diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a24df7..5016b68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Release ceremony tooling now verifies the base changelog, Dockerfile label surface, tag-time image identity, and GitHub Release publication path. +### Changed + +- `Dockerfile` `ARG RUNA_REF` defaults updated to `v0.1.2` (the published + stable runa release) on both the builder-stage and final-image label lines. + `README.md` build examples updated to reference current stable component + tags. +- `RELEASING.md` documents the `RUNA_REF` dependency on a published runa tag, + with operator guidance for the cut sequence when updating `RUNA_REF`. + ### Fixed - GitHub Release publication now restores annotated tag refs after checkout and diff --git a/Dockerfile b/Dockerfile index 9903cc4..080bc6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ RUN apk add --no-cache \ glibc-dev \ rust-1.89 -ARG RUNA_REF=v0.1.2-rc.1 +ARG RUNA_REF=v0.1.2 COPY scripts/checkout-runa-ref /usr/local/bin/checkout-runa-ref RUN checkout-runa-ref checkout "${RUNA_REF}" /build/runa \ && cd /build/runa \ @@ -103,7 +103,7 @@ RUN timeout 900 sh -euxc '\ FROM cgr.dev/chainguard/wolfi-base ARG BASE_REF=local -ARG RUNA_REF=v0.1.2-rc.1 +ARG RUNA_REF=v0.1.2 ARG CLAUDE_CODE_VERSION=2.1.126 # agentd runner contract diff --git a/README.md b/README.md index 482df8a..4f69df4 100644 --- a/README.md +++ b/README.md @@ -34,9 +34,9 @@ The shared release-candidate convention is defined in ```bash podman build \ - --build-arg BASE_REF=v0.1.2-rc.1 \ - --build-arg RUNA_REF=v0.1.2-rc.1 \ - -t tesserine/base:v0.1.2-rc.1 . + --build-arg BASE_REF=v0.1.1 \ + --build-arg RUNA_REF=v0.1.2 \ + -t tesserine/base:v0.1.1 . ``` For local development, the defaults are usable, but they intentionally label @@ -49,7 +49,7 @@ podman build -t tesserine/base:local . Inspect the image labels to confirm what was built: ```bash -podman inspect tesserine/base:v0.1.2-rc.1 | jq '.[0].Config.Labels' +podman inspect tesserine/base:v0.1.1 | jq '.[0].Config.Labels' ``` Claude Code is intentionally pinned in the Dockerfile. Version bumps are manual diff --git a/RELEASING.md b/RELEASING.md index 6f1e8bb..15f6126 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -26,6 +26,28 @@ The runa ref must be an immutable tag or full commit SHA. base verifies that the ref is present and immutable-shaped; ecosystem verification owns proving that the runa ref matches the release manifest. +## Dependencies + +base builds its container image from the runa workspace, pinned by the +`RUNA_REF` argument defaulted in `Dockerfile` (two `ARG RUNA_REF=` lines: +one for the runa builder stage, one for the final image's label surface). +The release workflow's container build step fails immediately if `RUNA_REF` +points at a git ref that does not exist in the runa repository. + +Before cutting base: + +- Verify the current `Dockerfile` `ARG RUNA_REF=` value resolves to a + published runa tag. Run `git ls-remote --tags + https://github.com/tesserine/runa.git "refs/tags/$RUNA_REF"` (or check via + the [runa releases page](https://github.com/tesserine/runa/releases)). +- If updating `RUNA_REF` as part of preparing the base cut (typically to + point at a newer runa release), publish the new runa tag first. Cutting + base before the referenced runa tag exists will fail the container build + step of the release workflow, leaving an orphaned base tag and no + published GitHub Release. +- Update both `ARG RUNA_REF=` occurrences in `Dockerfile` together. The + builder-stage value and final-image label value must match. + ## Pre-Release Gate A releasable commit is on `main`, up to date with `origin/main`, and has a