Follow the steps below to tag a new release for the actions/attest-sbom
action.
If changes were made to the internal actions/attest-sbom/predicate
action (any
updates to ./predicate/action.yaml
or any of the
code in the ./src
directory), start with step #1; otherwise, skip
directly to step #5.
-
Merge the latest changes to the
main
branch. -
Create and push a new predicate tag of the form
predicate@X.X.X
following SemVer conventions:git tag -a "predicate@X.X.X" -m "predicate@X.X.X Release" git push --tags
-
Update the reference to the
actions/attest-sbom/predicate
action inaction.yml
to point to the SHA of the newly created tag. -
Push the
action.yml
change and open a PR. Once it has been reviewed, merge the PR and proceed with the release instructions. -
Create a new release for the top-level action using a tag of the form
vX.X.X
following SemVer conventions:gh release create vX.X.X
-
Move (or create) the major version tag to point to the same commit tagged above:
git tag -fa vX -m "vX" git push origin vX --force