stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
bc4318ef971247e18c9c05f8b7838880f6584dc3
git.stella-ops.org/docs2/release/release-engineering.md
master bc4318ef97 Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-23 18:56:12 +02:00

47 lines
1.2 KiB
Markdown
Raw Blame History

# Release engineering
Release engineering turns main into signed, reproducible, airgap friendly
artifacts. Builds must be deterministic and verifiable offline.
Release philosophy
- Every commit on main is releasable.
- Builds are reproducible and offline friendly.
- All artifacts ship with SBOMs and signatures.
Versioning and branches
- main: nightly images
- release/X.Y: stabilization branch
- tags X.Y.Z: signed releases
Pipeline stages (high level)
- Lint, unit tests, build, container tests
- SBOM generation and provenance
- Signing and publishing
- End to end tests and notifications
Artifact signing
- Cosign for containers and bundles
- DSSE envelopes for attestations
- Optional Rekor anchoring when available
- Promotion attestations capture release evidence for offline audit
Offline update kit (OUK)
- Monthly bundle of feeds and tooling
- Signed tarball with hashes and offline token
Release checks
- Verify SBOM attachment and signatures
- Run release verifier scripts
- Smoke test offline kit
Hotfixes
- Branch from latest tag, minimal patch, retag and publish
Related references
- docs/13_RELEASE_ENGINEERING_PLAYBOOK.md
- docs/ci/*
- docs/devops/*
- docs/release/* and docs/releases/*
- release/promotion-attestations.md
- release/release-notes.md
Reference in New Issue View Git Blame Copy Permalink