Release Process
This document aims to outline the process that should be followed for cutting a new release of cert-manager.
Prerequisites
First ensure that you have all the tools and permissions required to perform a cert-manager release:
- Install Kubernetes Release Notes Generator.
- Install cert-manager release tooling.
- Get permission to use the “cert-manager-release” project in Google Cloud Platform.
- You must have time to complete all the steps in the release process (~1 hour).
- Install Gcloud SDK / CLI. Run gcloud auth login.
- Get a GitHub access token. Go to your GitHub profile page and set up a token. It does not need any privileges. It is used only by the release-notes tool to avoid API rate limiting.
Minor releases
A minor release is a backwards-compatible ‘feature’ release. It can contain new features and bug fixes.
Release schedule
We aim to cut a new minor release once per month. The rough goals for each release are outlined as part of a GitHub milestone. We cut a release even if some of these goals are missed, in order to keep up release velocity.
Process
Note: This process document is WIP and may be incomplete
The process for cutting a minor release is as follows:
Ensure upgrading document exists. (not necessary for alpha releases)
Create or update the release branch
If this is the first (
alpha1) release, then you will need to create the release branch:git fetch --all git checkout -b release-1.0 origin/masterIf there has already been an
alpha1release, the release branch will already exist, so you will need to update it with the latest commits from the master branch, as follows:git fetch --all git branch --force release-1.0 origin/release-1.0 git checkout release-1.0 git merge --ff-only origin/masterPush it to the
jetstack/cert-managerrepositorygit push --set-upstream origin-
Sanity check the notes, checking that the notes contain details of all the features and bug fixes that you expect to be in the release.
Run
cmrel stageIn this example we stage a release using the ‘release-1.0’ branch, setting the release version to
v1.0.0:cmrel stage --branch=release-1.0 --release-version=v1.0.0This step takes ~10 minutes. It will build all Docker images and create all the manifest files and upload them to a storage bucket on Google Cloud. These artifacts will be published / released in the next steps.
The final line of output contains URL of the bucket containing the release artifacts. The final segment in that URL contains the
RELEASE_NAME, which you will need in the next step.Run
cmrel publishFirst do a dry-run, to ensure that all the staged resources are valid.
cmrel publish --release-name <RELEASE_NAME>Where
<RELEASE_NAME>is the unique build ID printed by the earliercmrel stagecommand. E.g. Givengs://cert-manager-release/stage/gcb/release/v1.0.0-219b7934ac499c7818526597cf635a922bddd22e, theRELEASE_NAMEwould bev1.0.0-219b7934ac499c7818526597cf635a922bddd22e.You can view the progress by clicking the Google Cloud Build URL in the output of this command.
Next publish the release artifacts for real.
If the last step succeeded, you can now re-run the
cmrel publishwith the--nomockargument to actually publish the release artifacts to GitHub,Quay.io, Helm Hub etc.cmrel publish --nomock --release-name <RELEASE_NAME>NOTE: At this stage there will be a draft release on GitHub and a live release on Helm Hub. So you must now complete the release process quickly otherwise users of the latest release on Helm Hub will encounter errors, because the manual CRD install URL will not be available yet.
Publish the GitHub release
Visit the draft GitHub release and paste in the release notes that you generated earlier.
You will need to manually edit the content to match the style of earlier releases. In particular:
- Remove package related changes
- Replace links to
@jetstack-bot, in cherry-pick PRs, with links to the GitHub handle of the author of the original PR.
Click “publish” to make the GitHub release live. This will create a Git tag automatically.
Finally post a link to the release tag to all cert-manager channels on Slack.
E.g.
https://github.com/jetstack/cert-manager/releases/tag/v1.0.0 :tada:
Final Release
After releasing one or more alpha and beta releases, you will release the final version. For the final release, you should follow the process described above with the following changes and additional steps:
Full Release notes
The release notes for the final release should include all changes since the last minor release.
