Skip to content

[codex] automate multi-arch saola-cli releases#1

Merged
CandidXD merged 1 commit into
devfrom
codex/bundle-saola-cli
Jul 13, 2026
Merged

[codex] automate multi-arch saola-cli releases#1
CandidXD merged 1 commit into
devfrom
codex/bundle-saola-cli

Conversation

@CandidXD

Copy link
Copy Markdown
Collaborator

背景

OpenSaola 需要从 saola-cli 获得双架构、可复现、可校验且不可变的发布输入。此前缺少统一的 dev/stable 元数据和跨仓自动通知链路。

改动

  • 增加严格 release metadata helper:main 映射为 dev-<commit> snapshot,SemVer tag 映射为 stable。
  • 增加 linux/amd64、linux/arm64 静态构建和 SHA256SUMS Make targets。
  • 增加测试、双架构 QEMU smoke、SBOM、artifact attestation、Cosign bundle 和不可变 GitHub Release 流程。
  • 已有 Release 资产只允许验证和安全重放;canonical SBOM 与已有签名 bundle 会重新验证,不覆盖已有资产。
  • 发布完成后通过 OPENSAOLA_DISPATCH_TOKEN 向 OpenSaola 发送不可变 commit、版本、epoch 和 checksum。
  • 补充中英文 release channel 与管理员配置说明。

影响

版本不再通过修改代码文件维护:main 自动产生 dev snapshot,SemVer tag 是 stable 版本边界。OpenSaola 可以按精确 commit 和 checksum 自动消费。

验证

  • bash hack/release-metadata_test.sh
  • bash -n hack/release-metadata.sh hack/release-metadata_test.sh
  • actionlint 验证 CI 和 release workflow
  • make test
  • make release-build release-checksums
  • amd64/arm64 静态 ELF 架构检查
  • sha256sum -c SHA256SUMS
  • git diff --check

部署前置

合并前后需由仓库管理员配置 OPENSAOLA_DISPATCH_TOKEN。stable 仍以 SemVer tag 作为发布触发器。

@CandidXD CandidXD changed the base branch from main to dev July 13, 2026 08:46
@CandidXD CandidXD marked this pull request as ready for review July 13, 2026 08:46
@CandidXD CandidXD merged commit 6c8613c into dev Jul 13, 2026
4 checks passed
@CandidXD CandidXD deleted the codex/bundle-saola-cli branch July 13, 2026 08:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant