Skip to content

Latest commit

 

History

History
71 lines (48 loc) · 2.31 KB

RELEASE.rst

File metadata and controls

71 lines (48 loc) · 2.31 KB

Pex Release Process

All release tags are signed (using git tag --sign) so that users of Pex can verify maintainers have performed & trust a release. This requires releasers having a PGP key configured with git and published to key servers. An additional nicety is to configure you PGP key with GitHub for those who like to check provenance via a web UI.

Some documentation to help you get things set up if you don't have all of these pre-requisites:

  • Creating a key and configuring your key with Git and GitHub is all described here
  • Publishing your key to a keyserver is described here

Some key servers you probably want to publish your key to explicitly above and beyond your PGP setup's default configured keyserver include:

  • hkps://pgp.mit.edu
  • hkps://keyserver.ubuntu.com
  • hkps://keys.openpgp.org

Bump the version in pex/version.py and update CHANGES.rst. Open a PR with these changes and land it on https://github.com/pex-tool/pex main.

Sync a local branch with https://github.com/pex-tool/pex main and confirm it has the version bump and changelog update as the tip commit:

$ git log --stat -1 HEAD
commit f76a3d896867a5787c151c6afe1820f14dd88848 (tag: v2.1.29, origin/main, origin/HEAD, main)
Author: John Sirois <[email protected]>
Date:   Fri Feb 5 10:24:28 2021 -0800

    Prepare the 2.1.29 release. (#1220)

 CHANGES.rst    | 19 +++++++++++++++++--
 pex/version.py |  2 +-
 2 files changed, 18 insertions(+), 3 deletions(-)

Tag the release and push the tag to https://github.com/pex-tool/pex main:

$ git tag --sign -am 'Release 2.1.29' v2.1.29
$ git push --tags https://github.com/pex-tool/pex HEAD:main

If you're on macOS and commit signing fails, try setting export GPG_TTY=$(tty).

Open the Release workflow run and wait for it to go green: https://github.com/pex-tool/pex/actions?query=workflow%3ARelease+branch%3Av2.1.29