docs: update release docs (#2226)

This commit is contained in:
Adrian Stobbe 2023-08-22 14:30:20 +02:00 committed by GitHub
parent ec1bba7a8b
commit c42e81bf23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -6,7 +6,6 @@ This checklist will prepare `v1.3.0` from `v1.2.0` (minor release) or `v1.3.1` f
1. Search the code for TODOs and FIXMEs that should be resolved before releasing. 1. Search the code for TODOs and FIXMEs that should be resolved before releasing.
2. [Update titles and labels for all PRs relevant for this release](/dev-docs/conventions.md#pr-conventions) to aid in the [changelog generation](/.github/release.yml). 2. [Update titles and labels for all PRs relevant for this release](/dev-docs/conventions.md#pr-conventions) to aid in the [changelog generation](/.github/release.yml).
3. Check PRs for the label `iam upgrade`. If there is any, update `upgradeRequiresIAMMigration` in `iamupgradeapply.go`. This ensures the CLI issues a warning on `upgrade apply` to run `iam upgrade apply` before upgrading the cluster.
@ -53,9 +52,20 @@ Releases should be performed using [the automated release pipeline](https://gith
gh workflow run release.yml --ref ${working_branch} -F version=${ver} -F kind=minor gh workflow run release.yml --ref ${working_branch} -F version=${ver} -F kind=minor
``` ```
3. wait for the pipeline to finish 3. wait for the pipeline to finish
4. while in editing mode for the release, clear the textbox, select the last minor release and click "Generate release notes". 4. upgrade the dogfooding cluster. Note that `upgrade check --update-config` will not yet show the new image. But you can manually set it in the config:
5. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this. ```sh
6. publish. ./constellation upgrade check --update-config
yq eval -i '.image="v2.10.0"' constellation-conf.yaml
./constellation config fetch-measurements --insecure
./constellation upgrade apply --yes --debug
```
Then wait until the node / Kubernetes upgrades are finished by periodically checking:
```sh
./constellation status
```
5. while in editing mode for the release, clear the textbox, select the last minor release and click "Generate release notes".
6. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this.
7. publish.
## Post release steps ## Post release steps
@ -67,6 +77,7 @@ Releases should be performed using [the automated release pipeline](https://gith
4. Move open issues and PRs from closed milestone to next milestone 4. Move open issues and PRs from closed milestone to next milestone
3. If the release is a minor version release, bump the pre-release version in the `version.txt` file. 3. If the release is a minor version release, bump the pre-release version in the `version.txt` file.
4. Update the `fromVersion` in `e2e-test-release.yml` and `e2e-test-weekly.yaml` to the newly released version. To check the current values, run: `grep "fromVersion: \[.*\]" -R .github`. 4. Update the `fromVersion` in `e2e-test-release.yml` and `e2e-test-weekly.yaml` to the newly released version. To check the current values, run: `grep "fromVersion: \[.*\]" -R .github`.
5. Reset `upgradeRequiresIAMMigration` in `iamupgradeapply.go`.
## Pipeline cleanup ## Pipeline cleanup
@ -79,7 +90,6 @@ Depending on how far the pipeline ran we need to delete:
- the working branch (remove automated commits made by the process, keep any cherry picks) - the working branch (remove automated commits made by the process, keep any cherry picks)
- the release tag create by the pipeline: `v1.3.0`/`v1.3.1` - the release tag create by the pipeline: `v1.3.0`/`v1.3.1`
- (only minor releases) the branch to merge changes back to main: `feat/release/v1.3.0` - (only minor releases) the branch to merge changes back to main: `feat/release/v1.3.0`
- invalidate the CDN caches. This may become necessary if e.g. during measurement updating the measurements of a previous run are still in the cache
### GCP ### GCP
1. Navigate to [Images](https://console.cloud.google.com/compute/images?tab=images&project=constellation-images) tab of the "constellation-images" project 1. Navigate to [Images](https://console.cloud.google.com/compute/images?tab=images&project=constellation-images) tab of the "constellation-images" project
@ -92,10 +102,6 @@ Depending on how far the pipeline ran we need to delete:
3. Select image definition "constellation" 3. Select image definition "constellation"
4. Select "Versions" submenu and search for "1.3.0" 4. Select "Versions" submenu and search for "1.3.0"
5. Press "Delete" button NEXT TO THE IMAGE VERSION TABLE. Do no delete the image definition. 5. Press "Delete" button NEXT TO THE IMAGE VERSION TABLE. Do no delete the image definition.
