doc: update git node release example

And add additional info for security releases. PR-URL: https://github.com/nodejs/node/pull/58475 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Ruy Adorno <ruy@vlt.sh>
2025-05-28 21:14:26 +02:00 · 2025-05-28 21:14:26 +02:00 · da079e0350
commit da079e0350
parent d5345b6da9
1 changed files with 21 additions and 2 deletions
--- a/doc/contributing/releases.md
+++ b/doc/contributing/releases.md
@ -735,15 +735,34 @@ the build before moving forward. Use the following list as a baseline:
 ### 11. Tag and sign the release commit

 Once you have produced builds that you're happy with you can either run
-`git node release --promote`
+`git node release --promote`:

 ```bash
-git node release -S --promote https://github.com/nodejs/node/pull/XXXX
+git node release --promote https://github.com/nodejs/node/pull/XXXX -S
 ```

 to automate the remaining steps until step 16 or you can perform it manually
 following the below steps.

+<details>
+<summary>Security release</summary>
+
+For security releases, NCU should be configured to target the public repository,
+not the private one where the proposal are hosted. Pass the upstream where to
+fetch the proposal from using the `--fetch-from` flag.
+
+When promoting several releases, you can pass multiple URLs:
+
+```bash
+git node release --promote \
+  --fetch-from git@github.com:nodejs-private/node-private.git \
+  https://github.com/nodejs-private/node-private/pull/XXXX \
+  https://github.com/nodejs-private/node-private/pull/XXXX \
+  -S
+```
+
+</details>
+
 ***

 Create a new tag: By waiting until this stage to create tags, you can discard