Context
PR complytime/org-infra#394 introduces two reusable GitHub Actions workflows that standardize the release process across all ComplyTime and Unbound Force repositories:
reusable_release_preflight.yml: Universal release preflight validation (tag format, semver ordering, CI check auto-discovery, security gate, smart re-run resilience, idempotent tag creation)
reusable_release_goreleaser.yml: Standardized GoReleaser execution with enforced supply chain (cosign signing, syft SBOMs)
User-facing changes to document
-
Standardized release process: All org repos now follow a single release flow — workflow_dispatch with a tag input, automated preflight validation, build, and publish. Documented in docs/RELEASE_PROCESS.md.
-
Supply chain verification: Every release produces checksums, cosign Sigstore signatures, and SBOMs. Verification instructions (cosign verify-blob, sha256sum) are documented.
-
Adoption guide: Per-repo-type migration instructions (CLI/binary, container, library, hybrid) with copy-pasteable consumer workflow templates. Documented in docs/RELEASE_WORKFLOWS.md.
-
CI check auto-discovery: Preflight automatically discovers required CI checks from workflow files (ci_local.yml, ci_checks.yml, ci_security.yml) — no hardcoded check names.
Suggested website updates
- Developer/infrastructure documentation page covering the standardized release process
- Supply chain verification instructions for end users downloading release artifacts
- Link to org-infra
docs/RELEASE_PROCESS.md and docs/RELEASE_WORKFLOWS.md
Related
Context
PR complytime/org-infra#394 introduces two reusable GitHub Actions workflows that standardize the release process across all ComplyTime and Unbound Force repositories:
reusable_release_preflight.yml: Universal release preflight validation (tag format, semver ordering, CI check auto-discovery, security gate, smart re-run resilience, idempotent tag creation)reusable_release_goreleaser.yml: Standardized GoReleaser execution with enforced supply chain (cosign signing, syft SBOMs)User-facing changes to document
Standardized release process: All org repos now follow a single release flow — workflow_dispatch with a tag input, automated preflight validation, build, and publish. Documented in
docs/RELEASE_PROCESS.md.Supply chain verification: Every release produces checksums, cosign Sigstore signatures, and SBOMs. Verification instructions (cosign verify-blob, sha256sum) are documented.
Adoption guide: Per-repo-type migration instructions (CLI/binary, container, library, hybrid) with copy-pasteable consumer workflow templates. Documented in
docs/RELEASE_WORKFLOWS.md.CI check auto-discovery: Preflight automatically discovers required CI checks from workflow files (ci_local.yml, ci_checks.yml, ci_security.yml) — no hardcoded check names.
Suggested website updates
docs/RELEASE_PROCESS.mdanddocs/RELEASE_WORKFLOWS.mdRelated