6. Go back to "Azure compute galleries" page and select "Constellation" gallery (this is for trusted launch)
7. Select image definition "constellation"
8. Select "Versions" submenu and search for "1.3.0"
9. Press "Delete" button NEXT TO THE IMAGE VERSION TABLE. Do no delete the image definition. 
### AWS ### AWS
**Important:** You need to repeat the following steps for every region supported by Constellation! **Important:** You need to repeat the following steps for every region supported by Constellation!
@ -106,17 +112,24 @@ Currently, this includes: 
- Ohio (us-east-2) - Ohio (us-east-2)
- Mumbai (ap-south-1)  - Mumbai (ap-south-1) 
#### Automated script
This is a script to automate the deletion but please be super careful to set the version correctly.
```
VERSION=vX.XX.X # !! DOUBLE CHECK CORRECTNESS!
regions=("eu-central-1" "eu-west-1" "eu-west-3" "us-east-2" "ap-south-1")
for region in "${regions[@]}"
do
aws ec2 describe-images --filters "Name=name,Values=constellation-$VERSION-aws-sev-snp" --query "Images[0].ImageId" --output text --region "$region" | xargs -I {{image_id}} aws ec2 deregister-image --image-id {{image_id}} --region "$region"
aws ec2 describe-snapshots --filters Name=tag:Name,Values=constellation-$VERSION-aws-sev-snp --query 'Snapshots[].SnapshotId' --output text --region "$region" | xargs -n 1 aws ec2 delete-snapshot --snapshot-id --region "$region"
aws ec2 describe-images --filters "Name=name,Values=constellation-$VERSION-aws-nitro-tpm" --query "Images[0].ImageId" --output text --region "$region" | xargs -I {{image_id}} aws ec2 deregister-image --image-id {{image_id}} --region "$region"
aws ec2 describe-snapshots --filters Name=tag:Name,Values=constellation-$VERSION-aws-nitro-tpm --query 'Snapshots[].SnapshotId' --output text --region "$region" | xargs -n 1 aws ec2 delete-snapshot --snapshot-id --region "$region"
done
```
#### Manual GUI steps
1. Navigate to [AMI](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#Images:visibility=owned-by-me) 1. Navigate to [AMI](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#Images:visibility=owned-by-me)
2. Search for release version "constellation-v1.3.0" and select the AMIs for both variants ("constellation-v1.3.0-aws-sev-snp" and "constellation-v1.3.0-aws-nitro-tpm") 2. Search for release version "constellation-v1.3.0" and select the AMIs for both variants ("constellation-v1.3.0-aws-sev-snp" and "constellation-v1.3.0-aws-nitro-tpm")
3. On the "Actions" button (top right) select "Deregister AMI" 3. On the "Actions" button (top right) select "Deregister AMI"
4. Either follow the link on the deletion confirmation leading you to the [Snapshots](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#Snapshots) panel or navigate there yourself 4. Either follow the link on the deletion confirmation leading you to the [Snapshots](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#Snapshots) panel or navigate there yourself
5. Search for a snapshot by the same name "constellation-v1.3.0" and select it 5. Search for a snapshot by the same name "constellation-v1.3.0" and select it
6. On the "Actions" button (top right) select "Delete snapshot" 6. On the "Actions" button (top right) select "Delete snapshot"
### CDN cache invalidation
1. Navigate to the [Cloudfront management console](https://us-east-1.console.aws.amazon.com/cloudfront/v3/home?region=us-east-1#/distributions)
2. Select the distribution for public resources. Current domain name: "cdn.confidential.cloud"
3. Click the "Invalidations" ribbon
4. Click "Create Invalidation" and enter a wildcard path "/*". You can also enter a more specific path if you know exactly which object to invalidate.
5. Wait for completion.