constellation/dev-docs/workflows/release.md

5.5 KiB

Release Checklist

This checklist will prepare v1.3.0 from v1.2.0 (minor release) or v1.3.1 from v1.3.0 (patch release). Adjust your version numbers accordingly.

Preparation

  1. Search the code for TODOs and FIXMEs that should be resolved before releasing.
  2. Update titles and labels for all PRs relevant for this release to aid in the changelog generation.

Automated release

Releases should be performed using the automated release pipeline.

Patch release

  1. cherry-pick (only) the required commits from main
    • Check PRs with label needs-backport to find candidates that should be included in a patch release.
  2. trigger the automated release pipeline from the existing minor version branch:
     ver=v1.3.1 # replace me
     minor=$(echo $ver | cut -d '.' -f 1,2)
     gh workflow run release.yml --ref release/v$minor -F version=$ver -F kind=patch
    
  3. wait for the pipeline to finish
  4. while in editing mode for the release, clear the textbox, select the last patch release for the current release branch and click "Generate release notes".
  5. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog.
  6. publish.

Minor release

  1. Merge ready PRs
  2. trigger the automated release pipeline from main:
     ver=v1.3.0 # replace me
     minor=$(echo $ver | cut -d '.' -f 1,2)
     gh workflow run release.yml --ref main -F version=$ver -F kind=minor
    
  3. wait for the pipeline to finish
  4. while in editing mode for the release, clear the textbox, select the last minor release and click "Generate release notes".
  5. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog.
  6. publish.

Post release steps

  1. Milestones management

    1. Create a new milestone for the next release
    2. Add the next release manager and an approximate release date to the milestone description
    3. Close the milestone for the release
    4. Move open issues and PRs from closed milestone to next milestone
  2. If the release is a minor version release, tag the latest commit on main as the start of the next pre-release phase.

    nextMinorVer=$(echo "${ver}" | awk -F. -v OFS=. '{$2 += 1 ; print}')
    git checkout main
    git pull
    git tag v${nextMinorVer}-pre
    git push origin refs/tags/v${nextMinorVer}-pre
    

Pipeline cleanup

When testing changes to the pipeline or when the pipeline fails during a release it might become necessary to clean up the images created by the pipeline. These are the necessary steps.

General

Depending on how far the pipeline ran we need to delete:

  • the release tag create by the pipeline: v1.3.0/v1.3.1
  • (only minor releases) the branch to merge changes back to main: feat/release/v1.3.0
  • invalidate the CDN caches. This may become necessary if e.g. during measurement updating the measurements of a previous run are still in the cache

GCP

  1. Navigate to Images tab of the "constellation-images" project
  2. Search for the image version "v1-3-0-stable"
  3. Select the image and press "DELETE" 

Azure

  1. Navigate to Azure compute galleries
  2. Select "Constellation_CVM" (this is for confidential vms on AMD SEV SNP)
  3. Select image definition "constellation"
  4. Select "Versions" submenu and search for "1.3.0"
  5. Press "Delete" button NEXT TO THE IMAGE VERSION TABLE. Do no delete the image definition.
  6. Go back to "Azure compute galleries" page and select "Constellation" gallery (this is for trusted launch)
  7. Select image definition "constellation"
  8. Select "Versions" submenu and search for "1.3.0"
  9. Press "Delete" button NEXT TO THE IMAGE VERSION TABLE. Do no delete the image definition. 

AWS

Important: You need to repeat the following steps for every region supported by Constellation! Currently, this includes: 

  • Frankfurt (eu-central-1)
  • Ohio (us-east-2)
  • Mumbai (ap-south-1) 
  1. Navigate to AMI
  2. Search for release version "constellation-v1.3.0" and select the AMI
  3. On the "Actions" button (top right) select "Deregister AMI"
  4. Either follow the link on the deletion confirmation leading you to the Snapshots panel or navigate there yourself
  5. Search for a snapshot by the same name "constellation-v1.3.0" and select it
  6. On the "Actions" button (top right) select "Delete snapshot"

CDN cache invalidation

  1. Navigate to the Cloudfront management console
  2. Select the distribution for public resources. Current domain name: "cdn.confidential.cloud"
  3. Click the "Invalidations" ribbon
  4. Click "Create Invalidation" and enter a wildcard path "/*". You can also enter a more specific path if you know exactly which object to invalidate.
  5. Wait for completion.