Adapt release workflow to produce signed releases (#2720)

This commit is contained in:
Patrick Ziegler 2022-05-09 17:00:14 +02:00 committed by GitHub
parent 1f55eaf73d
commit 1ee11f7c9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 10 deletions

View File

@ -41,6 +41,7 @@ for their desktop environment, without the need of having a black belt in shell
* [Sponsors](#sponsors) * [Sponsors](#sponsors)
* [Backers](#backers) * [Backers](#backers)
* [License](#license) * [License](#license)
* [Signatures](#signatures)
## Introduction ## Introduction
@ -236,3 +237,9 @@ Polybar accepts donations through [open collective](https://opencollective.com/p
## License ## License
Polybar is licensed under the MIT license. [See LICENSE for more information](https://github.com/polybar/polybar/blob/master/LICENSE). Polybar is licensed under the MIT license. [See LICENSE for more information](https://github.com/polybar/polybar/blob/master/LICENSE).
## Signatures
Release archives and tags are signed by a maintainer using GPG. Currently
everything is signed by [Patrick Ziegler](https://www.patrickziegler.ch/gpg)
with fingerprint `1D5791352D51A228D4DDDBA4521E5E03AEBCA1A7`

View File

@ -114,9 +114,16 @@ as follows:
* A draft PR is opened for the release branch. This PR MUST NOT be merged in * A draft PR is opened for the release branch. This PR MUST NOT be merged in
GitHub's interface, it is only here for review, merging happens at the GitHub's interface, it is only here for review, merging happens at the
commandline. commandline.
* A `draft release`_ is created in GitHub's release publishing tools * After approval, a signed git tag is created locally at the tip of the release
* After approval, the GitHub release publishing tool is used to publish the branch and pushed:
release and tag the tip of the release branch (the release commit).
.. code-block:: shell
git tag -s X.Y.Z <release-branch>
git push --tags
* A `draft release`_ targetting the new tag is created in GitHub's release
publishing tools and published.
* After the tag is created, the release branch is manually merged into * After the tag is created, the release branch is manually merged into
``master``. ``master``.
Here it is vitally important that the history of the release branch does not Here it is vitally important that the history of the release branch does not
@ -193,8 +200,8 @@ Draft Release
On `GitHub <https://github.com/polybar/polybar/releases/new>`_ a new release On `GitHub <https://github.com/polybar/polybar/releases/new>`_ a new release
should be drafted. should be drafted.
The release targets the tip of the release branch (the release commit), the The release targets the git tag that was just pushed, the name of the release
name of the release and the tag is simply the release number. and the tag is simply the release number.
The content of the release message should contain the changelog copied from The content of the release message should contain the changelog copied from
``CHANGELOG.md`` under the heading ``## Changelog``. ``CHANGELOG.md`` under the heading ``## Changelog``.
@ -205,6 +212,7 @@ The generated list of PRs can be removed.
After-Release Checklist After-Release Checklist
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~
* Verify the release archive (see `Verify Release`_)
* Make sure all the new functionality is documented on the wiki * Make sure all the new functionality is documented on the wiki
* Mark deprecated features appropriately (see `Deprecations`_) * Mark deprecated features appropriately (see `Deprecations`_)
* Remove all unreleased notes from the wiki (not for patch releases) * Remove all unreleased notes from the wiki (not for patch releases)
@ -212,11 +220,6 @@ After-Release Checklist
<https://github.com/polybar/polybar/issues/1971>`_. Mention any dependency <https://github.com/polybar/polybar/issues/1971>`_. Mention any dependency
changes and any changes to the build workflow. Also mention any new files are changes and any changes to the build workflow. Also mention any new files are
created by the installation. created by the installation.
* Confirm that the release archive was added to the release.
We have a GitHub action workflow called 'Release Workflow' that on every
release automatically creates a release archive, uploads it to the release,
and adds a 'Download' section to the release body.
If this fails for some reason, it should be triggered manually.
* Create a PR that updates the AUR ``PKGBUILD`` file for the ``polybar-git`` * Create a PR that updates the AUR ``PKGBUILD`` file for the ``polybar-git``
package (push after the release archive is uploaded). package (push after the release archive is uploaded).
* Close the `GitHub Milestone <https://github.com/polybar/polybar/milestones>`_ * Close the `GitHub Milestone <https://github.com/polybar/polybar/milestones>`_
@ -226,6 +229,24 @@ After-Release Checklist
previous versions for the same minor release (e.g. for 3.5.4, deactivate all previous versions for the same minor release (e.g. for 3.5.4, deactivate all
other 3.5.X versions). other 3.5.X versions).
Verify Release
~~~~~~~~~~~~~~
Confirm that the release archive was added to the release.
We have a GitHub action workflow called 'Release Workflow' that on every
release automatically creates a release archive, uploads it to the release,
and adds a 'Download' section to the release body.
If this fails for some reason, it should be triggered manually.
Afterwards, download the archive, verify its hash, and sign it:
.. code-block:: shell
gpg --armor --detach-sign polybar-X.Y.Z.tar.gz
Finally, upload the generated ``polybar-X.Y.Z.tar.gz.asc`` to the GitHub
release.
Deprecations Deprecations
~~~~~~~~~~~~ ~~~~~~~~~~~~