[docs] for adding a new releaser (#492)

* [docs] for adding a new releaser

* fix key list command

* Update docs/release.md

Co-authored-by: Allison Doami <adoami@chanzuckerberg.com>

* add note about different behavior for single key in keybase

* move back to readme

* Update README.md

* add note about github pat

* more note about which key id to use

Co-authored-by: Allison Doami <adoami@chanzuckerberg.com>
Co-authored-by: Eduardo Lopez <elopez@chanzuckerberg.com>

README.md

@@ -27,6 +27,7 @@ It runs a script generated by [godownloader](https://github.com/goreleaser/godow
 You can also just download a binary from our [releases](https://github.com/chanzuckerberg/terraform-provider-snowflake/releases) and follow the [Terraform directions for installing 3rd party plugins](https://www.terraform.io/docs/configuration/providers.html#third-party-plugins).
 
 ### For Terraform v0.13+ users
+
 You can use [Explicit Provider Source Locations](https://www.terraform.io/upgrade-guides/0-13.html#explicit-provider-source-locations).
 
 The following maybe work well.
@@ -55,10 +56,12 @@ If you do not have Go installed:
 1. Install Go `brew install golang`
 2. Make a Go development directory wherever you like `mkdir go_projects`
 3. Add the following config to your profile
-```
-export GOPATH=$HOME/../go_projects # edit with your go_projects dir
-export PATH=$PATH:$GOPATH/bin
-```
+
+   ```shell
+   export GOPATH=$HOME/../go_projects # edit with your go_projects dir
+   export PATH=$PATH:$GOPATH/bin
+   ```
+
 4. Fork this repo and clone it into `go_projects`
 5. cd to `terraform-provider-snowflake` and install all the required packages with `make setup`
 6. Finally install goimports with `(cd && go get golang.org/x/tools/cmd/goimports)`.
@@ -84,11 +87,9 @@ The 'acceptance' tests run the full stack, creating, modifying and destroying re
 
 To run all tests, including the acceptance tests, run `make test-acceptance`.
 
-We also run all tests in our [Travis-CI account](https://travis-ci.com/chanzuckerberg/terraform-provider-snowflake).
-
 ### Pull Request CI
 
-Our CI jobs run the full acceptence test suite, which involves creating and destroying resources in a live snowflake account. Travis-CI is configured with environment variables to authenticate to our test snowflake account. For security reasons, those variables are not available to forks of this repo.
+Our CI jobs run the full acceptence test suite, which involves creating and destroying resources in a live snowflake account. Github Actions is configured with environment variables to authenticate to our test snowflake account. For security reasons, those variables are not available to forks of this repo.
 
 If you are making a PR from a forked repo, you can create a new Snowflake trial account and set up Travis to build it by setting these environement variables:
 
@@ -105,8 +106,28 @@ If you are using the Standard Snowflake plan, it's recommended you also set up t
 
 ## Releasing
 
-**Note: Currently only @ryanking and @edulop91 have keys that are whitelisted in the terraform registry, so only they can do releases.**
+## Running a release
+
+**Note: releases can only be done by those with keybase pgp keys allowed in the terraform registry.**
 
 Releases are done by [goreleaser](https://goreleaser.com/) and run by our make files. There two goreleaser configs, `.goreleaser.yml` for regular releases and `.goreleaser.prerelease.yml` for doing prereleases (for testing).
 
-As of recently releases are also [published to the terraform registry](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest). That publishing requires that releases by signed. We do that signing via goreleaser using individual keybase keys. They key you want to use to sign must be passed in with the `KEYBASE_KEY_ID` environment variable.
+Releases are [published to the terraform registry](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest), which requires that releases by signed.
+
+## Adding a new releaser
+
+To set up a new person for releasing, there are a few steps–
+
+1. releaser: a [keybase account](https://keybase.io/) and a workstation set up with their [Keybase app](https://keybase.io/download).
+2. releaser: a pgp key - `keybase pgp gen`
+3. releaser: export public key.
+   1. If you have a single key in keybase–
+      1. `keybase pgp export`
+   2. If you have more than one key–
+      1. `keybase pgp export` to find id if key you want to export
+      2. `keybase pgp export -q KEY_ID`
+4. github admin for chanzuckerberg: take public key exported above and add it [in the registry](https://registry.terraform.io/settings/gpg-keys)
+5. releaser: set `KEYBASE_KEY_ID` environment variable. Note that this is different from the previous id. Get this one from `keybase pgp list`. It should be like ~70 characters long.
+6. set `GITHUB_TOKEN` environment variable with a personal access token
+7. releaser: run `make release-prerelease` to test that releases are working correctly
+8. releaser: run `make release` to release for real