github.com/coreos/rocket@v1.30.1-0.20200224141603-171c416fac02/Documentation/devel/release.md (about) 1 # rkt release guide 2 3 ## Release cycle 4 5 This section describes the typical release cycle of rkt: 6 7 1. A GitHub [milestone][milestones] sets the target date for a future rkt release. Releases occur approximately every two to three weeks. 8 2. Issues grouped into the next release milestone are worked on in order of priority. 9 3. Changes are submitted for review in the form of a GitHub Pull Request (PR). Each PR undergoes review and must pass continuous integration (CI) tests before being accepted and merged into the main line of rkt source code. 10 4. The day before each release is a short code freeze during which no new code or dependencies may be merged. Instead, this period focuses on polishing the release, with tasks concerning: 11 * Documentation 12 * Usability tests 13 * Issues triaging 14 * Roadmap planning and scheduling the next release milestone 15 * Organizational and backlog review 16 * Build, distribution, and install testing by release manager 17 18 ## Release process 19 20 This section shows how to perform a release of rkt. 21 Only parts of the procedure are automated; this is somewhat intentional (manual steps for sanity checking) but it can probably be further scripted, please help. 22 The following example assumes we're going from version 1.1.0 (`v1.1.0`) to 1.2.0 (`v1.2.0`). 23 24 Let's get started: 25 26 - Start at the relevant milestone on GitHub (e.g. https://github.com/rkt/rkt/milestones/v1.2.0): ensure all referenced issues are closed (or moved elsewhere, if they're not done). Close the milestone. 27 - Update the [roadmap][roadmap] to remove the release you're performing, if necessary 28 - Ensure that `stage1/aci/aci-manifest.in` is the same version of appc/spec vendored with rkt. Otherwise, update it. 29 - Branch from the latest master, make sure your git status is clean 30 - Ensure the build is clean! 31 - `git clean -ffdx && ./autogen.sh && ./configure --enable-tpm=no --enable-functional-tests && make && make check` should work 32 - Integration tests on CI should be green 33 - Update the [release notes][changelog]. 34 Try to capture most of the salient changes since the last release, but don't go into unnecessary detail (better to link/reference the documentation wherever possible). 35 `scripts/changelog.sh` will help generating an initial list of changes. Correct/fix entries if necessary, and group them by category. 36 37 The rkt version is [hardcoded in the repository][configure_ac], so the first thing to do is bump it: 38 39 - Run `scripts/bump-release v1.2.0`. 40 This should generate two commits: a bump to the actual release (e.g. v1.2.0, including CHANGELOG updates), and then a bump to the release+git (e.g. v1.2.0+git). 41 The actual release version should only exist in a single commit! 42 - Sanity check what the script did with `git diff HEAD^^` or similar. 43 As well as changing the actual version, it also attempts to fix a bunch of references in the documentation etc. 44 - If the script didn't work, yell at the author and/or fix it. 45 It can almost certainly be improved. 46 - File a PR and get a review from another [maintainer][maintainers]. 47 This is useful to a) sanity check the diff, and b) be very explicit/public that a release is happening 48 - Ensure the CI on the release PR is green! 49 - Merge the PR 50 51 Check out the release commit and build it! 52 53 - `git checkout HEAD^` should work. You want to be at the commit where the version is without "+git". Sanity check configure.ac (2nd line). 54 - Build rkt inside rkt (so make sure you have rkt in your $PATH): 55 - `export BUILDDIR=$PWD/release-build && mkdir -p $BUILDDIR && sudo BUILDDIR=$BUILDDIR ./scripts/build-rir.sh` 56 - Sanity check the binary: 57 - Check `release-build/target/bin/rkt version` 58 - Check `ldd release-build/target/bin/rkt`: it can contain linux-vdso.so, libpthread.so, libc.so, libdl.so and ld-linux-x86-64.so but nothing else. 59 - Check `ldd release-build/target/tools/init`: same as above. 