Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: Update release docs

Browse source 
* version number is single sourced now
* Mention that using pip against test.pypi.org is unsafe
* Fix some filenames in the examples

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This commit is contained in:
Jussi Kukkonen 2022-03-03 16:04:08 +02:00
parent 5155ba7431
commit bf511ec0c6
1 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docs/RELEASE.md
View file

@ -5,14 +5,18 @@
tracked by git
* Ensure `docs/CHANGELOG.md` contains a one-line summary of each [notable
change](https://keepachangelog.com/) since the prior release
* Update `setup.cfg` and `tuf/__init__.py` to the new version number vA.B.C
* Update `tuf/__init__.py` to the new version number "A.B.C"
* Test packaging, uploading to Test PyPI and installing from a virtual environment
(ensure commands invoking `python` below are using Python 3)
* Remove existing dist build dirs
* Create source dist and wheel `python3 -m build`
* Sign the dists `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz`
* Sign source dist `gpg --detach-sign -a dist/tuf-A.B.C.tar.gz`
* Sign wheel `gpg --detach-sign -a dist/tuf-A.B.C-py3-none-any.whl`
* Upload to test PyPI `twine upload --repository testpypi dist/*`
* Verify the uploaded package https://testpypi.python.org/pypi/tuf/
* Verify the uploaded package at https://test.pypi.org/project/tuf/:
Note that installing packages with pip using test.pypi.org is potentially
dangerous (as dependencies may be squatted): download the file and install
the local file instead.
* Create a PR with updated `CHANGELOG.md` and version bumps
* Once the PR is merged, pull the updated `develop` branch locally
* Create a signed tag matching the updated version number on the merge commit
@ -24,11 +28,10 @@
(ensure commands invoking `python` below are using Python 3)
* Remove existing dist build dirs
* Create source dist and wheel `python3 -m build`
* Sign source dist `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz`
* Sign wheel `gpg --detach-sign -a dist/tuf-vA.B.C-py3-none-any.whl`
* Upload to test PyPI `twine upload --repository testpypi dist/*`
* Verify the uploaded package https://testpypi.python.org/pypi/tuf/
* Sign source dist `gpg --detach-sign -a dist/tuf-A.B.C.tar.gz`
* Sign wheel `gpg --detach-sign -a dist/tuf-A.B.C-py3-none-any.whl`
* Upload to PyPI `twine upload dist/*`
* Verify the package at https://pypi.org/project/tuf/ and by installing with pip
* Attach both signed dists and their detached signatures to the release on GitHub
* Announce the release on [#tuf on CNCF Slack](https://cloud-native.slack.com/archives/C8NMD3QJ3)
* Ensure [POUF 1](https://github.com/theupdateframework/taps/blob/master/POUFs/reference-POUF/pouf1.md), for the reference implementation, is up-to-date