Skip to content

MCP release pipelines: signed-release scripts with pre-upload signature gate#124

Merged
kiki830621 merged 1 commit into
mainfrom
idd/119-release-gate
Jul 2, 2026
Merged

MCP release pipelines: signed-release scripts with pre-upload signature gate#124
kiki830621 merged 1 commit into
mainfrom
idd/119-release-gate

Conversation

@kiki830621

Copy link
Copy Markdown
Collaborator

Refs #119

Summary

三個 MCP repos(原本零 release 工具鏈 — #165 ad-hoc 外流根因)各獲 canonical scripts/release.sh:universal build → Developer ID codesign → pre-upload gate(與 wrapper 同一 requirement 字串,兩端一把尺)→ notarize(必須 Accepted)→ FINAL GATE(上傳檔臨門重驗 + sha256 相符)→ gh release create 自建 tag(無死路)。本 PR 為 macdoc 的 submodule pointer bumps(各 repo commits 已 direct push main)。

Verification

6-AI ensemble PASS(8 findings 全數 Fixed/記錄;HIGH tag 死路、TOCTOU、untracked 滲入等 — 詳見 issue #119 Verify comment)。

Checklist

  • Diagnose
  • Implement(3 repos ×2 commits + pointer bumps)
  • Verify PASS(6-AI)
  • Verify-gated: ready to merge → after merge, run /idd-close to finalize (manual gate; no auto-close trailer)

🤖 Generated by /idd-all. Do NOT add a GitHub close trailer (Closes/Fixes/Resolves).

@kiki830621 kiki830621 merged commit 770c318 into main Jul 2, 2026
2 checks passed
@kiki830621 kiki830621 deleted the idd/119-release-gate branch July 2, 2026 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant