What
On a tag push (v*), attach the Secure Boot–signed UKI(s) to a GitHub Release with generated release notes, driven by Release Drafter.
- Adopt Release Drafter to assemble draft release notes from merged PRs (Conventional Commit categories).
- On tag, publish the draft and upload the signed UKI artifact(s) as release assets (one per arch).
- Source the UKI from the
ci-image build output (currently uploaded only as an ephemeral per-run artifact).
Why
ci-image produces the UKI as a workflow run artifact — ephemeral (~90-day retention), reachable only from the Actions run, not versioned or publicly listed. Tagged releases need durable, versioned, listed downloads with notes. Release Drafter is the chosen mechanism for the notes.
Acceptance
- Tagging
vX.Y.Z yields a GitHub Release with notes and the signed UKI(s) attached.
- Release notes are generated from merged PRs, not hand-written.
- No third-party publishing action beyond Release Drafter itself; pinned by version.
What
On a tag push (
v*), attach the Secure Boot–signed UKI(s) to a GitHub Release with generated release notes, driven by Release Drafter.ci-imagebuild output (currently uploaded only as an ephemeral per-run artifact).Why
ci-imageproduces the UKI as a workflow run artifact — ephemeral (~90-day retention), reachable only from the Actions run, not versioned or publicly listed. Tagged releases need durable, versioned, listed downloads with notes. Release Drafter is the chosen mechanism for the notes.Acceptance
vX.Y.Zyields a GitHub Release with notes and the signed UKI(s) attached.