- update release notes
- make sure local build passes
- run ./scripts/copy-docs.sh (and commit the changed in the yq-book branch)
- run ./scripts/bump-version.sh
- git push
// to move the v4 branch
- git push origin -d v4
- git push --tags
- use github actions to publish docker and make github release
- check github updated yq action in marketplace
- update github-action/Dockerfile to pin the newly published docker image digest:
    skopeo inspect docker://docker.io/mikefarah/yq:4 | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['Digest'])"
  then update the FROM line in github-action/Dockerfile with the new digest:
    FROM mikefarah/yq:4@sha256:<new-digest>

// release artifacts are signed with cosign keyless signing (Sigstore)
// users can verify with:
//   cosign verify-blob --bundle checksums.bundle checksums
// install cosign: brew install cosign  OR  go install github.com/sigstore/cosign/v2/cmd/cosign@latest


- snapcraft
  - update snapcraft version
  - https://snapcraft.io/yq/builds
  - will auto create a candidate, test it works then promote
  - !! need to update v4/stable as well as latest
  
  sudo snap remove yq
  sudo snap install --edge yq
  
  then use the UI (https://snapcraft.io/yq/release)

- brew
  - brew bump-formula-pr --url=https://github.com/mikefarah/yq/archive/2.2.0.tar.gz yq
  - if that fails with random ruby errors try:
    - clearing out the gems rm -rf .gem/ruby/2.3.0
    - export HOMEBREW_FORCE_VENDOR_RUBY=1

- docker
  - build and push latest and new version tag
  - docker build .  -t mikefarah/yq:latest -t mikefarah/yq:3 -t mikefarah/yq:3.X

- debian package (with release script)
  - execute the script `./scripts/release-deb.sh` *on the machine having the private
      gpg key to sign the generated sources* providing the version to release, the
      ppa where deploying the files and the passphrase of the private key if needed:
      ```
      ./scripts/release-deb.sh -o output -p -s --passphrase PASSPHRASE VERSION
      ```

- debian package (manually)
  - ensure you get all vendor dependencies before packaging
	```go mod vendor```
  - execute 
    ```dch -i```
  - fill debian/changelog with changes from last version
  - build the package sources 
    ```debuild -i -I -S -sa```
    (signing with gpg key is required in order to put it to ppa)
  - put to PPA
    ```dput ppa:<REPOSITORY> ../yq_<VERSION>_source.changes```
    (current distro repository is ppa:rmescandon/yq. In case that a new version
    is released, please contact rmescandon@gmail.com to bump debian package)
