Skip to content

Document release workflow #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kristapsk merged 1 commit into from
Sep 7, 2025
Merged

Document release workflow #41

kristapsk merged 1 commit into from
Sep 7, 2025

Conversation

@kristapsk
Copy link
Member

@kristapsk kristapsk commented Sep 7, 2025
edited by coderabbitai bot
Loading

Resolves #11.

Summary by CodeRabbit

  • Documentation
    • Added a release workflow guide outlining end-to-end steps to publish a new version.
    • Covers tagging and pushing versions, building and signing aarch64 binaries, publishing a GitHub release with assets and notes, and updating system update metadata/checksums.
    • No changes to public APIs.

@coderabbitai
Copy link

coderabbitai bot commented Sep 7, 2025
edited
Loading

Walkthrough

Adds a new release workflow document at doc/release.md describing tagging, building aarch64 binaries with Zig, signing (GPG), timestamping (OTS), creating a GitHub release with assets, and updating the sysupdates repository.

Changes

Cohort / File(s) Summary
Release documentation
doc/release.md		 New document outlining end-to-end release steps: annotated tagging, pushing tags, Zig aarch64 build and packaging, GPG signing, OTS stamping, GitHub release asset upload, and sysupdates update.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant Git as Git
  participant Build as Zig Build
  participant GPG as GPG
  participant OTS as OpenTimestamps
  participant GH as GitHub Release
  participant SU as sysupdates repo

  Dev->>Git: Create annotated tag vX.Y.Z
  Dev->>Git: Push tags to origin

  Dev->>Build: Init submodules, build aarch64-linux-musl (ReleaseSafe)
  Build-->>Dev: ndg-vX.Y.Z-aarch64.tar.gz

  Dev->>GPG: Sign tarball (.asc)
  Dev->>OTS: Stamp tarball (.ots)

  Dev->>GH: Create release for vX.Y.Z
  Dev->>GH: Upload .tar.gz, .asc, .asc.ots

  Dev->>SU: Update env/ndg version and SHA256
  Note over SU,Dev: Commit to sysupdates
Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Assessment against linked issues

Objective Addressed Explanation
Write a "making a release" doc (#11)
Tag a commit with a "release candidate" (#11) Document uses final tag vX.Y.Z; no RC tagging flow included.
Produce nd and ngui binaries at the tag (#11) Instructions build aarch64 binary/tarball for ndg; unclear about both nd and ngui.
Add the release to a dev channel of sysupdates (#11) Document updates sysupdates env/ndg but does not specify channel handling.

Poem

I thump my paws and tag the tree,
vX.Y.Z, a treat for me!
I wrap the bits, I sign with cheer,
OTS sprinkles timestamps here.
To GitHub burrow, assets hop—
sysupdates nods, “carrots on top!”
Release-day fields, a joyful crop.

✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@kristapsk kristapsk closed this Sep 7, 2025
@kristapsk kristapsk force-pushed the doc-release-workflow branch from e0cecd5 to 420e60b Compare September 7, 2025 21:14
@kristapsk kristapsk reopened this Sep 7, 2025
coderabbitai[bot]
coderabbitai bot reviewed Sep 7, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (6)
doc/release.md (6)

7-9: Add language hints to fenced code blocks (markdownlint MD040).

Mark shell snippets as bash to satisfy MD040 and improve readability.

-```
+```bash
 git tag -s vX.Y.Z -m "Release vX.Y.Z"

- +bash
git push origin --tags


-```
+```bash
git submodule update --init --recursive
zig build -Dtarget=aarch64-linux-musl -Ddriver=fbev -Doptimize=ReleaseSafe -Dstrip
cd zig-out/bin
tar czf ndg-vX.Y.Z-aarch64.tar.gz nd ngui
gpg --sign --armor --detach-sign ndg-vX.Y.Z-aarch64.tar.gz
ots stamp ndg-vX.Y.Z-aarch64.tar.gz.asc



Also applies to: 15-17, 21-28

---

`15-17`: **Avoid pushing all local tags by default.**

Prefer pushing just the intended tag to prevent accidentally publishing unrelated tags.


```diff
-```bash
-git push origin --tags
-```
+```bash
+git push origin vX.Y.Z
+```

21-28: Generate and publish a SHA256 checksum to support Step 5.

You reference a SHA256 in Step 5 but don’t show how to create it or distribute it.

 ```bash
 git submodule update --init --recursive
 zig build -Dtarget=aarch64-linux-musl -Ddriver=fbev -Doptimize=ReleaseSafe -Dstrip
 cd zig-out/bin
 tar czf ndg-vX.Y.Z-aarch64.tar.gz nd ngui
+sha256sum ndg-vX.Y.Z-aarch64.tar.gz > ndg-vX.Y.Z-aarch64.tar.gz.sha256
 gpg --sign --armor --detach-sign ndg-vX.Y.Z-aarch64.tar.gz
 ots stamp ndg-vX.Y.Z-aarch64.tar.gz.asc

...

  • ndg-vX.Y.Z-aarch64.tar.gz
  • ndg-vX.Y.Z-aarch64.tar.gz.asc
  • ndg-vX.Y.Z-aarch64.tar.gz.asc.ots
    +- ndg-vX.Y.Z-aarch64.tar.gz.sha256

Note: on macOS, use `shasum -a 256 file > file.sha256`.


Also applies to: 34-36

---

`24-26`: **Package under a versioned directory to avoid clutter on extract.**

Extracting to the CWD drops `nd`/`ngui` directly. Package them inside a versioned folder.


```diff
 cd zig-out/bin
-tar czf ndg-vX.Y.Z-aarch64.tar.gz nd ngui
+mkdir -p package/ndg-vX.Y.Z-aarch64
+cp nd ngui package/ndg-vX.Y.Z-aarch64/
+tar czf ndg-vX.Y.Z-aarch64.tar.gz -C package ndg-vX.Y.Z-aarch64
 gpg --sign --armor --detach-sign ndg-vX.Y.Z-aarch64.tar.gz

3-5: Add a brief prerequisites section.

Call out required tools and access to reduce friction for releasers.

 This document outlines the steps to create a new release for the project. Follow these steps carefully to ensure a smooth release process.
 
+### Prerequisites
+
+- Zig installed (same version used in CI)
+- GnuPG with the release signing key available
+- OpenTimestamps client (`ots`)
+- Access to create GitHub releases and to the `sysupdates` repository
+
 ## Step 1: Tag release

11-12: Document an optional release-candidate flow.

The linked issue mentions RCs. Add a short RC tagging example.

 Replace `X.Y.Z` with the appropriate version number.
 
+For a release candidate:
+
+```bash
+git tag -s vX.Y.Z-rc.1 -m "Release candidate vX.Y.Z-rc.1"
+git push origin vX.Y.Z-rc.1
+```
+
 ## Step 2: Push tags
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd78fe9 and e0cecd5.

📒 Files selected for processing (1)
  • doc/release.md (1 hunks)
🧰 Additional context used
🪛 markdownlint-cli2 (0.17.2)
doc/release.md

7-7: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

15-15: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

21-21: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build

@kristapsk kristapsk force-pushed the doc-release-workflow branch from 420e60b to a1c8be0 Compare September 7, 2025 21:19
@kristapsk kristapsk merged commit 1cb7c3c into nakamochi:master Sep 7, 2025
1 check passed
@kristapsk kristapsk deleted the doc-release-workflow branch September 7, 2025 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

create a release workflow

1 participant

@kristapsk