60 - Build convenience packages: 61 - `sudo BUILDDIR=$BUILDDIR ./scripts/build-rir.sh --exec=./scripts/pkg/build-pkgs.sh -- 1.2.0` (add correct version) 62 63 Sign a tagged release and push it to GitHub: 64 65 - Grab the release key (see details below) and add a signed tag: `GIT_COMMITTER_NAME="CoreOS Application Signing Key" GIT_COMMITTER_EMAIL="security@coreos.com" git tag -u $RKTSUBKEYID'!' -s v1.2.0 -m "rkt v1.2.0"` 66 - Push the tag to GitHub: `git push --tags` 67 68 Now we switch to the GitHub web UI to conduct the release: 69 70 - Start a [new release][gh-new-release] on Github 71 - Tag "v1.2.0", release title "v1.2.0" 72 - Copy-paste the release notes you added earlier in [CHANGELOG.md][changelog] 73 - You can also add a little more detail and polish to the release notes here if you wish, as it is more targeted towards users (vs the changelog being more for developers); use your best judgement and see previous releases on GH for examples. 74 - Attach the release. 75 This is a simple tarball: 76 77 ``` 78 export RKTVER="1.2.0" 79 export NAME="rkt-v$RKTVER" 80 mkdir $NAME 81 cp release-build/target/bin/rkt release-build/target/bin/stage1-{coreos,kvm,fly}.aci $NAME/ 82 cp -r dist/* $NAME/ 83 sudo chown -R root:root $NAME/ 84 tar czvf $NAME.tar.gz --numeric-owner $NAME/ 85 ``` 86 87 - Attach packages, as well as each stage1 file individually so they can be fetched by the ACI discovery mechanism: 88 89 ``` 90 cp release-build/target/bin/*.deb . 91 cp release-build/target/bin/*.rpm . 92 cp release-build/target/bin/stage1-coreos.aci stage1-coreos-$RKTVER-linux-amd64.aci 93 cp release-build/target/bin/stage1-kvm.aci stage1-kvm-$RKTVER-linux-amd64.aci 94 cp release-build/target/bin/stage1-fly.aci stage1-fly-$RKTVER-linux-amd64.aci 95 ``` 96 97 - Sign all release artifacts. 98 99 rkt project key must be used to sign the generated binaries and images.`$RKTSUBKEYID` is the key ID of rkt project Yubikey. Connect the key and run `gpg2 --card-status` to get the ID. 100 The public key for GPG signing can be found at [CoreOS Application Signing Key][coreos-key] and is assumed as trusted. 101 102 The following commands are used for public release signing: 103 104 ``` 105 for i in $NAME.tar.gz stage1-*.aci *.deb *.rpm; do gpg2 -u $RKTSUBKEYID'!' --armor --output ${i}.asc --detach-sign ${i}; done 106 for i in $NAME.tar.gz stage1-*.aci *.deb *.rpm; do gpg2 --verify ${i}.asc ${i}; done 107 ``` 108 109 - Once signed and uploaded, double-check that all artifacts and signatures are on github. There should be 8 files in attachments (1x tar.gz, 3x ACI, 4x armored signatures). 110 111 - Publish the release! 112 113 - Clean your git tree: `sudo git clean -ffdx`. 114 115 Now it's announcement time: send an email to rkt-dev@googlegroups.com describing the release. 116 Generally this is higher level overview outlining some of the major features, not a copy-paste of the release notes. 117 Use your discretion and see [previous release emails][rkt-dev-list] for examples. 118 Make sure to include a list of authors that contributed since the previous release - something like the following might be handy: 119 120 ``` 121 git log v1.1.0..v1.2.0 --pretty=format:"%an" | sort | uniq | tr '\n' ',' | sed -e 's#,#, #g' -e 's#, $#\n#' 122 ``` 123 124 125 [changelog]: https://github.com/rkt/rkt/blob/master/CHANGELOG.md 126 [configure_ac]: https://github.com/rkt/rkt/blob/master/configure.ac#L2 127 [coreos-key]: https://coreos.com/security/app-signing-key 128 [gh-new-release]: https://github.com/rkt/rkt/releases/new 129 [milestones]: https://github.com/rkt/rkt/milestones 130 [maintainers]: https://github.com/rkt/rkt/blob/master/MAINTAINERS 131 [rkt-dev-list]: https://groups.google.com/forum/#!forum/rkt-dev 132 [roadmap]: https://github.com/rkt/rkt/blob/master/ROADMAP.md