yq/release_instructions.txt
Copilot 0e803833fb
chore: pin GitHub Actions and Docker base images to full-length hashes (OSSF scorecard) (#2658)
* Initial plan

* chore: pin GitHub Actions dependencies to specific commit SHAs (OSSF)

Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/cbd03f0a-f2dc-4da4-b01c-7dd06ad83ee9

Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>

* chore: pin Dockerfile base images to specific SHA digests (OSSF)

Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/7a8f6690-37fb-42ab-b3dc-0dd23c270fbe

Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>

* chore: revert yq pins in test-yq.yml; add release note for github-action/Dockerfile SHA

Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/e1b35d79-92a3-47d5-b4ac-a2efe2fd58ce

Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
2026-04-12 19:31:32 +10:00

59 lines
2.3 KiB
Plaintext

- update release notes
- make sure local build passes
- run ./scripts/copy-docs.sh (and commit the changed in the yq-book branch)
- run ./scripts/bump-version.sh
- git push
// to move the v4 branch
- git push origin -d v4
- git push --tags
- use github actions to publish docker and make github release
- check github updated yq action in marketplace
- update github-action/Dockerfile to pin the newly published docker image digest:
skopeo inspect docker://docker.io/mikefarah/yq:4 | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['Digest'])"
then update the FROM line in github-action/Dockerfile with the new digest:
FROM mikefarah/yq:4@sha256:<new-digest>
- snapcraft
- update snapcraft version
- https://snapcraft.io/yq/builds
- will auto create a candidate, test it works then promote
- !! need to update v4/stable as well as latest
sudo snap remove yq
sudo snap install --edge yq
then use the UI (https://snapcraft.io/yq/release)
- brew
- brew bump-formula-pr --url=https://github.com/mikefarah/yq/archive/2.2.0.tar.gz yq
- if that fails with random ruby errors try:
- clearing out the gems rm -rf .gem/ruby/2.3.0
- export HOMEBREW_FORCE_VENDOR_RUBY=1
- docker
- build and push latest and new version tag
- docker build . -t mikefarah/yq:latest -t mikefarah/yq:3 -t mikefarah/yq:3.X
- debian package (with release script)
- execute the script `./scripts/release-deb.sh` *on the machine having the private
gpg key to sign the generated sources* providing the version to release, the
ppa where deploying the files and the passphrase of the private key if needed:
```
./scripts/release-deb.sh -o output -p -s --passphrase PASSPHRASE VERSION
```
- debian package (manually)
- ensure you get all vendor dependencies before packaging
```go mod vendor```
- execute
```dch -i```
- fill debian/changelog with changes from last version
- build the package sources
```debuild -i -I -S -sa```
(signing with gpg key is required in order to put it to ppa)
- put to PPA
```dput ppa:<REPOSITORY> ../yq_<VERSION>_source.changes```
(current distro repository is ppa:rmescandon/yq. In case that a new version
is released, please contact rmescandon@gmail.com to bump debian package)