Hunter Bown
4.4 KiB
4.4 KiB
Release Checklist
A pre-tag checklist that the v0.8.21/v0.8.22 CHANGELOG gap proved we needed.
Step through this in order from a clean worktree on the release branch
(work/vX.Y.Z-...). Treat any unchecked box as a release blocker.
For deeper context on the underlying tools (preflight scripts, npm smoke,
publish-crates), see RELEASE_RUNBOOK.md.
1. CHANGELOG entry exists for the version
CHANGELOG.mdhas a## [X.Y.Z] - YYYY-MM-DDheading at the top- The entry credits every external contributor whose commit lands in this
version. Get the list with:
git log vPREV..HEAD --no-merges --format="%h %an <%ae> %s" \ | grep -v '<your-email@…>'For each contributor, link both their display name and (when known)@github-handle. - The entry uses the Keep a Changelog headers —
Added,Changed,Fixed,Security,Removed,Deprecated. AddKnown issuesonly if there is something material the user must work around. - The entry mentions all referenced issue/PR numbers as
#NNNNso the auto-linker on GitHub picks them up.
2. Version pins are in sync
Cargo.tomlworkspaceversionis bumped.- All per-crate
crates/*/Cargo.tomlpath-dependencyversion = "..."pins match the new workspace version. npm/codewhale/package.jsonversionANDcodewhaleBinaryVersionare both bumped.npm/deepseek-tui/package.jsonversionis bumped for the one-release deprecation shim.Cargo.lockis refreshed (cargo update --workspace --offline)../scripts/release/check-versions.shreportsVersion state OK: workspace=X.Y.Z, npm=X.Y.Z, lockfile in sync.
3. Preflight gates
Run, in order, from the repo root:
cargo fmt --all -- --checkcargo check --workspace --all-targets --lockedcargo clippy --workspace --all-targets --all-features --locked -- -D warningscargo test --workspace --all-features --locked(Re-run any single failure in isolation withcargo test -p PKG --bin BIN -- TEST_NAMEbefore declaring it a flake. Tests that mutate process-wide state —HOME,cwd,RUST_LOG— can race in parallel. Document confirmed flakes inKnown issues.)./scripts/release/publish-crates.sh dry-run
4. npm wrapper smoke
cargo build --release --locked -p codewhale-cli -p codewhale-tuinode scripts/release/npm-wrapper-smoke.js(SetDEEPSEEK_TUI_KEEP_SMOKE_DIR=1if you need to inspect the temp install afterwards.)
5. Branch and PR
- Branch is pushed:
git push -u origin work/vX.Y.Z-... - PR opened with
gh pr create --base main --title "chore(release): prepare vX.Y.Z" - PR body includes:
- one-paragraph summary of the release theme
- a punch list of the new commits since the last release
- explicit call-out of any Security items so reviewers see them
- the contributor thank-you list
- the
Known issuesblock from the CHANGELOG, if any
- PR title is neutral — do not put CVE-style language or specific attack details in the title. Save those for the GitHub release notes after the tag is pushed.
6. CI green and review
- All required CI jobs are green. The
versionsjob should mirror the preflightcheck-versions.shand is your last line of defense. - PR has been reviewed.
7. Tag and release (after review)
git tag -s vX.Y.Z -m "vX.Y.Z"git push origin vX.Y.Z- The
release.ymlworkflow has built and uploaded artifacts to the GitHub release for this tag. npm view codewhale@X.Y.Z version codewhaleBinaryVersion --jsonreports the new version on the npm registry.crates.iohas the new version (or thepublish-crates.shjob has pushed it).ghcr.io/hmbown/codewhale:vX.Y.Zand:latestare updated.
8. Post-tag
- Edit the GitHub release notes to expand any CVE-style or attack details that were intentionally omitted from the PR title/body.
- Note any deferred items in the next release's tracking issue.
- Close any issues that this release fixed.
If a step fails, fix the underlying cause rather than skipping it. Pre-commit
hooks, signing, and CI are all here to catch real problems. --no-verify,
--no-gpg-sign, and force-pushing a release branch over reviewers should
remain hard-disabled by convention.