Release Checklist¶

This checklist defines the standard release process for Cognition patch, minor, and major releases.

Use this document before cutting any Git tag or GitHub release. The goal is to prove that the exact release commit is shippable before publication, especially for multi-arch container images.

Release Principles¶

Never tag first and validate later.
Keep source release, Git tag, and published container images tied to the same commit.
Do not mutate an existing published tag to fix packaging mistakes. Cut a new patch release instead.
Release-critical fixes must land on main before release preparation begins.
Prefer a short-lived release/vX.Y.Z branch for release-only metadata updates.

Release Branch¶

Start from origin/main, not a stale or divergent local branch.
Create a short-lived branch named release/vX.Y.Z.
Limit branch changes to release-scoped updates:
server/version.py
CHANGELOG.md
minimal ROADMAP.md updates when required
other release metadata only when necessary
Do not mix feature work, opportunistic refactors, or unrelated dependency churn into the release branch.

Pre-Release Validation¶

Run these checks from the exact release branch commit:

uv run pytest tests/unit -v
uv run ruff check .
uv run mypy .

All three must pass before the release PR is merged.

Container Validation¶

Before tagging, prove the release commit can build all required container variants.

Required image targets:

App image linux/amd64
App image linux/arm64
Sandbox image linux/amd64
Sandbox image linux/arm64

At minimum, validate that:

Dockerfile builds on both target architectures.
Dockerfile.sandbox builds on both target architectures.
App and sandbox image build paths are independent.
Multi-arch manifest creation can succeed for app and sandbox images independently.

Required Pre-Release Workflow¶

Run .github/workflows/pre-release-images.yml from the release branch before tagging.

Use temporary candidate tags such as 0.8.3-rc1 so the exact release commit exercises the real registry push and manifest creation path without mutating final semver tags.

That workflow must complete successfully for:

app linux/amd64
app linux/arm64
sandbox linux/amd64
sandbox linux/arm64
app candidate manifest creation
sandbox candidate manifest creation

Release Workflow Expectations¶

For a release to be considered healthy, the release workflow must be able to complete these jobs successfully:

test (3.11)
test (3.12)
build-amd64-app
build-amd64-sandbox
build-arm64-app
build-arm64-sandbox
merge-manifests-app
merge-manifests-sandbox

If one image family fails, the other should still be able to build independently. That behavior is required for release workflow hygiene.

Release PR¶

Open a PR from release/vX.Y.Z to main.

The PR should include:

version bump
changelog entry
any required roadmap release metadata updates
validation output summary

Recommended PR body sections:

Summary
Validation
Release notes or key fixes

Tagging And Publishing¶

Only create the Git tag after:

the release PR is merged
the merge commit is confirmed on origin/main
validation is green
the pre-release image workflow has succeeded for the exact release commit
the release commit is the one intended for source and images

Then:

create tag vX.Y.Z
create GitHub release from that exact commit
monitor release workflow to completion

Post-Release Verification¶

Verify all of the following:

GitHub release exists and points at the intended commit
release workflow completed successfully
app multi-arch manifest was published
sandbox multi-arch manifest was published
expected semver tags exist for both packages
no last-minute divergence exists between release notes and shipped code

Recovery Rule¶

If a release fails because of packaging, workflow, or container issues after the tag is published:

do not rebuild different code under the same release tag
land the fix on main
prepare a new patch release
cut vX.Y.(Z+1) from the corrected commit

This keeps source history, release notes, and container artifacts consistent.