From da079e0350975bded5182cd0320e01381a944e33 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 28 May 2025 21:14:26 +0200 Subject: [PATCH] doc: update `git node release` example MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit And add additional info for security releases. PR-URL: https://github.com/nodejs/node/pull/58475 Reviewed-By: Rafael Gonzaga Reviewed-By: Michaƫl Zasso Reviewed-By: Marco Ippolito Reviewed-By: Ruy Adorno --- doc/contributing/releases.md | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/doc/contributing/releases.md b/doc/contributing/releases.md index de56e5acd17..6488c1d51a9 100644 --- a/doc/contributing/releases.md +++ b/doc/contributing/releases.md @@ -735,15 +735,34 @@ the build before moving forward. Use the following list as a baseline: ### 11. Tag and sign the release commit Once you have produced builds that you're happy with you can either run -`git node release --promote` +`git node release --promote`: ```bash -git node release -S --promote https://github.com/nodejs/node/pull/XXXX +git node release --promote https://github.com/nodejs/node/pull/XXXX -S ``` to automate the remaining steps until step 16 or you can perform it manually following the below steps. +
+Security release + +For security releases, NCU should be configured to target the public repository, +not the private one where the proposal are hosted. Pass the upstream where to +fetch the proposal from using the `--fetch-from` flag. + +When promoting several releases, you can pass multiple URLs: + +```bash +git node release --promote \ + --fetch-from git@github.com:nodejs-private/node-private.git \ + https://github.com/nodejs-private/node-private/pull/XXXX \ + https://github.com/nodejs-private/node-private/pull/XXXX \ + -S +``` + +
+ *** Create a new tag: By waiting until this stage to create tags, you can discard