Mastodawn

GitHub: here are immutable releases. Let's make things safer![1]
GH: here we documented recommended usage [2]; use drafts
Also GH: No we don't provide a way in our CI product to trigger for published drafts; yes we will ignore feedback on this [3]

This also landed this unfinished in GHES. The pretty expensive enterprise offering

#github #supplychain #opensourcesecurity

links:
1: https://github.blog/changelog/2025-10-28-immutable-releases-are-now-generally-available/
2: https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases#best-practices-for-publishing-immutable-releases
3: https://github.com/orgs/community/discussions/7118

Immutable releases are now generally available - GitHub Changelog

GitHub releases now support immutability, adding a new layer of supply chain security. With immutable releases, assets and tags are protected from tampering after publication, so the software you publish—and…

The GitHub Blog