jupyter_releaser icon indicating copy to clipboard operation
jupyter_releaser copied to clipboard

Published 20 hours ago verified publisher icon jupyter-server

Handle Security Releases

Open blink1073 opened this issue 2 years ago • 0 comments

Problem

It is awkward to make silent security releases. We can't currently use releaser and we either need to remember to add the changelog entry after the fact, or manually set the version when making the next release.

Proposed Solution

Add a workflow on releaser that creates a silent release with a placeholder entry in the changelog. This placeholder would be honored by the next release target. Additionally, once the security advisory is published, we could add a workflow that updates the changelog with a link to the published advisory, and creates the public GitHub release.

Additional context

Example of a manual GitHub release and changelog PR.

blink1073 avatar Jun 15 '22 01:06 blink1073