Skip to content

Release Process

江河 edited this page Jul 1, 2026 · 1 revision

Release Process

Releases are owned by the human maintainer. Agents should not tag, create GitHub releases, or publish npm packages unless explicitly asked.

Local Gates

go build ./...
go test -count=1 ./...
gofmt -l main.go cmd internal
golangci-lint run --timeout=5m
go vet -tags=integration ./...
go test -race -count=1 ./...
npm pack --dry-run

For cgo-sensitive release checks, also run:

CGO_ENABLED=0 go build ./...

Release Metadata

Release builds inject metadata through main-package ldflags:

-X main.version=<version> -X main.commit=<sha> -X main.built=<yyyy-mm-dd>

Supply Chain

  • GitHub Actions builds release artifacts.
  • Checksums are signed with cosign.
  • npm provenance is used for package publishing.
  • Wiki pages should be updated when user-facing commands, governance, output contracts, or release flow change.

Clone this wiki locally