Update release process after 1.7#8250
Conversation
| 3. Check CI has completed and uploaded the binaries. Remove any binaries which get | ||
| uploaded but are not intended as part of the release (e.g. Darwin binaries). | ||
| 3. Check the Github release, ensure the content matches what is expected and all the | ||
| release bianries are included. |
There was a problem hiding this comment.
typo
| release bianries are included. | |
| release binaries are included. |
| when the binaries are pushed. | ||
| 2. Verify release job has started in the actions tab and wait for release job to complete | ||
| successfully. If the job fails, attempt to restart it. If the job continuously fails, | ||
| delete the tag from Github as soon as possible and fix the issue before restarting the |
There was a problem hiding this comment.
| delete the tag from Github as soon as possible and fix the issue before restarting the | |
| delete the tag from GitHub as soon as possible and fix the issue before restarting the |
There was a problem hiding this comment.
I don't think we should delete the tag; once it's tagged, it's done; go module proxies may already have it stored, and will mark the module as invalid.
The correct step here would be to do a new release and retract the old one.
The alternative would be to tag at the end of the release (after validating). I know we do so for moby (once we're happy with a build, the commit is "blessed" by tagging it). But I guess that's a more extensive change in process
There was a problem hiding this comment.
Yeah, that would be a bit more involved. When there is changes to the process or something large, we can test the release process on a fork. Deleting a tag is not ideal but it is the best solution if the tag is bad for some reason, the caching can get resolved.
| 2. Create the Github release using the `Tag version` which was just pushed. Use the first | ||
| line outputted from the release tool as the `Release title` and the remainder of the | ||
| output for the description. No alteration of the release output should be needed. | ||
| Ensure `pre-release` is checked if an `-rc`. |
There was a problem hiding this comment.
I notice this was removed (ensure pre-release is checked); was there a reason to remove it?
(Or did GitHub fix this to do it automatically based on version now?)
There was a problem hiding this comment.
GitHub CI does it for us automatically. We do not manually create the releases anymore.
0d4e4db to
aff9d5d
Compare
| 2. Update the version file at `https://github.com/containerd/containerd/blob/main/version/version.go` | ||
|
|
||
| 3. Update RELEASES.md to refer to the new release and dates. | ||
| 3. (minor release only) Update RELEASES.md to refer to the new release and dates. |
There was a problem hiding this comment.
This should probably be major (like 2.0.0) and minor (1.7.0).
| release binaries are included. | ||
|
|
||
| 4. Update [`config.toml`](https://github.com/containerd/containerd.io/blob/f827d53826a426cb48f24cc08e43cc8722ad6d01/config.toml#L35) with latest release in the [containerd/containerd.io project](https://github.com/containerd/containerd.io); open PR to | ||
| 4. (minor release only) Create `release/x.y` branch from tag and push to `git@github.com:containerd/containerd.git`. |
There was a problem hiding this comment.
I would say .0.0 releases are still minor releases
There was a problem hiding this comment.
Wouldn't 2.0.0 be considered a major release? We'll still want a release/2.0 branch too.
|
|
||
| 5. (patch release only) Update RELEASES.md in main branch to refer to the new patch release. | ||
|
|
||
| 6. (minor release only) Create `cherry-pick/x.y.x` and `cherry-picked/x.y.x` labels |
There was a problem hiding this comment.
Major and minor?
Also, I think cherry-pick/x.y/cherry-picked/x.y since the z component will change with each patch.
|
|
||
| 7. Close any milestones associated with the release. | ||
|
|
||
| 8. Update [`config.toml`](https://github.com/containerd/containerd.io/blob/f827d53826a426cb48f24cc08e43cc8722ad6d01/config.toml#L35) with latest release in the [containerd/containerd.io project](https://github.com/containerd/containerd.io); open PR to |
There was a problem hiding this comment.
Should this point to a specific commit tree or to main?
There was a problem hiding this comment.
Its not a good idea to use line numbers in the link when pointing to a branch. Could remove the line number and describe the update more.
| 3. Check CI has completed and uploaded the binaries. Remove any binaries which get | ||
| uploaded but are not intended as part of the release (e.g. Darwin binaries). | ||
| 3. Check the Github release, ensure the content matches what is expected and all the | ||
| release binaries are included. |
There was a problem hiding this comment.
Could you consider signing binaries? (for >= 2.0)
https://github.com/containerd/nerdctl/pull/2089/files#diff-ed933e266827bac3e1788519c912361cfaa862541ab38663e867b0a3978c34ca
There was a problem hiding this comment.
Definitely could consider it. The focus of this PR is how it has been done for existing releases. We can add to the process then update this doc. What is pointed to there is a bit complicated and probably something we should try and automate from the dev end (maybe in release tool?)
There was a problem hiding this comment.
We can try it for the 2.0 beta releases first, and if it works out we can update this doc. I don't want to add steps we haven't actually done in a release yet.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Mention use of pull request labels Signed-off-by: Derek McGowan <derek@mcg.dev>
aff9d5d to
dfdfa20
Compare
|
Updated to address Sam's comment and added a commit related to changes in the release tool. I would like to get the release signing as part of it but first we need some updates to our Github actions, we need to publish as a draft, output the built shasums for comparison, and either create a single shasum file or add functionality to the release tool to download, sign, and upload all the current shasums. It would be way too much work and error prone to individually sign the 21 sha sum files we create today. |
|
/retest |
|
/retest |
|
/cherry-pick release/1.7 (Cherry picking this over so LLM agents helping with releases have accurate instructions) |
|
@samuelkarp: new pull request created: #13236 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Retrospective changes based on our current release process followed for 1.7.0