mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
13e64bcd8a
Since #1971 ci and cd workflows run independently of each other, each of them also calling the test workflow. This patch updates RELEASE.md to match the new setup. It also fixes a (twice) broken link. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2.5 KiB
2.5 KiB
Release process
Prerequisites (one-time setup)
- Go to PyPI management page and create an API token with its scope limited to the tuf project.
- Go to GitHub
settings,
create an
environment
called
releaseand configure review protection. - In the environment create a
secret
called
PYPI_API_TOKENand paste the token created above.
Release
- Ensure
docs/CHANGELOG.mdcontains a one-line summary of each notable change since the prior release - Update
tuf/__init__.pyto the new version numberA.B.C - Create a PR with updated
CHANGELOG.mdand version bumps
➔ Review PR on GitHub
- Once the PR is merged, pull the updated
developbranch locally - Create a signed tag for the version number on the merge commit
git tag --sign vA.B.C -m "vA.B.C" - Push the tag to GitHub
git push origin vA.B.C
A tag push triggers the CD
workflow,
which runs the tests, builds source dist and wheel, creates a preliminary GitHub
release under vA.B.C-rc, and pauses for review.
- Run
verify_release --skip-pypilocally to make sure a build on your machine matches the preliminary release artifacts published on GitHub.
➔ Review deployment on GitHub
An approval resumes the CD workflow to publish the release on PyPI, and to finalize the
GitHub release (removes -rc suffix and updates release notes).
verify_releasemay be used again to make sure the PyPI release artifacts match the local build as well.- Announce the release on #tuf on CNCF Slack
- Ensure POUF 1, for the reference implementation, is up-to-date