File tree Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Original file line number Diff line number Diff line change @@ -112,6 +112,17 @@ It is critical you make sure the version you push upstream is correct.
112112Finally create a Release for the new `<new tag>` on GitHub.
113113The release body should include all the release notes from the Changelog for this release.
114114
115+ ### Sign the Release Artifact
116+
117+ To ensure we comply with CNCF best practices, we need to sign the release artifact.
118+ The tarball attached to the GitHub release needs to be signed with your GPG key.
119+
120+ Follow [these steps] to sign the release artifact and upload it to GitHub.
121+ You can use [this script] to verify the contents of the tarball before signing it.
122+
123+ [these steps]: https://wiki.debian.org/Creating%20signed%20GitHub%20releases
124+ [this script]: https://github.com/MrAlias/attest-sh
125+
115126## Post-Release
116127
117128### Contrib Repository
You can’t perform that action at this time.
0 commit comments