| 1 | | - | # Release Process |
| | 1 | + | # Release |
| | 2 | + | |
| | 3 | + | ## Creating a release |
| | 4 | + | |
| | 5 | + | This release process itself should be as automated as possible, and has only a few steps: |
| | 6 | + | |
| | 7 | + | 1. **Trigger a new release with `make release`**. At this point you'll see a preview |
| | 8 | + | changelog in the terminal. If you're happy with the changelog, press `y` to continue, otherwise |
| | 9 | + | you can abort and adjust the labels on the PRs and issues to be included in the release and |
| | 10 | + | re-run the release trigger command. |
| | 11 | + | |
| | 12 | + | 1. A release admin must approve the release on the GitHub Actions release pipeline run page. |
| | 13 | + | Once approved, the release pipeline will generate all assets and publish a GitHub Release. |
| | 14 | + | |
| | 15 | + | 1. If there is a release Milestone, close it. |
| | 16 | + | |
| | 17 | + | Ideally releasing should be done often with small increments when possible. Unless a |
| | 18 | + | breaking change is blocking the release, or no fixes/features have been merged, a good |
| | 19 | + | target release cadence is between every 1 or 2 weeks. |
| | 20 | + | |
| | 21 | + | |
| | 22 | + | ## Retracting a release |
| | 23 | + | |
| | 24 | + | If a release is found to be problematic, it can be retracted with the following steps: |
| | 25 | + | |
| | 26 | + | - Deleting the GitHub Release |
| | 27 | + | - Untag the docker images in the `ghcr.io` and `docker.io` registries |
| | 28 | + | - Revert the brew formula in [`anchore/homebrew-syft`](https://github.com/anchore/homebrew-syft) to point to the previous release |
| | 29 | + | - Add a new `retract` entry in the go.mod for the versioned release |
| | 30 | + | |
| | 31 | + | **Note**: do not delete release tags from the git repository since there may already be references to the release |
| | 32 | + | in the go proxy, which will cause confusion when trying to reuse the tag later (the H1 hash will not match and there |
| | 33 | + | will be a warning when users try to pull the new release). |
| | 34 | + | |
| | 35 | + | |
| | 36 | + | ## Background |
| 2 | 37 | | |
| 3 | 38 | | A good release process has the following qualities: |
| 4 | 39 | | |
| skipped 2 lines |
| 7 | 42 | | 1. Allow for different kinds of releases (major breaking vs backwards compatible enhancements vs patch updates) |
| 8 | 43 | | 1. Specify a repeatable way to build and publish software artifacts |
| 9 | 44 | | |
| 10 | | - | ## Planning a release |
| | 45 | + | |
| | 46 | + | ### Planning a release |
| 11 | 47 | | |
| 12 | 48 | | To indicate a set of features to be released together add each issue to an in-repository |
| 13 | 49 | | Milestone named with major-minor version to be released (e.g. `v0.1`). It is OK for other |
| skipped 11 lines |
| 25 | 61 | | Unless necessary, feature releases should be small and frequent, which may obviate the |
| 26 | 62 | | need for regular release planning under a Milestone. |
| 27 | 63 | | |
| 28 | | - | ## What is in a release |
| | 64 | + | |
| | 65 | + | ### What is in a release |
| 29 | 66 | | |
| 30 | 67 | | Milestones are specifically for planning a release, not necessarily tracking all changes |
| 31 | 68 | | that a release may bring (and more importantly, not all releases are necessarily planned |
| skipped 27 lines |
| 59 | 96 | | **With this approach as we cultivate good organization of PRs and issues we automatically |
| 60 | 97 | | get an equally good Changelog.** |
| 61 | 98 | | |
| 62 | | - | ## Major, minor, and patch releases |
| | 99 | + | |
| | 100 | + | ### Major, minor, and patch releases |
| 63 | 101 | | |
| 64 | 102 | | The latest version of the tool is the only supported version, which implies that multiple |
| 65 | 103 | | parallel release branches will not be a regular process (if ever). Multiple releases can |
| skipped 7 lines |
| 73 | 111 | | The exception to this is `< 1.0`, where the major version is not bumped for breaking changes, |
| 74 | 112 | | instead the minor version indicates both new features and breaking changes. |
| 75 | 113 | | |
| 76 | | - | ## Cutting a release |
| 77 | | - | |
| 78 | | - | Ideally releasing should be done often with small increments when possible. Unless a |
| 79 | | - | breaking change is blocking the release, or no fixes/features have been merged, a good |
| 80 | | - | target release cadence is between every 1 or 2 weeks. |
| 81 | | - | |
| 82 | | - | This release process itself should be as automated as possible, and has only a few steps: |
| 83 | | - | |
| 84 | | - | 1. **Trigger a new release with `make trigger-release`**. At this point you'll see a preview |
| 85 | | - | changelog in the terminal. If you're happy with the changelog, press `y` to continue, otherwise |
| 86 | | - | you can abort and adjust the labels on the PRs and issues to be included in the release and |
| 87 | | - | re-run the release trigger command. |
| 88 | | - | |
| 89 | | - | 1. A release admin must approve the release on the GitHub Actions release pipeline run page. |
| 90 | | - | Once approved, the release pipeline will generate all assets and publish a GitHub Release. |
| 91 | | - | |
| 92 | | - | 1. If there is a release Milestone, close it. |
| 93 | | - | |
| 94 | | - | ## Retracting a release |
| 95 | | - | |
| 96 | | - | If a release is found to be problematic, it can be retracted with the following steps: |
| 97 | | - | |
| 98 | | - | - Deleting the GitHub Release |
| 99 | | - | - Untag the docker images in the `ghcr.io` and `docker.io` registries |
| 100 | | - | - Revert the brew formula in [`anchore/homebrew-syft`](https://github.com/anchore/homebrew-syft) to point to the previous release |
| 101 | | - | |
| 102 | | - | **Note**: do not delete release tags from the git repository since there may already be references to the release |
| 103 | | - | in the go proxy, which will cause confusion when trying to reuse the tag later (the H1 hash will not match and there |
| 104 | | - | will be a warning when users try to pull the new release). |
| 105 | | - | |
Alex Goodman
committed
with
GitHub
1 year ago
1 parent 988041ba