* fix: typo to build amd64 for macos * Implement E2E test for mini constellation Signed-off-by: Fabian Kammel <fk@edgeless.systems>
8.7 KiB
Release Checklist
This checklist will prepare v1.3.0
from v1.2.0
. Adjust your version numbers accordingly.
-
Merge ready PRs
-
Search the code for TODOs and FIXMEs that should be resolved before releasing.
-
Create docs release (new major or minor release)
cd docs npm install npm run docusaurus docs:version 1.3 # push upstream via PR
-
Create a new branch
release/v1.3
(new minor version) or use the existing one (new patch version) -
On this branch, prepare the following things:
-
(new patch version)
cherry-pick
(only) the required commits frommain
-
Use Build micro-service manual and run the pipeline once for each micro-service with the following parameters:
- branch:
release/v1.3
- Container image tag:
v1.3.0
- Version of the image to build:
1.3.0
ver=1.3.0
minor=$(echo $ver | cut -d '.' -f 1,2) echo $minor # should be 1.3
gh workflow run build-micro-service-manual.yml --ref release/v$minor -F microService=join-service -F imageTag=v$ver -F version=$ver --repo edgelesssys/constellation gh workflow run build-micro-service-manual.yml --ref release/v$minor -F microService=kmsserver -F imageTag=v$ver -F version=$ver --repo edgelesssys/constellation gh workflow run build-micro-service-manual.yml --ref release/v$minor -F microService=verification-service -F imageTag=v$ver -F version=$ver --repo edgelesssys/constellation gh workflow run build-micro-service-manual.yml --ref release/v$minor -F microService=qemu-metadata-api -F imageTag=v$ver -F version=$ver --repo edgelesssys/constellation
- branch:
-
Use Build operator manual and run the pipeline once with the following parameters:
- branch:
release/v1.3
- Container image tag:
v1.3.0
# Alternative from CLI gh workflow run build-operator-manual.yml --ref release/v$minor -F imageTag=v$ver --repo edgelesssys/constellation
- branch:
-
Review and update changelog with all changes since last release. GitHub's diff view helps a lot!
- Rename the "Unreleased" heading to "[v1.3.0] - YYYY-MM-DD" and link the version to the upcoming release tag.
- Create a new block for unreleased changes
-
Update project version in CMakeLists.txt to
1.3.0
(without v). -
Update the
version
key in constellation-services/Chart.yaml and operators/Chart.yaml. Also update theversion
key for all subcharts, e.g. Chart.yaml. Lastly, update thedependencies.*.version
key for all dependencies in the main charts constellation-services/Chart.yaml and operators/Chart.yaml. -
When the microservice builds are finished update versions in versions.go to
v1.3.0
, add the container hashes and push your changes.# crane: https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane.md crane digest ghcr.io/edgelesssys/constellation/node-operator:v$ver crane digest ghcr.io/edgelesssys/constellation/join-service:v$ver crane digest ghcr.io/edgelesssys/constellation/access-manager:v$ver crane digest ghcr.io/edgelesssys/constellation/kmsserver:v$ver crane digest ghcr.io/edgelesssys/constellation/verification-service:v$ver crane digest ghcr.io/edgelesssys/constellation/qemu-metadata-api:v$ver
-
Create a production OS image
gh workflow run build-os-image.yml --ref release/v$minor -F imageVersion=v$ver -F isRelease=true -F stream=stable
-
Generate measurements for the images.
gh workflow run generate-measurements.yml --ref release/v$minor -F osImage=v$ver -F isDebugImage=false -F signMeasurements=true
-
Update expected measurements in
measurements_enterprise.go
using the generated measurements from step 12 and push your changes. -
Run manual E2E tests using Linux and macOS to confirm functionality and stability.
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=aws -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=aws -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=azure -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=azure -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=gcp -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=gcp -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true gh workflow run e2e-mini.yml --ref release/v$minor
-
Create a new tag on this release branch.
git tag v$ver git push origin refs/tags/v$ver
-
Run Release CLI action on the tag.
gh workflow run release-cli.yml --ref v$ver
- The previous step will create a draft release. Check build output for link to draft release. Review & approve.
-
-
Check if the Constellation OS image is available via the versions API.
curl -s "https://cdn.confidential.cloud/constellation/v1/ref/-/stream/stable/versions/minor/v${minor}/image.json" # list of versions should contain the new version
-
Export, download and make image available in S3 for trusted launch users. To achieve this:
TARGET_DISK=export-${ver} az disk create -g constellation-images -l westus -n ${TARGET_DISK} --hyper-v-generation V2 --os-type Linux --sku standard_lrs --security-type TrustedLaunch --gallery-image-reference /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/${ver}
- Find the created resource in Azure
- Go to
Settings
->Export
andGenerate URLs
- Download both the disk image (first link) and VM state (second link)
- Rename disk (
abcd
) toconstellation.img
. - Rename state (UUID) to
constellation.vmgs
. - Go to AWS S3 bucket for trusted launch, create a new folder with the given version number.
- Upload both image and state into the newly created folder.
- Delete the disk in Azure!
-
To bring updated version numbers and other changes (if any) to main, create a new branch
feat/release
fromrelease/v1.3
, rebase it onto main, and create a PR to main -
Milestones management
- Create a new milestone for the next release
- Add the next release manager and an approximate release date to the milestone description
- Close the milestone for the release
- Move open issues and PRs from closed milestone to next milestone
-
If the release is a minor version release, tag the latest commit on main as the start of the next pre-release phase.
nextMinorVer=$(echo "${ver}" | awk -F. -v OFS=. '{$2 += 1 ; print}') git checkout main git pull git tag v${nextMinorVer}-pre git push origin refs/tags/v${nextMinorVer}-pre
-
Test Constellation mini up