NOTE: These instructions apply only to Calico versions v3.2.0 or greater. For older releases, refer to the instructions in the corresponding
release-vX.Y
branch.
This repository contains documentation and packaging, but no Calico code.
Releases of this repository still serve several important purposes. Namely, they provide:
- a single Calico release with user-facing release notes and documentation.
- a packaging of individual Calico component releases into a single
.tgz
file
To release Calico, you need the following permissions:
-
Write access to the core repositories in the projectcalico/ GitHub organization.
-
Push access to the Calico DockerHub repositories. Assuming you've been granted access by an admin:
docker login
-
Push access to the Calico quay.io repositories. Assuming you've been granted access by an admin:
docker login quay.io
-
Push access to the gcr.io/projectcalico-org repositories. Note: Some of the repos do not yet support credential helpers, you must use one of the token-based logins. For example, assuming you've been granted access, this will configure a short-lived auth token:
gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://gcr.io
-
You must be a member of the Project Calico team on Launchpad, and have uploaded a GPG identity to your account, for which you have the secret key.
-
You must be able to access binaries.projectcalico.org.
-
You must have admin access to docs.projectcalico.org site on netlify.
-
To publish the helm release to the repo, you’ll need an AWS helm profile: Add this to your ~/.aws/config
[profile helm] role_arn = arn:aws:iam::<production_account_id>:role/CalicoDevHelmAdmin mfa_serial = arn:aws:iam::<tigera-dev_account_id>:mfa/myusername source_profile = default region = us-east-2
Your user will need permission for assuming the helm admin role in the production account.
You'll also need several GB of disk space (~7GB for v3.4.0, for example).
Some of the release scripts also require tools to be installed in your dev environment:
-
Install and configure the GitHub
hub
tool. -
Create a personal access token for Github and export it as the
GITHUB_TOKEN
env var (for example by adding it to your.profile
). -
Install the "GitHub release" tool,
ghr
:go get -u github.com/tcnksm/ghr
Finally, the release process assumes that your repos are checked out with name origin
for the git remote
for the main Calico repo.
Before attempting to create a Calico release you must do the following.
-
Choose a Calico version number, e.g.
v3.2.0
. -
Verify that the code and GitHub are in the right state for releasing for the chosen version.
- Make sure all components have up-to-date libcalico-go pins.
- Make sure node has up-to-date pins for felix and confd.
- Make sure felix and confd both have an up-to-date typha pin.
- Make sure the Milestone is empty either by merging PRs, or kicking them out of the Milestone.
- Make sure that there are no pending cherry-pick PRs relevant to the release.
- Make sure there are no pending PRs which need docs for this release.
- Make sure each PR with a release note is within a Milestone.
- Make sure CI is passing for the target release branch.
-
Select the appropriate component version numbers, and create any necessary releases. Follow the instructions in each repository for further information. (See recent release information, e.g. at https://docs.projectcalico.org/v3.7/release-notes/, for the set of components to consider releasing.)
The following components must use the same version number as the Calico version number chosen above, and thus must be re-released for every Calico release.
- calico/node
- calico/ctl
- calico/cni
- calico/kube-controllers
- calico/felix
- calico/typha
- calico/dikastes
- calico/pod2daemon-flexvol
- networking-calico
The following components do not share a version with the Calico release, but are included in the documentation.
-
Check out the packaging repository.
-
In your environment, set
HOST
to the GCP name for binaries.projectcalico.org,GCLOUD_ARGS
to the--zone
and--project
args needed to access that host, andSECRET_KEY
to the secret key for a GPG identity that you have uploaded to your Launchpad account. -
Establish GCP credentials so that gcloud with
HOST
andGCLOUD_ARGS
can access binaries.projectcalico.org. -
Run
make release-publish VERSION=<version>
, where<version>
is the Calico version being released.
-
Check out the
master
branch of this repository and make sure it is up-to-date and passing Semaphore CI.git checkout master && git pull origin master
Your next steps depend on the type of release:
This section describes how to create a candidate release for a new major or minor release. This is typically done at the same time that subcomponent release branches are cut, often well before the actual release is built and published.
-
Create a new branch off of the latest master.
git checkout -b release-vX.Y
-
Update versioning information in
_data/versions.yml
.For example:
- title: v2.1.0-pre-release note: "" components: typha: version: release-v2.1 ... etc ...
-
Update the
version
in thedefaults
in_config.yml
so thatpage.version
will be set correctly:- scope: path: . values: version: vX.Y
-
In netlify.toml
- set the
RELEASE_VERSION
environment variable tovX.Y
. - add the below redirect at the top of redirects.
# unforced generic redirect of /vX.Y to / [[redirects]] from = "/vX.Y/*" to = "/:splat" status = 301
- set the
-
In netlify/_redirects add a new for the new release following the other examples (Note: This page may vary with release, also just non-slash to slash redirects doesn't work. It needs to point to a page). This makes sure that requests coming to
/archive/vX.Y
(without a slash) don't fail with 404. -
Create the the release notes file. This does not need to be populated now but does need to exist.
touch _includes/release-notes/<VERSION>-release-notes.md
-
If appropriate, update the list of tested versions for different platforms in the appropriate documents.
