You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/release-versioning.md
+17-7Lines changed: 17 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,7 @@ Milestone labels have the form: `milestone-x.y.0`, where `x` and `y` are major a
11
11
## Major versions
12
12
13
13
Major version changes can break compatibility between the previous major versions; they are not necessarily backwards or forwards compatible. SDK change targets include but are not limited to:
- Tagging and signing a git commit and pushing the tag to GitHub.
51
-
- Building a release binaryand uploading the binary to GitHub.
53
+
- Building a release binary, signing the binary, and uploading both binary and signature to GitHub.
52
54
53
55
Releases can only be performed by [maintainers][doc-maintainers].
54
56
@@ -64,26 +66,31 @@ Release binaries will be built for the `x86_64` architecture for both GNU Linux
64
66
65
67
Support for the Windows platform or any architecture other than `x86_64` is not on the roadmap at this time.
66
68
67
-
## Binaries
69
+
## Binaries and signatures
70
+
71
+
Binaries will be signed using a maintainers' verified GitHub PGP key. Both binary and signature will be uploaded to the release. Ensure you import maintainer keys to verify release binaries.
72
+
73
+
Creating release binaries and signatures:
68
74
69
-
Creating release binaries:
70
75
```bash
71
76
$ ./release.sh "v${VERSION}"
72
77
```
73
78
79
+
**Note**: you must have both [`git`][doc-git-default-key] and [`gpg`][doc-gpg-default-key] default PGP keys set locally for `release.sh` to run without error.
80
+
74
81
## Release tags
75
82
76
83
Every release will have a corresponding git tag.
77
84
78
-
Make sure you've [uploaded your GPG key][link-github-gpg-key-upload] and configured git to [use that signing key][link-git-config-gpg-key] either globally or for the Operator SDK repository. Note: the email the key is issued for must be the email you use for git.
85
+
Make sure you've [uploaded your GPG key][link-github-gpg-key-upload] and configured git to [use that signing key][link-git-config-gpg-key] either globally or for the Operator SDK repository. Tagging will be handled by `release.sh`.
86
+
87
+
**Note**: the email the key is issued for must be the email you use for git.
Release notes should be a thorough description of changes made to code, documentation, and design. Individual changes, such as bug fixes, should be given their own bullet point with a short description of what was changed. Issue links and handle of the developer who worked on the change should be included whenever possible.
@@ -157,6 +164,7 @@ $ gpg --recv-key ${KEY_ID}
157
164
Now you should be able to verify the tags and/or binaries
158
165
159
166
## For maintainers
167
+
160
168
For new maintainers who have not done a release and do not have their gpg key on a public
161
169
keyserver, you must add your public key to a keyserver. To do this, output your armored
162
170
public key using this command:
@@ -173,7 +181,9 @@ key and you are ready to sign releases.
0 commit comments