Git Release Tagging
Trigger Boundary
- •Use when shipping a release candidate or production release from Git.
- •Do not use for deployment runtime orchestration; use
ci-cd-pipeline-design. - •Do not use for sprint planning or roadmap updates; use
technical-roadmapping.
Goal
Produce auditable, immutable release markers with clear change traceability.
Shared Git Contract (Canonical)
- •Use
../git-branch-strategy/references/git-governance-contract.mdas the single schema and gate source. - •Track release tagging artifacts with
GIT-REL-*IDs. - •Run machine validation:
python3 ../git-branch-strategy/scripts/validate_git_contract.py --manifest <path/to/manifest.json>.
Inputs
- •Release branch or commit SHA to tag
- •Versioning policy and naming convention
- •Release notes source and approval requirements
Outputs
- •
GIT-REL-*signed annotated release tag record - •Release notes linked to commit range
- •Verification checklist for tagged artifact
Workflow
- •Validate release commit readiness and required approvals.
- •Create signed annotated tag with version and summary metadata.
- •Verify signature and confirm tag points to intended immutable commit.
- •Generate release notes from bounded commit range.
- •Publish tag and notes with distribution and verification record.
Quality Gates
- •Tag naming follows repository versioning policy.
- •Tag is signed, signature verification passes, and protected tag policy is enforced.
- •Release notes map clearly to included changes.
- •Security Reviewer approval is present for
GIT-REL-*artifacts.
Failure Handling
- •Stop when release commit is not fully validated.
- •Stop when tag signature cannot be verified.
- •Escalate when version naming conflicts with existing tags.