From 6f3b5c6ca80bd5e47f7901ca71d7a6de65667fcf Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Fri, 29 May 2026 13:30:39 +0200 Subject: [PATCH] doc: add upstream release process documentation Co-Authored-By: Claude Opus 4.6 --- doc/release-process.md | 58 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 doc/release-process.md diff --git a/doc/release-process.md b/doc/release-process.md new file mode 100644 index 0000000..6a7a35a --- /dev/null +++ b/doc/release-process.md @@ -0,0 +1,58 @@ +# Upstream Release Process + +## Prerequisites + +* GPG key configured for signing tags and tarballs +* GitHub personal access token with `repo` scope + +## Create a Signed Tag + +Tag the release commit on `main` with a signed annotated tag: + +```bash +git tag -s csmock-X.Y.Z +``` + +The tag message should contain the version on the first line, followed +by a blank line and a bullet-list changelog. For example: + +``` +csmock-3.8.5 + +- make `--embed-context` use `csgrep-static` in the chroot (#216) +``` + +Push the tag: + +```bash +git push origin csmock-X.Y.Z +``` + +## Upload Release Artifacts + +Run the `upload-release.sh` script from the repository root: + +```bash +./upload-release.sh csmock-X.Y.Z "$GITHUB_TOKEN" +``` + +The script performs the following steps: + +1. Creates a source tarball using `git archive` +2. Compresses it into `.tar.gz` and `.tar.xz` +3. Signs both tarballs with GPG (producing `.asc` detached signatures) +4. Creates a GitHub release via the API +5. Uploads the tarballs and signatures as release assets + +Upstream releases are published at: + + +## Finalize on GitHub + +Open the newly created release in the GitHub web UI and review/edit +the release description as needed. + +## Downstream Packaging + +Packit (configured in `.packit.yaml`) automatically picks up new tags +and triggers COPR builds for Fedora and EPEL.