Release Checklist¶
This checklist guides AutoShip-CLI maintainers through completing an official or pre-release version. Before release, at least two maintainers must cross-review and check off all items.
1. Version & Changelog¶
- Confirm the version number follows SemVer.
- Stable release:
MAJOR.MINOR.PATCH, e.g.1.0.0. - Pre-release: append
-alpha.N,-beta.N, or-rc.N, e.g.1.1.0-rc.1. - Update the root
CHANGELOG.mdand the documentationchangelog.md. - Add a new version section with
Added/Changed/Deprecated/Removed/Fixed/Securitysubsections. - Mark the release date (UTC+8).
- Confirm that
project.versioninpyproject.tomlmatches the target version. - Confirm that the version number and dependency constraints in
autoship-sdk/pyproject.tomlare updated in sync.
2. Code Quality Gates¶
Run and pass locally:
uv run ruff check src tests dogfood benchmarks
uv run ruff format --check src tests dogfood benchmarks
uv run pyright
uv run pytest -q
uv run pytest autoship-sdk/tests -q
uv run bandit -r src -ll
uv run pip-audit --desc
- ruff lint passes
- ruff format check passes
- pyright type check passes
- autoship unit tests pass (coverage ≥ 85%)
- autoship-sdk tests pass
- bandit security scan has no medium/high severity issues
- pip-audit dependency vulnerability scan has no unfixed issues
3. Integration & Performance Tests¶
- dogfood smoke test passes
- benchmark regression test passes, no performance degradation
4. Documentation & Website¶
- Command reference documentation is consistent with actual CLI behavior.
- Installation/quick start steps in
docs/index.mdandREADME.mdare reproducible. - Data collection scope in
docs/privacy.mdanddocs/telemetry.mdis accurate. - Preview the MkDocs site locally:
uv run mkdocs serve, confirm navigation and links work. - Official website
website/build passes:cd website && npm install && npm run build.
5. Signing Keys & Credentials¶
- The PGP private key used to sign
verifiedplugins is valid and not expired. - PyPI/TestPyPI release token or Trusted Publishing configuration is valid.
- GitHub Actions environment
pypi/testpypiapproval rules are configured.
6. Release Execution¶
6.1 Create a Git Tag¶
git switch main
git pull origin main
git tag -a v<X.Y.Z> -m "Release v<X.Y.Z>"
git push origin v<X.Y.Z>
- Tag name matches the version number (e.g.
v1.0.0). - Tag points to the latest commit on the
mainbranch.
6.2 Trigger the Release Workflow¶
Pushing the tag automatically triggers .github/workflows/release.yml:
-
pypi/testpypiauto-routing is correct (pre-release tags go to TestPyPI). -
autoshipandautoship-sdkwheels are uploaded successfully. - Multi-platform binaries and SHA256 checksums are generated successfully.
- GitHub Release Notes are auto-generated and include binary artifacts.
7. Post-Release Verification¶
- PyPI/TestPyPI page shows the new version.
-
pip install autoship==<X.Y.Z>installs successfully. - Download the binary from the GitHub Release;
autoship --helpandautoship doctorrun normally. - Official documentation site
https://ms33834.github.io/autoship-cli/docsis refreshed. - Official website
https://ms33834.github.io/autoship-cli/is refreshed (if website changes are involved).
8. Security Announcements & Communication¶
If this release includes security fixes:
- Update supported versions and fix notes in
SECURITY.md. - Publish a security advisory via GitHub Security Advisory.
- Sync the information across community channels (Discussions, Twitter/X, Zhihu, etc.).
Historical Release Records¶
| Version | Release Date | Released By | Notes |
|---|---|---|---|
| 1.0.0 | 2026-06-19 | AutoShip Team | First stable release |
| 1.0.0-rc.1 | 2026-06-19 | AutoShip Team | First RC |
| 0.2.0-beta.1 | 2026-06-18 | AutoShip Team | Beta preview |
| 0.1.0 | 2026-06-18 | AutoShip Team | Initial version |