Gate beta8 release on verified GitHub signature#65
Conversation
carlosjperez
left a comment
There was a problem hiding this comment.
Approved for beta8 candidate review. Public release remains blocked until GitHub verified-signature gate passes and the full release train is synchronized.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after the generated signature report was moved out of tracked evidence. Release remains blocked until GitHub verified-signature gate passes for the final commit.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after binding the beta8 signature report to the exact release commit. Release remains blocked until the GitHub signing key is registered and the verified-signature gate passes.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after adding the beta8 verified-signature gate to the publish workflow. Release remains blocked until GitHub recognizes the signing key for the final commit.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after expanding release-train dry-run triggers to beta8 scripts, PCD and runtime inputs. Release remains blocked until GitHub verified-signature gate passes for the final commit.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after adding the GitHub signing-key preflight. The release remains blocked until the token is refreshed with admin:ssh_signing_key and the public signing key is registered.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after adding the GitHub signing-key runbook and dry-run trigger coverage for it. Release remains blocked until signing key scope/key registration passes.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after adding signing-key preflight to the publish workflow. Publication remains blocked until the preflight and verified-signature gate pass with the registered key.
| } | ||
| } | ||
|
|
||
| function redact(text) { |
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after adding the idempotent GitHub signing key registration command. Release remains blocked until the required GitHub scopes are authorized and the public key is registered.
carlosjperez
left a comment
There was a problem hiding this comment.
Approved for beta8 release-surface sync gates after green CI and release dry-run. Boundary remains assisted/internal generation non-claim.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after account-specific SSH signing key registration. GitHub reports the beta8 PR head commit as verified and the beta8 verified-signature gate passes.
carlosjperez
left a comment
There was a problem hiding this comment.
Re-approved after brik64-admin pushed a GitHub-verified beta8 release head. Checks must remain green before merge.
carlosjperez
left a comment
There was a problem hiding this comment.
Code owner approval from brik64-cli-maintainers for verified beta8 release head.
Summary
Verification
Known blocker
GitHub currently reports the signed commit as verified=false, reason=unknown_key. This PR must not be merged or published until the SSH signing key is registered and the gate passes.