* Remove fetch-measurements from create workflow * Explain new measurements format in docs Signed-off-by: Daniel Weiße <dw@edgeless.systems>
8.4 KiB
Release Checklist
This checklist will prepare v1.3.0
from v1.2.0
. Adjust your version numbers accordingly.
-
Merge ready PRs
-
Search the code for TODOs and FIXMEs that should be resolved before releasing.
-
Create docs release (new major or minor release)
cd docs npm install npm run docusaurus docs:version 1.3 # push upstream via PR
-
Create a new branch
release/v1.3
(new minor version) or use the existing one (new patch version) -
On this branch, prepare the following things:
-
(new patch version)
cherry-pick
(only) the required commits frommain
-
Use Build micro-service manual and run the pipeline once for each micro-service with the following parameters:
- branch:
release/v1.3
- Container image tag:
v1.3.0
- Version of the image to build:
1.3.0
ver=1.3.0
minor=$(echo $ver | cut -d '.' -f 1,2) gcpVer=$(echo $ver | tr "." "-") echo $minor # should be 1.3 echo $gcpVer # should be 1-3-0
gh workflow run build-micro-service-manual.yml --ref release/v$minor -F microService=join-service -F imageTag=v$ver -F version=$ver --repo edgelesssys/constellation gh workflow run build-micro-service-manual.yml --ref release/v$minor -F microService=kmsserver -F imageTag=v$ver -F version=$ver --repo edgelesssys/constellation gh workflow run build-micro-service-manual.yml --ref release/v$minor -F microService=verification-service -F imageTag=v$ver -F version=$ver --repo edgelesssys/constellation
- branch:
-
Use Build operator manual and run the pipeline once with the following parameters:
- branch:
release/v1.3
- Container image tag:
v1.3.0
# Alternative from CLI gh workflow run build-operator-manual.yml --ref release/v$minor -F imageTag=v$ver --repo edgelesssys/constellation
- branch:
-
Review and update changelog with all changes since last release. GitHub's diff view helps a lot!
- Rename the "Unreleased" heading to "[v1.3.0] - YYYY-MM-DD" and link the version to the upcoming release tag.
- Create a new block for unreleased changes
-
Update project version in CMakeLists.txt to
1.3.0
(without v). -
Update the
version
key in constellation-services/Chart.yaml. Also update theversion
key for all subcharts, e.g. Chart.yaml. Lastly, update thedependencies.*.version
key for all dependencies in the main chart constellation-services/Chart.yaml. -
Increase version number of QEMU image
ConstellationQEMUImageURL
in versions.go -
When the microservice builds are finished update versions in versions.go to
v1.3.0
, add the container hashes and push your changes.# crane: https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane.md crane digest ghcr.io/edgelesssys/constellation/node-operator-catalog:v$ver crane digest ghcr.io/edgelesssys/constellation/join-service:v$ver crane digest ghcr.io/edgelesssys/constellation/access-manager:v$ver crane digest ghcr.io/edgelesssys/constellation/kmsserver:v$ver crane digest ghcr.io/edgelesssys/constellation/verification-service:v$ver
-
Create a production OS image
gh workflow run build-os-image.yml --ref release/v$minor -F debug=false -F imageVersion=v$ver
-
Once the pipeline has finished, download the artifact
image-qemu
. -
Unzip the downloaded artifact, rename it to
constellation.raw
. -
Go to the S3 bucket for QEMU images
-
Create a new folder for the given version, and upload
constellation.raw
into it. -
Replace AWS AMIs for this version and next in docs in
first-steps.md
.
-
-
Run manual E2E tests using Linux and macOS to confirm functionality and stability.
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=azure -F machineType=Standard_DC4as_v5 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=azure -F machineType=Standard_DC4as_v5 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=gcp -F machineType=n2d-standard-4 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=gcp -F machineType=n2d-standard-4 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
-
Generate measurements for the images.
gh workflow run generate-measurements.yml --ref release/v$minor -F osImage=v$ver -F isDebugImage=false -F signMeasurements=true
-
Update expected measurements in
measurements.go
using the generated measurements from step 12 and push your changes. -
Create a new tag on this release branch.
git tag v$ver git tags --push
-
Run Release CLI action on the tag.
gh workflow run release-cli.yml --ref v$ver
- The previous step will create a draft release. Check build output for link to draft release. Review & approve.
-
-
Export, download and make image available in S3 for trusted launch users. To achieve this:
TARGET_DISK=export-${ver} az disk create -g constellation-images -l westus -n ${TARGET_DISK} --hyper-v-generation V2 --os-type Linux --sku standard_lrs --security-type TrustedLaunch --gallery-image-reference /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/${ver}
- Find the created resource in Azure
- Go to
Settings
->Export
andGenerate URLs
- Download both the disk image (first link) and VM state (second link)
- Rename disk (
abcd
) toconstellation.img
. - Rename state (UUID) to
constellation.vmgs
. - Go to AWS S3 bucket for trusted launch, create a new folder with the given version number.
- Upload both image and state into the newly created folder.
- Delete the disk in Azure!
-
To bring updated version numbers and other changes (if any) to main, create a new branch
feat/release
fromrelease/v1.3
, rebase it onto main, and create a PR to main -
Milestones management
- Create a new milestone for the next release
- Add the next release manager and an approximate release date to the milestone description
- Close the milestone for the release
- Move open issues and PRs from closed milestone to next milestone
-
If the release is a minor version release, create an empty commit on main and tag it as the start of the next pre-release phase.
nextMinorVer=$(echo $ver | awk -F. -v OFS=. '{$2 += 1 ; print}') git checkout main git pull git commit --allow-empty -m "Start v$nextMinorVer-pre" git tag v$nextMinorVer-pre git push origin main v$nextMinorVer-pre
-
Test Constellation mini up