Skip to content

feat(ci): add canary release workflow for linux and macos#80

Open
swarit-stepsecurity wants to merge 1 commit into
step-security:mainfrom
swarit-stepsecurity:swarit/feat/canary-release
Open

feat(ci): add canary release workflow for linux and macos#80
swarit-stepsecurity wants to merge 1 commit into
step-security:mainfrom
swarit-stepsecurity:swarit/feat/canary-release

Conversation

@swarit-stepsecurity
Copy link
Copy Markdown
Member

@swarit-stepsecurity swarit-stepsecurity commented May 18, 2026

Internal pre-release builds gated by the canary-release GitHub environment. Builds run on native runners (ubuntu + macos), macOS binary is ad-hoc signed, all artifacts get Sigstore cosign + SLSA attestation. Lightweight canary-<run>-<sha> tag keeps these out of the semver tag pool. Production release path is untouched.

What does this PR do?

Type of change

  • Bug fix
  • Enhancement
  • Documentation

Testing

  • Tested on macOS (version: ___)
  • Binary runs without errors: ./stepsecurity-dev-machine-guard --verbose
  • JSON output is valid: ./stepsecurity-dev-machine-guard --json | python3 -m json.tool
  • No secrets or credentials included
  • Lint passes: make lint
  • Tests pass: make test

Related Issues

@swarit-stepsecurity
feat(ci): add canary release workflow for linux and macos
0a4d345 
Internal pre-release builds gated by the `canary-release` GitHub
environment. Builds run on native runners (ubuntu + macos), macOS
binary is ad-hoc signed, all artifacts get Sigstore cosign + SLSA
attestation. Lightweight `canary-<run>-<sha>` tag keeps these out of
the semver tag pool. Production release path is untouched.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@swarit-stepsecurity