Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RELEASE v1 process #33

Open
laurentsimon opened this issue Dec 29, 2021 · 2 comments
Open

RELEASE v1 process #33

laurentsimon opened this issue Dec 29, 2021 · 2 comments
Assignees
@justaugustus @laurentsimon
Projects
Scorecard
Milestone
v1

Comments

@laurentsimon
Copy link
Contributor

laurentsimon commented Dec 29, 2021
edited

steps:

  1. cut a scorecard release and wait for a container image to be created and tagged with new release. Note the hash of the container as CH1. Note: we do not need a scorecard release, we can use any stable version we want.
  2. update the hash pin in our dockerfile to use the container hash CH1 from step 1. Once the PR is merged, note the GitHub's commit hash as GH2.
    3. manually trigger the workflow to generate our container image. Note the hash of the container image generated as CH3. It can be found here using the manifest's "digest".~~ ~~4. update the container image hash we use in [action.yaml:L45](https://github.com/ossf/scorecard-action/blob/main/action.yaml#L45), using the hash CH3from step 3. Once the PR is merged, note the GitHub's commit hash asGH4`.
  3. test the new hash in a test repo we own. If successful, continue.
  4. cut release for the action - the hash of the tagged release should be GH2.
  5. send a PR to starter-workflows/code-scanning/scorecards.yml to update the hash to GH2 from step 4.
  6. merge a PR to update our documentation's example workflow to use GH2.
  7. verify on the market place that the workflow example contains GH2. (the marketplace uses main branch)
@laurentsimon laurentsimon self-assigned this Dec 29, 2021
@laurentsimon laurentsimon changed the title RELEASE v1 RELEASE v1 process Dec 29, 2021
@laurentsimon laurentsimon added this to the v1 milestone Dec 29, 2021
This was referenced Dec 30, 2021
Closed
Merged
@laurentsimon laurentsimon mentioned this issue Feb 5, 2022
Merged
@justaugustus justaugustus added this to Backlog in Scorecard Feb 22, 2022
@justaugustus justaugustus mentioned this issue Apr 21, 2022
Merged
@justaugustus
Copy link
Member

Working on capturing this content in #194.

@justaugustus
Copy link
Member

From @laurentsimon in #194 (comment):

I don't think we release on GH registry. I think it's gcr.io/openssf/scorecard instead. Should be accessible by anyone

@justaugustus justaugustus self-assigned this May 26, 2022
@justaugustus justaugustus moved this from Backlog to In progress in Scorecard May 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@justaugustus justaugustus

@laurentsimon laurentsimon

Labels
None yet
Projects
Scorecard
In progress
Milestone
v1
Development

No branches or pull requests
2 participants
@justaugustus @laurentsimon