mirror of
https://github.com/GMWalletApp/epusdt.git
synced 2026-07-07 18:26:16 +00:00
75 lines
1.6 KiB
Markdown
75 lines
1.6 KiB
Markdown
# Releasing
|
|
|
|
This repository publishes versioned binaries to GitHub Releases when a tag is pushed.
|
|
|
|
## What gets published
|
|
|
|
For each tag like `v1.2.3`, GitHub Actions builds release archives for:
|
|
|
|
- `linux/amd64`
|
|
- `linux/arm64`
|
|
- `darwin/amd64`
|
|
- `darwin/arm64`
|
|
- `windows/amd64`
|
|
- `windows/arm64`
|
|
|
|
Each archive includes:
|
|
|
|
- the `epusdt` binary
|
|
- `src/.env.example`
|
|
- `src/static/`
|
|
|
|
Windows artifacts are published as `.zip`. Other platforms are published as `.tar.gz`.
|
|
|
|
Each release also publishes:
|
|
|
|
- a checksum file
|
|
- a Sigstore keyless signature bundle for the checksum file
|
|
- archive SBOM documents generated by Syft
|
|
- a GitHub build provenance attestation for the checksum file
|
|
|
|
## How to cut a release
|
|
|
|
1. Make sure the release commit has already landed on the default branch.
|
|
2. Create an annotated tag:
|
|
|
|
```bash
|
|
git tag -a v1.0.0 -m "release v1.0.0"
|
|
```
|
|
|
|
3. Push the tag:
|
|
|
|
```bash
|
|
git push origin v1.0.0
|
|
```
|
|
|
|
4. Wait for the `release` workflow to finish on GitHub.
|
|
5. Download the generated binaries from the GitHub Release page.
|
|
|
|
## Verify a release
|
|
|
|
Verify the checksum signature with Cosign:
|
|
|
|
```bash
|
|
cosign verify-blob \
|
|
--bundle epusdt_v1.0.0_checksums.txt.sigstore.json \
|
|
epusdt_v1.0.0_checksums.txt
|
|
```
|
|
|
|
Verify the GitHub build provenance attestation:
|
|
|
|
```bash
|
|
gh attestation verify epusdt_v1.0.0_checksums.txt -R GMwalletApp/epusdt
|
|
```
|
|
|
|
## Local validation
|
|
|
|
Install `cosign` and `syft`, then run a snapshot build locally before pushing a tag:
|
|
|
|
```bash
|
|
cd src
|
|
go run github.com/goreleaser/goreleaser/v2@latest release --snapshot --clean
|
|
```
|
|
|
|
The resulting artifacts will be generated under `src/dist/`.
|