Skip to content

Latest commit

 

History

History
37 lines (29 loc) · 1.2 KB

RELEASE.md

File metadata and controls

37 lines (29 loc) · 1.2 KB

Release Instructions

Follow the steps below to tag a new release for the actions/attest-sbom action.

If changes were made to the internal actions/attest-sbom/predicate action (any updates to ./predicate/action.yaml or any of the code in the ./src directory), start with step #1; otherwise, skip directly to step #5.

  1. Merge the latest changes to the main branch.

  2. Create and push a new predicate tag of the form predicate@X.X.X following SemVer conventions:

    git tag -a "predicate@X.X.X" -m "predicate@X.X.X Release"
    git push --tags
  3. Update the reference to the actions/attest-sbom/predicate action in action.yml to point to the SHA of the newly created tag.

  4. Push the action.yml change and open a PR. Once it has been reviewed, merge the PR and proceed with the release instructions.

  5. Create a new release for the top-level action using a tag of the form vX.X.X following SemVer conventions:

    gh release create vX.X.X
  6. Move (or create) the major version tag to point to the same commit tagged above:

    git tag -fa vX -m "vX"
    git push origin vX --force