Release Process
skret uses Python Semantic Release (PSR) for automated versioning and GoReleaser for cross-platform binary builds.
How It Works
Section titled “How It Works”- Version bump — PSR analyzes commit messages (
feat:/fix:) to determine the next version - Tag creation — PSR creates a git tag (
v0.1.0) and updatesCHANGELOG.md - Binary build — GoReleaser builds binaries for all 6 platforms and publishes to GitHub Releases
- Package updates — Homebrew tap and Scoop bucket are updated automatically
Triggering a Release
Section titled “Triggering a Release”Releases are triggered via workflow_dispatch on the release.yml workflow:
# Stable releasegh workflow run release.yml -f release_type=stable
# Beta/prereleasegh workflow run release.yml -f release_type=betaNever create tags manually. Always use the workflow.
Release Types
Section titled “Release Types”| Type | Version Example | Use Case |
|---|---|---|
| Stable | v0.2.0 | Production-ready release |
| Beta | v0.3.0-beta.1 | Testing before stable |
Beta to Stable Promotion
Section titled “Beta to Stable Promotion”- Release a beta:
gh workflow run release.yml -f release_type=beta - Test the beta build
- If passing, release stable:
gh workflow run release.yml -f release_type=stable
PSR automatically determines the version number from commits since the last release.
Commit Impact on Versions
Section titled “Commit Impact on Versions”| Commit Prefix | Version Bump |
|---|---|
fix: | Patch (0.1.0 -> 0.1.1) |
feat: | Minor (0.1.0 -> 0.2.0) |
During v0.x, breaking changes are allowed in minor versions and documented in the CHANGELOG.
CI/CD Pipeline
Section titled “CI/CD Pipeline”push to main -> ci.yml (lint, test, build)
workflow_dispatch (release.yml) -> PSR: analyze commits, bump version, update CHANGELOG, create tag -> tag push triggers cd.yml -> GoReleaser: build 6 binaries, create GitHub Release -> Docker: push ghcr.io/n24q02m/skret:<version> -> Homebrew: update tap formula -> Scoop: update bucket manifest -> Cosign: sign artifacts (keyless, GitHub OIDC) -> Syft: generate SBOMBuild Targets
Section titled “Build Targets”GoReleaser produces binaries for:
| OS | Architecture | Artifact |
|---|---|---|
| Linux | amd64 | skret_VERSION_linux_amd64.tar.gz |
| Linux | arm64 | skret_VERSION_linux_arm64.tar.gz |
| macOS | amd64 | skret_VERSION_darwin_amd64.tar.gz |
| macOS | arm64 | skret_VERSION_darwin_arm64.tar.gz |
| Windows | amd64 | skret_VERSION_windows_amd64.zip |
| Windows | arm64 | skret_VERSION_windows_arm64.zip |
CHANGELOG
Section titled “CHANGELOG”CHANGELOG.md is managed entirely by PSR. Do not edit it manually.
Each release entry includes:
- Version number and date
- Grouped changes under
feat:andfix:headings - Links to commits and compare URLs
Verifying a Release
Section titled “Verifying a Release”After a release completes:
# Check the latest releasegh release view --repo n24q02m/skret
# Verify cosign signaturecosign verify-blob \ --certificate skret_VERSION_linux_amd64.tar.gz.cert \ --signature skret_VERSION_linux_amd64.tar.gz.sig \ --certificate-identity-regexp="https://github.com/n24q02m/skret" \ --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \ skret_VERSION_linux_amd64.tar.gz