Skip to content

Latest commit

 

History

History
391 lines (266 loc) · 15.4 KB

RELEASING.md

File metadata and controls

391 lines (266 loc) · 15.4 KB

How to release Calico

NOTE: These instructions apply only to Calico versions v3.2.0 or greater. For older releases, refer to the instructions in the corresponding release-vX.Y branch.

Overview

This repository contains documentation and packaging, but no Calico code.

Releases of this repository still serve several important purposes. Namely, they provide:

  • a single Calico release with user-facing release notes and documentation.
  • a packaging of individual Calico component releases into a single .tgz file

Prerequisites

To release Calico, you need the following permissions:

  • Write access to the core repositories in the projectcalico/ GitHub organization.

  • Push access to the Calico DockerHub repositories. Assuming you've been granted access by an admin:

    docker login
    
  • Push access to the Calico quay.io repositories. Assuming you've been granted access by an admin:

    docker login quay.io
    
  • Push access to the gcr.io/projectcalico-org repositories. Note: Some of the repos do not yet support credential helpers, you must use one of the token-based logins. For example, assuming you've been granted access, this will configure a short-lived auth token:

    gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://gcr.io
    
  • You must be a member of the Project Calico team on Launchpad, and have uploaded a GPG identity to your account, for which you have the secret key.

  • You must be able to access binaries.projectcalico.org.

  • You must have admin access to docs.projectcalico.org site on netlify.

  • To publish the helm release to the repo, you’ll need an AWS helm profile: Add this to your ~/.aws/config [profile helm] role_arn = arn:aws:iam::<production_account_id>:role/CalicoDevHelmAdmin mfa_serial = arn:aws:iam::<tigera-dev_account_id>:mfa/myusername source_profile = default region = us-east-2 Your user will need permission for assuming the helm admin role in the production account.

You'll also need several GB of disk space (~7GB for v3.4.0, for example).

Some of the release scripts also require tools to be installed in your dev environment:

  • Install and configure the GitHub hub tool.

  • Create a personal access token for Github and export it as the GITHUB_TOKEN env var (for example by adding it to your .profile).

  • Install the "GitHub release" tool, ghr:

    go get -u github.com/tcnksm/ghr
    

Finally, the release process assumes that your repos are checked out with name origin for the git remote for the main Calico repo.

Releasing the subcomponents

Before attempting to create a Calico release you must do the following.

  1. Choose a Calico version number, e.g. v3.2.0.

  2. Verify that the code and GitHub are in the right state for releasing for the chosen version.

  3. Select the appropriate component version numbers, and create any necessary releases. Follow the instructions in each repository for further information. (See recent release information, e.g. at https://docs.projectcalico.org/v3.7/release-notes/, for the set of components to consider releasing.)

    The following components must use the same version number as the Calico version number chosen above, and thus must be re-released for every Calico release.

    The following components do not share a version with the Calico release, but are included in the documentation.

Building and publishing packages

  1. Check out the packaging repository.

  2. In your environment, set HOST to the GCP name for binaries.projectcalico.org, GCLOUD_ARGS to the --zone and --project args needed to access that host, and SECRET_KEY to the secret key for a GPG identity that you have uploaded to your Launchpad account.

  3. Establish GCP credentials so that gcloud with HOST and GCLOUD_ARGS can access binaries.projectcalico.org.

  4. Run make release-publish VERSION=<version>, where <version> is the Calico version being released.

Preparing to cut a Calico release

  1. Check out the master branch of this repository and make sure it is up-to-date and passing Semaphore CI.

    git checkout master && git pull origin master
    

Your next steps depend on the type of release:

Creating a new major / minor release

Creating a candidate release branch

This section describes how to create a candidate release for a new major or minor release. This is typically done at the same time that subcomponent release branches are cut, often well before the actual release is built and published.

  1. Create a new branch off of the latest master.

    git checkout -b release-vX.Y
    
  2. Update versioning information in _data/versions.yml.

    For example:

       - title: v2.1.0-pre-release
         note: ""
         components:
           typha:
             version: release-v2.1
         ... etc ...
    
