doc: update GPG key in release check list and minor improvements (#282)

This PR updates release check list with new GPG key with some other improvements. Signed-off-by: Billy Zha <[email protected]>
oras-project · Feb 2, 2024 · 4a901fa · 4a901fa
1 parent 66d7e63
commit 4a901fa
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/docs/community/developer_guide.mdx b/docs/community/developer_guide.mdx
@@ -89,18 +89,20 @@ This section needs a lot of love and automation 🙂
 1. Open a bump PR to build with the latest golang: replace go version of the [binary](https://github.com/oras-project/oras/blob/main/.github/workflows/release-github.yml#L32) and [image](https://github.com/oras-project/oras/blob/main/Dockerfile#L14) to match the latest stable version. Skippable if the latest version is already used.
 1. (patch-release-only) Cherry-pick or backport the fix commits to the patch release branch. Make sure applicable critical and high CVE patches are on the release branch.
 
-### Request to vote
+### Request to vote and merge
 1. Open a PR to update the `oras` version: replace the [current version](https://github.com/oras-project/oras/blob/main/internal/version/version.go#L20) with the upcoming release version.
     - The target branch is:
         - `main` if releasing a new version.
         - `release-<major>.<minor>` if releasing a patch.
     - The title should be `bump: tag and release ORAS CLI v<major>.<minor>.<patch>[-<pre-release>]`.
     - The description must reference the digest of version bump up commit for voting.
-1. Send a message to the ORAS slack channel to call for a vote on the release PR. If the vote PR has a super-majority of approval from ORAS maintainers, then the PR could be merged into the target branch.
+1. Send a message to the ORAS slack channel to call for a vote on the release PR.
     - The target commit should be the SHA digest of the last commit in the release PR
+1. If the vote PR has a super-majority of approval from ORAS maintainers, then the PR could be merged into the target branch.
     - Make sure that
         - the PR is merged with `Create a merge commit` option.
-        - signoff info is added to the merge commit.
+        - the merge commit title should be generated by Github.
+        - the merge commit message should be the signoff info.
 1. (optional) Cut off a release branch named `release-<major>.<minor>` on the tagged commit **ONLY** when releasing a new minor version.
 
 ### Release
@@ -143,7 +145,7 @@ This section needs a lot of love and automation 🙂
     ```
     ## Notes
 
-    This release was signed with `BE6F A8DD A48D 4C23 0091 A0A9 276D 8A72 4CE1 C704` (@qweeah's GPG key) which can be found [here](https://github.com/qweeah.gpg).
+    This release was signed with `46D3 369B 393F 6F82 71FD 1CE8 F86E C70D 2B0C 404F` (@qweeah's GPG key) which can be found [here](https://github.com/qweeah.gpg).
     ```
     The uploaded signatures and GPG key will be used for [binary validation](https://oras.land/docs/how_to_guides/verifying_binaries).
 1. Click "Publish Release" button to save. Double-check that the release contains a corresponding `.asc` file for each release artifact.