Skip to content

fix(release-ceremony): restore annotated tag identity#17

Merged
pentaxis93 merged 3 commits into
mainfrom
issue-16/fix-release-ceremony-port-commons-34
May 14, 2026
Merged

fix(release-ceremony): restore annotated tag identity#17
pentaxis93 merged 3 commits into
mainfrom
issue-16/fix-release-ceremony-port-commons-34

Conversation

@pentaxis93
Copy link
Copy Markdown
Contributor

@pentaxis93 pentaxis93 commented May 14, 2026

Summary

  • Restores annotated tag refs after checkout and verifies the restored tag still targets the triggering event commit before release trust checks.
  • Extends scripts/release-check metadata to enforce the new checkout, restore, event identity, and trust ordering invariants.
  • Rejects explicit empty --container-image values so artifact validation cannot be silently bypassed.

Changes

  • Adds the Restore annotated tag refs and Verify restored tag matches event steps to .github/workflows/release.yml.
  • Extends the bash release workflow validator and fixture tests for missing, late, pre-checkout, and misordered restore/event-identity cases.
  • Updates release documentation and changelog coverage for the release ceremony hardening.

GitHub Issue(s)

Closes #16
Refs tesserine/commons#34

Test plan

  • bash -n scripts/release-check scripts/test-release-check
  • ./scripts/release-check metadata
  • ./scripts/release-check release v0.1.0
  • git diff --check
  • ./scripts/test-release-check

pentaxis93 added 3 commits May 14, 2026 10:52
@pentaxis93
fix(release-ceremony): restore annotated tag identity
556134f 
Restore annotated tag refs after checkout, verify restored tag identity against the triggering event commit, and harden release-check metadata validation so future workflow edits preserve the trust ordering.

Also reject explicit empty --container-image values at parse time so artifact validation cannot be silently bypassed.

Closes #16

Refs tesserine/commons#34
@pentaxis93
fix(release-ceremony): require post-fetch tag identity capture
9da942c
@pentaxis93
docs(release-ceremony): reference commons release fix
daeae41
@pentaxis93 pentaxis93 merged commit 84f4271 into main May 14, 2026
1 check passed
@pentaxis93 pentaxis93 deleted the issue-16/fix-release-ceremony-port-commons-34 branch May 14, 2026 19:02
@pentaxis93 pentaxis93 mentioned this pull request May 14, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(release-ceremony): port commons#34 — restore annotated tag identity in release workflow

1 participant

@pentaxis93