- release.yml now generates release-YYYYMMDD-<sha> tags automatically
- changelog.yml requires explicit version input, no auto-increment from tags
- sign.yml normalises extensions to .asc and .b2sum
- build-sign-release.yml neutered to a no-op with descriptive error
- tag_release.py archived to scripts/archived/
- update_changelog.py: version_from_changelog() is now primary version source
- .gitignore: fix export/ tracking to match actual file extensions
- docs/code/develop.md: fully rewritten to reflect new manual four-step flow
Keep it clean, simple, only include the semver tag:
LATEST=$(git tag --list 'v*' --sort=-version:refname \
| grep -E '^v[0-9]+\.[0-9]+\.[0-9]+
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
build.yml — builds PDFs, uploads artifact, no secrets required
sign.yml — hashes (SHA-256 + BLAKE2b) and GPG-signs, triggered via
workflow_run after build or manually with a build_run_id
release.yml — downloads artifacts, uploads to VirusTotal, publishes
tagged GitHub Release with all 12 assets attached
All three chain automatically on push to main. Each can be re-run or
triggered independently against any historical run.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
nopeitsnothing