From 221073f509a9d6eb9ed0aaf166f4ea85435a37d5 Mon Sep 17 00:00:00 2001
From: Jeff Mendoza <jeffmendoza@google.com>
Date: Thu, 24 Mar 2022 10:37:15 -0700
Subject: [PATCH] v2.0 Release

---
 .github/workflows/release.yaml | 27 +++++++++++++++++
 README.md                      | 36 ++++++++++++++---------
 whats-new.md                   | 53 ++++++++++++++++++++++++++++++++++
 3 files changed, 103 insertions(+), 13 deletions(-)
 create mode 100644 .github/workflows/release.yaml
 create mode 100644 whats-new.md

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 00000000..10fb6fbc
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,27 @@
+on:
+  push:
+    tags:
+      - '*'
+permissions:
+  id-token: write # Undocumented OIDC support.
+  packages: write # To publish container images to GHCR
+  contents: write # To create a release
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-go@v2
+      with:
+        go-version: 1.17
+    - uses: sigstore/cosign-installer@main
+    - run: go install github.com/google/ko@v0.10.0
+    - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.workflow }} --password-stdin
+    - run: KO_DOCKER_REPO=ghcr.io/${{ github.repository_owner }} ko publish -B ./cmd/allstar > container
+    - run: docker pull $(cat container)
+    - run: docker tag $(cat container) ghcr.io/${{ github.repository_owner }}/allstar:${{ github.ref_name }}
+    - run: docker push ghcr.io/${{ github.repository_owner }}/allstar:${{ github.ref_name }}
+    - run: COSIGN_EXPERIMENTAL=1 cosign sign -a git_sha=$GITHUB_SHA ghcr.io/${{ github.repository_owner }}/allstar:${{ github.ref_name }}
+    - run: gh release create ${{ github.ref_name }} --notes "ghcr.io/${{ github.repository_owner }}/allstar:${{ github.ref_name }}"
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/README.md b/README.md
index ab04364c..06fd5132 100644
--- a/README.md
+++ b/README.md
@@ -2,22 +2,26 @@
 
 # **Allstar**
 
-## Overview 
+## Overview
 
 -  [What Is Allstar?](#what-is-allstar)
 
+## What's new with Allstar
+
+- [whats-new.md](whats-new.md)
+
 ## Disabling Unwanted Issues
 
 -  [Help! I'm getting issues created by Allstar and I don't want them!](#disabling-unwanted-issues-1) 
 
-## Getting Started 
+## Getting Started
 
--  [Background](#background) 
--  [Org-Level Options](#org-level-options) 
+-  [Background](#background)
+-  [Org-Level Options](#org-level-options)
 -  [Installation Options](#installation-options)
     - [Quickstart Installation](#quickstart-installation)
     - [Manual Installation](#manual-installation)
- 
+
 ## Policies and Actions
 - [Actions](#actions)
 - [Policies](#policies)
@@ -32,21 +36,27 @@
 ________
 ________
 
-## Overview 
+## Overview
 
 ### What is Allstar?
 
-Allstar is a GitHub App that continuously monitors GitHub organizations or repositories for adherence to security best practices. 
-If Allstar detects a security policy violation, it creates an issue to alert the repository or organization owner. 
-For some security policies, Allstar can also automatically change the project setting that caused the violation, reverting it to the expected state. 
+Allstar is a GitHub App that continuously monitors GitHub organizations or
+repositories for adherence to security best practices.  If Allstar detects a
+security policy violation, it creates an issue to alert the repository or
+organization owner.  For some security policies, Allstar can also automatically
+change the project setting that caused the violation, reverting it to the
+expected state.
 
-Allstar’s goal is to give you finely tuned control over the files and settings that affect the security of your projects.
-You can choose which security policies to monitor at both the organization and repository level, and how to handle policy violations. 
-You can also develop or contribute new policies. 
+Allstar’s goal is to give you finely tuned control over the files and settings
+that affect the security of your projects.  You can choose which security
+policies to monitor at both the organization and repository level, and how to
+handle policy violations.  You can also develop or contribute new policies.
 
 Allstar is developed under the [OpenSSF](https://openssf.org/) organization, as
 a part of the [Securing Critical Projects Working
-Group](https://github.com/ossf/wg-securing-critical-projects). 
+Group](https://github.com/ossf/wg-securing-critical-projects).
+
+## [What's new with Allstar](whats-new.md)
 
 ## Disabling Unwanted Issues
 If you're getting unwanted issues created by Allstar, follow [these directions](opt-out.md) to opt out. 
diff --git a/whats-new.md b/whats-new.md
new file mode 100644
index 00000000..137243c6
--- /dev/null
+++ b/whats-new.md
@@ -0,0 +1,53 @@
+# What's new with Allstar
+
+Major features and changes added to Allstar.
+
+## Added since last release
+
+-
+
+## Release v2.0
+
+- Branch Protection added the `requireStatusChecks` setting to ensure listed
+  status checks are set in protection settings. Also enforces the
+  `requireUpToDateBranch` option, if `requireStatusChecks` is set.
+
+- You may now opt-out of repos marked as "archived" in GitHub with the
+  `optOutArchivedRepos` option.
+
+- Binary Artifacts policy issue text improved.
+
+- A custom footer can be added to all issues created in an organization with
+  the `issueFooter` option.
+
+- Branch Protection now supports the "fix" action.
+
+## Proposed functionality changes in v2.0
+
+- Option `testingOwnerlessAllowed` in Outside Collaborator policy. Currently
+  defaults true, proposal to default to false in next release.
+
+  - Note: this was temporarily enabled in Jan, but then turned off due to a bug.
+
+## Pre v2.0
+
+Regular releases were not made before v2.0, so all previous notes are here.
+
+- All issues for an org can be routed to a single repo using the `issueRepo`
+  setting.
+
+- Org config can now be located in `.github/allstar` as a secondary location
+  after the `.allstar` repo.
+
+- Issues can be created with a custom label using the `issueLabel` option.
+
+- Private or Public repositories can be opt-out as a group with the
+  `optOutPrivateRepos` or `optOutPublicRepos` options.
+
+- We will retroactively call this Allstar v1.0: Allstar announced
+  https://openssf.org/blog/2021/08/11/introducing-the-allstar-github-app/
+
+- Initial policies and features built
+
+- Allstar was proposed to the OpenSSF Securing Critical Projects WG and
+  accepted https://youtu.be/o3SiBDUTCrw?t=300