changes
Copy link
Member

@RafaelGSS RafaelGSS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a tiny suggestion.

GOVERNANCE.md
@@ -150,6 +150,8 @@ After the nominee's first prepared release has been promoted the new releaser mu
* Be added to the GitHub [releasers team](https://github.com/orgs/nodejs/teams/releasers) in the Node.js org (grants ci-release access)
* Be added to the GitHub [security-release team](https://github.com/orgs/nodejs/teams/security-release) in the Node.js and nodejs-private orgs
* Have a single, high quality SSH key added to the "dist" user on the primary www server (see below for guidelines regarding SSH key quality)
* Add your GPG key to your GitHub account for verification. [Github Guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account).
* Check that the key is added in your profile: `https://github.com/your-username.gpg`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we check it using gh? So in the future, we could integrate it on @node-core/utils.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah! 100% possible I think as this is not a protected endpoint. Let me see If I can create a PR for it

@UlisesGascon UlisesGascon mentioned this pull request Dec 4, 2023
Draft
@leonardoadame
Copy link

docs/gpg-validation

marley1989
marley1989 approved these changes Jan 11, 2024
View reviewed changes
GOVERNANCE.md
@@ -150,6 +150,8 @@ After the nominee's first prepared release has been promoted the new releaser mu
* Be added to the GitHub [releasers team](https://github.com/orgs/nodejs/teams/releasers) in the Node.js org (grants ci-release access)
* Be added to the GitHub [security-release team](https://github.com/orgs/nodejs/teams/security-release) in the Node.js and nodejs-private orgs
* Have a single, high quality SSH key added to the "dist" user on the primary www server (see below for guidelines regarding SSH key quality)
* Add your GPG key to your GitHub account for verification. [Github Guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account).
* Check that the key is added in your profile: `https://github.com/your-username.gpg`

This comment was marked as off-topic.

Sign in to view

GOVERNANCE.md
@@ -150,6 +150,8 @@ After the nominee's first prepared release has been promoted the new releaser mu
* Be added to the GitHub [releasers team](https://github.com/orgs/nodejs/teams/releasers) in the Node.js org (grants ci-release access)
* Be added to the GitHub [security-release team](https://github.com/orgs/nodejs/teams/security-release) in the Node.js and nodejs-private orgs
* Have a single, high quality SSH key added to the "dist" user on the primary www server (see below for guidelines regarding SSH key quality)
* Add your GPG key to your GitHub account for verification. [Github Guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account).
* Check that the key is added in your profile: `https://github.com/your-username.gpg`
* Open a PR to add their GPG key to the nodejs/node [README.md](https://github.com/nodejs/node/#release-keys)
* Once landed, the key should be cherry-picked to all active release staging branches (i.e. the active `vMM.x-staging` branches).
* Any future updates to the key should also be cherry-picked to all active release staging branches.

This comment was marked as off-topic.

Sign in to view

@UlisesGascon
Copy link
Member Author

I will merge it, as seems that we are on the same page and it has been open for a while 👍

@UlisesGascon UlisesGascon merged commit 42e62dc into main Jan 12, 2024
@UlisesGascon UlisesGascon deleted the docs/gpg-validation branch January 12, 2024 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marley1989 marley1989 marley1989 approved these changes

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@richardlau richardlau richardlau approved these changes

@targos targos targos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@UlisesGascon @leonardoadame @targos @richardlau @RafaelGSS @marley1989