- Kubernetes
getting-started/kubernetes/requirements.md
- OpenShift
getting-started/openshift/requirements.md
- OpenStack
getting-started/openstack/requirements.md
- Non-cluster hosts
getting-started/bare-metal/requirements.md
- Kubernetes
-
Commit your changes and push the branch. For example:
git commit -a -m "Update docs for vX.Y" git push origin release-vX.Y
-
Check out to the candidate release branch that is created as per the instructions here.
git checkout release-vX.Y
-
On netlify create a new site using the
release-vX.Y
branch (You should at least have write access to this repo for site creation) -
Rename the randomly generated site name to follow the same naming convention as other releases (Ex:
calico-vX-Y
). -
Ensure that the site is generated properly by visiting site URL (Ex. https://calico-vX-Y.netlify.app/archive/vX.Y/).
-
After ensuring that the site deployment is successful, in current production branch's netlify.toml, add below proxy rules for the release candidate at the top of
redirects
rules.[[redirects]] from = "/archive/vX.Y/*" to = "https://calico-vX-Y.netlify.app/archive/vX.Y/:splat" status = 200 [[redirects]] from = "/vX.Y/*" to = "https://calico-vX-Y.netlify.app/vX.Y/:splat" status = 200
-
Ensure that these proxy rules are cherry-picked to master branch as well so that future releases, which would be cut from master, will have references to this releases.
-
Open a pull request to upstream production branch, get it reviewed and merged. This would make the candidate site docs available at
docs.projectcalico.org/archive/vX.Y/
(Note: the trailing slash)
This section describes how to create a new major or minor release. It assumes that the release branch has already been created as described in the section above.
-
Checkout the previously created release branch.
git checkout release-vX.Y
-
Add the previous release to
_data/archives.yaml
. Make this change in master as well. -
Add the new version to the correct release section in
_data/versions.yml
. -
Update the AUTHORS.md file. This will require
GITHUB_TOKEN
be set in your environment.make update-authors
-
Follow the steps in writing release notes to generate or update candidate release notes.
Then, add the newly created release note file to git.
git add _data/release-notes/<VERSION>-release-notes.md
-
Commit your changes. For example:
git commit -m "Updates for release vX.Y.Z"
-
Push your branch and open a pull request to the upstream release-vX.Y branch. Get it reviewed and wait for it to pass CI.
-
Run the following on your local branch in order to build the release at the newly created commit.
make release
Then, publish the tag and release to github.
make release-publish
-
Merge the PR.
-
On netlify locate
docs.projectcalico.org
site and the updateProduction branch
inSettings -> Build & deploy -> Deploy contexts
torelease-vX.Y
in site settings and trigger the deployment. (Note: This site containsLATEST_RELEASE
environment variable in netlify UI, using whichnetlify.toml
picks up the correct build for latest release.) This will causedocs.projectcalico.org
to be updated (after a few minutes). Validate that everything looks correct.
- Ensure that the site is accessible by visiting
docs.projectcalico.org/archive/<version>/
.
-
On a new branch, add the new version to the correct release section in
_data/versions.yml
-
Follow the steps in writing release notes to generate candidate release notes.
Then, add the newly created release note file to git.
git add _includes/release-notes/<VERSION>-release-notes.md
-
Commit your changes. For example:
git commit -m "Updates for release vX.Y.Z"
-
Push your branch and open a pull request. Get it reviewed and wait for it to pass CI.
-
Once reviewed and CI is passing, run the following on your local branch in order to build and publish the release at the newly created commit.
make release
Then, publish the tag and release.
make release-publish
-
Merge the PR. This will cause the live docs site to be updated (after a few minutes).
Release notes for a Calico release contain notable changes across Calico repositories. To write release notes for a given version, perform the following steps.
-
Check the merged pull requests in the milestone and make sure each has a release note if it needs one.
Use this URL to query for PRs, replacing
vX.Y.Z
with your desired version.https://github.com/issues?utf8=%E2%9C%93&q=user%3Aprojectcalico+milestone%3A%22Calico+vX.Y.Z%22+
Each PR that wants a release note must meet the following conditions to have its release note considered:
- It is in the correct
Calico vX.Y.Z
GitHub milestone - It has the
release-note-required
label - It has one or more release notes included in the description (Optional).
- It is in the correct
-
Run the following command to collect all release notes for the given version.
make release-notes
A file called
<VERSION>-release-notes.md
will be created with the raw release note content.NOTE: If you receive a ratelimit error, you can specify a
GITHUB_TOKEN
in the above command to increase the number of allowed API calls. See here for details. -
Edit the generated file.
The release notes should be edited to highlight a few major enhancements and their value to the user. Bug fixes and other changes should be summarized in a bulleted list at the end of the release notes. Any limitations or incompatible changes in behavior should be explicitly noted.
Consistent release note formatting is important. Here are some examples for reference:
The final steps in the process are to check it all worked. This is important, so please don't skip it.
- Checkout the relevant docs branch (i.e. the release-vX.Y branch)
- run
make release-test
. The release validation checks will run - they check for the presence of all the required binaries tarballs, tags, etc. They do NOT check that the contents of those are valid, but are a good test that the release process itself worked correctly. - check the output of the tests - if any test failed, dig in and understand why.
- Kick off some e2e tests to test the contents of the release.