Release process doc #112

laurentsimon · 2022-05-26T16:05:49Z

create a doc to explain the release process

laurentsimon · 2022-06-03T00:51:53Z

Done in #115. Closing.

How to LGTM this PR (I'll work on a proper doc for this in slsa-framework/slsa-github-generator#112): 1. Clone repo ``` $ git clone git@github.com:slsa-framework/slsa-verifier.git $ cd slsa-verifier $ bash verify-release.sh v2.4.0 # NOTE: use the file in _this_ PR. # Note down the path to the temporary dir use. The bash script will print its first line as "INFO: using dir: /tmp/tmp.VaYi6HfbmL" ``` 2. Run command below and compare to SHA256SUM.md in this PR ``` $sha256sum /tmp/tmp.VaYi6HfbmL/* ``` The output hash should be the hash I'm updating to in this PR. If they match, LGTM. If they don't, someone tampered with the released binary and don't LGTM --------- Signed-off-by: laurentsimon <laurentsimon@google.com>

This sets the expected sha256 of the v2.5.1 slsa-verifier released binary. How to LGTM this PR (I'll work on a proper doc for this in slsa-framework/slsa-github-generator#112): 1. Download the binary and provenance from https://github.com/slsa-framework/slsa-verifier/releases/tag/v0.0.1 2. Clone the slsa-verifier repo, compile and verify the provenance using the steps described in https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance ``` $ git clone git@github.com:slsa-framework/slsa-verifier.git $ cd slsa-verifier $ bash verify-release.sh v2.5.1 ``` The output hash should be the hash I'm updating to in this PR. If they match, LGTM. If they don't, someone tampered with the released binary and don't LGTM --------- Signed-off-by: laurentsimon <laurentsimon@google.com>

This sets the expected sha256 of the v2.5.1 slsa-verifier released binary. How to LGTM this PR (I'll work on a proper doc for this in slsa-framework/slsa-github-generator#112): 1. Download the binary and provenance from https://github.com/slsa-framework/slsa-verifier/releases/tag/v0.0.1 2. Clone the slsa-verifier repo, compile and verify the provenance using the steps described in https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance ``` $ git clone git@github.com:slsa-framework/slsa-verifier.git $ cd slsa-verifier $ bash verify-release.sh v2.5.1 ``` The output hash should be the hash I'm updating to in this PR. If they match, LGTM. If they don't, someone tampered with the released binary and don't LGTM --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>

laurentsimon self-assigned this May 26, 2022

laurentsimon added this to the v1 milestone May 26, 2022

laurentsimon mentioned this issue May 26, 2022

Feature: official release #75

Closed

22 tasks

laurentsimon added the type:documentation Improvements or additions to documentation label May 26, 2022

laurentsimon mentioned this issue May 26, 2022

✨ Set the sha256 for slsa-verifier's v0.0.1 #113

Merged

laurentsimon closed this as completed Jun 3, 2022

asraa mentioned this issue Jun 29, 2022

v1.1.1: add v1.1.1 sha and update references slsa-framework/slsa-verifier#114

Merged

asraa mentioned this issue Jul 12, 2022

release: v1.0.1 patch release slsa-framework/slsa-verifier#142

Merged

asraa mentioned this issue Jul 25, 2022

release: add notes for release v1.2.0 slsa-framework/slsa-verifier#171

Merged

laurentsimon mentioned this issue Aug 25, 2023

chore: Update doc for v2.4.0 slsa-framework/slsa-verifier#699

Merged

laurentsimon mentioned this issue Mar 25, 2024

chore: Update doc and digests for v2.5.1 slsa-framework/slsa-verifier#748

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release process doc #112

Release process doc #112

laurentsimon commented May 26, 2022

laurentsimon commented Jun 3, 2022

Release process doc #112

Release process doc #112

Comments

laurentsimon commented May 26, 2022

laurentsimon commented Jun 3, 2022