Rollover testing infra
After releasing the final release you will need to update the testing infrastructure,
so that it uses the latest release as release-previous,
and you will need to create a new release branch in the cert-manager repository which will be treated as release-next,
and both these branches will be tested periodically.
For example see the PR Prepare testing for the cert-manager v1.0 release.
Rollover documentation
You will also need to update the versions and branches in the cert-manager website configuration.
For example see the PR Configure website for the v1.0 release.
Patch releases
A patch release contains critical bug fixes for the project. They are managed on an ad-hoc basis, and should only be required when critical bugs/regressions are found in the release.
We will only perform patch release for the current version of cert-manager.
Once a new minor release has been cut, we will stop providing patches for the version before it.
Release schedule
Patch releases are cut on an ad-hoc basis, depending on recent activity on the release branch.
Process
Note: This process document is WIP and may be incomplete
The process for cutting a patch release is as follows:
Ensure that all PRs have been cherry-picked into the release branch.
Bugs that need to be fixed in a patch release should be cherry picked into the appropriate release branch.
-
Sanity check the notes, checking that the notes contain details of all the PRs that have been cherry-picked into the release branch.
Run
cmrel stageIn this example we stage a release using the ‘release-1.0’ branch, setting the release version to
v1.0.2:cmrel stage --branch=release-1.0 --release-version=v1.0.2NOTE: This step takes ~10 minutes. It will build all Docker images and create all the manifest files and upload them to a storage bucket on Google Cloud. These artifacts will be published / released in the next steps.
The final line of output contains URL of the bucket containing the release artifacts. The final segment in that URL contains the
RELEASE_NAME, which you will need in the next step.Run
cmrel publishFirst do a dry-run, to ensure that all the staged resources are valid.
cmrel publish --release-name <RELEASE_NAME>Where
<RELEASE_NAME>is the unique build ID printed by the earliercmrel stagecommand. E.g. Givengs://cert-manager-release/stage/gcb/release/v1.0.2-219b7934ac499c7818526597cf635a922bddd22e, theRELEASE_NAMEwould bev1.0.2-219b7934ac499c7818526597cf635a922bddd22e.You can view the progress by clicking the Google Cloud Build URL in the output of this command.
Next publish the release artifacts for real.
If the last step succeeded, you can now re-run the
cmrel publishwith the--nomockargument to actually publish the release artifacts to GitHub,Quay.io, Helm Hub etc.cmrel publish --nomock --release-name <RELEASE_NAME>NOTE: At this stage there will be a draft release on GitHub and a live release on Helm Hub. So you must now complete the release process quickly otherwise users of the latest release on Helm Hub will encounter errors, because the manual CRD install URL will not be available yet.
Publish the GitHub release
Visit the draft GitHub release and paste in the release notes that you generated earlier.
You will need to manually edit the content to match the style of earlier releases. In particular:
- Remove package related changes
- Replace links to
@jetstack-bot, in cherry-pick PRs, with links to the GitHub handle of the author of the original PR.
Click “publish” to make the GitHub release live. This will create a Git tag automatically.
Finally post a link to the release tag to all cert-manager channels on Slack.
E.g.
https://github.com/jetstack/cert-manager/releases/tag/v1.0.2 :tada:
Release Notes
Download and install the latest version of Kubernetes Release Notes Generator.
Run as follows, substituting the current and last versions where appropriate:
export GITHUB_TOKEN=*your-token* export RELEASE_VERSION=1.0.0 export BRANCH=release-1.0 export END_REV=release-1.0 export START_REV=v0.16.1 $GOPATH/bin/release-notes --github-repo cert-manager --github-org jetstack --required-author "jetstack-bot" --output release-notes.mdNOTE: The GitHub token needs read-only permission to the cert-manager repository. The token is required only to avoid rate-limits imposed on anonymous API users.
Add additional blurb, notable items and characterize change log.