Files
GitHop/wiki/Release-Checklist.md
T
Hop 853acec229 Require user-provisioned release credentials
Hop-State: A_06FN6KM758JV6S44F6CA6W0
Hop-Proposal: R_06FN6KJWAY5XWVMCVQHCXKR
Hop-Task: T_06FN6GZKFMRV2HP5N7XMNSR
Hop-Attempt: AT_06FN6GZKFP22ZCFRXGB7V00
2026-07-11 15:31:23 -07:00

86 lines
3.7 KiB
Markdown

# Release checklist
Hop releases are built on a trusted maintainer machine and uploaded by
GoReleaser as draft Gitea Releases. Gitea Actions and act runners are not
required; the server only stores source, tags, release metadata, and assets.
The canonical repository is `githop.xyz/GnosysLabs/Hop`.
## One-time Gitea setup
- Create the `GnosysLabs/Hop` repository and set its default branch to `main`.
- Configure `origin` as `https://githop.xyz/GnosysLabs/Hop.git`.
- Keep Gitea Actions disabled when the instance does not have dedicated runner
capacity; Hop's release process does not depend on it.
- Provision a narrowly scoped maintainer access token outside the agent session
and store it in the operating system's secret store. Agents and release
scripts may use that existing credential, but must never create, rotate, list,
or revoke account tokens through Gitea's website or API. Export it as
`GITEA_TOKEN` only for the local publish command, then unset it.
- When upgrading GoReleaser, update its pinned version and four archive
checksums in `scripts/release-local.sh` from the official checksum file.
- Permit release attachment MIME types for `.tar.gz`, `.zip`, and `.txt` in
Gitea's `[attachment] ALLOWED_TYPES` configuration.
- Enable the repository wiki, then push the files in `wiki/` to its wiki Git
repository.
## Public-launch gates
- Choose and add a `LICENSE`. The local publishing script intentionally fails
without one; this is a product/legal decision, not a build default.
- Add `SECURITY.md` with a monitored private disclosure address.
- Create an offline-controlled release-signing key, publish its public key, and
add detached signing for `checksums.txt` before general availability.
- Confirm the `githop.xyz/GnosysLabs/Hop` Go import path serves valid `go-import`
metadata.
- Back up the Gitea database, repositories, and release attachments.
## Validate before tagging
```bash
scripts/release-local.sh --snapshot
```
Inspect `dist/` and test at least one archive on each operating system family.
Confirm `hop version` reports the snapshot/tag-injected version and
`hop skill install --force` installs identical Hop-managed files at both
default skill destinations while preserving unrelated user files.
## Create a release
1. Update release notes. The signed Git tag is the version source and is
injected into the binaries automatically.
2. Run `scripts/release-local.sh --snapshot` and inspect the artifacts.
3. Create a signed semantic-version tag such as `v0.1.0-alpha.1` and push it.
4. Read a pre-provisioned, locally stored scoped token into `GITEA_TOKEN`.
Do not generate a task-specific token from an agent session.
5. Run `scripts/release-local.sh --publish`. It reruns race tests, vet, installer
checks, builds six platform archives, generates `checksums.txt`, and uploads
a draft without executing build work on the Gitea server.
6. Immediately run `unset GITEA_TOKEN`.
7. Download the draft assets and independently verify checksums, version output,
skill installation, and a disposable Hop project.
8. Publish the Gitea draft only after those checks pass.
9. Test both one-command installers against the now-published release.
## Expected assets
```text
hop_darwin_amd64.tar.gz
hop_darwin_arm64.tar.gz
hop_linux_amd64.tar.gz
hop_linux_arm64.tar.gz
hop_windows_amd64.zip
hop_windows_arm64.zip
checksums.txt
```
## After the first release
- Create a Gitea-hosted Homebrew tap/cask fed by immutable release URLs and
checksums; do not publish placeholder hashes.
- Add Windows package-manager metadata only after the Windows artifact has been
tested on a real signed build.
- Establish release retention, package cleanup, rollback, and incident-response
procedures for the custom Gitea instance.