  3. Update the version in the defaults in _config.yml so that page.version will be set correctly:

    -
      scope:
        path: .
      values:
        version: vX.Y
    
  4. In netlify.toml

    1. set the RELEASE_VERSION environment variable to vX.Y.
    2. add the below redirect at the top of redirects.
       # unforced generic redirect of /vX.Y to /
       [[redirects]]
         from = "/vX.Y/*"
         to = "/:splat"
         status = 301
    
  5. In netlify/_redirects add a new for the new release following the other examples (Note: This page may vary with release, also just non-slash to slash redirects doesn't work. It needs to point to a page). This makes sure that requests coming to /archive/vX.Y (without a slash) don't fail with 404.

  6. Create the the release notes file. This does not need to be populated now but does need to exist.

    touch _includes/release-notes/<VERSION>-release-notes.md
    
  7. If appropriate, update the list of tested versions for different platforms in the appropriate documents.

    • Kubernetes getting-started/kubernetes/requirements.md
    • OpenShift getting-started/openshift/requirements.md
    • OpenStack getting-started/openstack/requirements.md
    • Non-cluster hosts getting-started/bare-metal/requirements.md
  8. Commit your changes and push the branch. For example:

    git commit -a -m "Update docs for vX.Y"
    git push origin release-vX.Y
    

Publishing the candidate release branch

  1. Check out to the candidate release branch that is created as per the instructions here.

    git checkout release-vX.Y
    
  2. On netlify create a new site using the release-vX.Y branch (You should at least have write access to this repo for site creation)

  3. Rename the randomly generated site name to follow the same naming convention as other releases (Ex: calico-vX-Y).

  4. Ensure that the site is generated properly by visiting site URL (Ex. https://calico-vX-Y.netlify.app/archive/vX.Y/).

  5. After ensuring that the site deployment is successful, in current production branch's netlify.toml, add below proxy rules for the release candidate at the top of redirects rules.

     [[redirects]]
       from = "/archive/vX.Y/*"
       to = "https://calico-vX-Y.netlify.app/archive/vX.Y/:splat"
       status = 200
    
     [[redirects]]
       from = "/vX.Y/*"
       to = "https://calico-vX-Y.netlify.app/vX.Y/:splat"
       status = 200
  6. Ensure that these proxy rules are cherry-picked to master branch as well so that future releases, which would be cut from master, will have references to this releases.

  7. Open a pull request to upstream production branch, get it reviewed and merged. This would make the candidate site docs available at docs.projectcalico.org/archive/vX.Y/ (Note: the trailing slash)

Promoting to be the latest release in the docs

This section describes how to create a new major or minor release. It assumes that the release branch has already been created as described in the section above.

  1. Checkout the previously created release branch.

    git checkout release-vX.Y
    
  2. Add the previous release to _data/archives.yaml. Make this change in master as well.

  3. Add the new version to the correct release section in _data/versions.yml.

  4. Update the AUTHORS.md file. This will require GITHUB_TOKEN be set in your environment.

    make update-authors
    
  5. Follow the steps in writing release notes to generate or update candidate release notes.

    Then, add the newly created release note file to git.

    git add _data/release-notes/<VERSION>-release-notes.md
    
  6. Commit your changes. For example:

    git commit -m "Updates for release vX.Y.Z"
    
  7. Push your branch and open a pull request to the upstream release-vX.Y branch. Get it reviewed and wait for it to pass CI.

  8. Run the following on your local branch in order to build the release at the newly created commit.

    make release
    

    Then, publish the tag and release to github.

    make release-publish
    
  9. Merge the PR.

  10. On netlify locate docs.projectcalico.org site and the update Production branch in Settings -> Build & deploy -> Deploy contexts to release-vX.Y in site settings and trigger the deployment. (Note: This site contains LATEST_RELEASE environment variable in netlify UI, using which netlify.toml picks up the correct build for latest release.) This will cause docs.projectcalico.org to be updated (after a few minutes). Validate that everything looks correct.

Confirm the previous release is archived

  1. Ensure that the site is accessible by visiting docs.projectcalico.org/archive/<version>/.

Performing a "patch" release

Creating the release

  1. On a new branch, add the new version to the correct release section in _data/versions.yml

  2. Follow the steps in writing release notes to generate candidate release notes.

    Then, add the newly created release note file to git.

    git add _includes/release-notes/<VERSION>-release-notes.md
    
  3. Commit your changes. For example:

    git commit -m "Updates for release vX.Y.Z"
    
  4. Push your branch and open a pull request. Get it reviewed and wait for it to pass CI.

  5. Once reviewed and CI is passing, run the following on your local branch in order to build and publish the release at the newly created commit.

    make release
    

    Then, publish the tag and release.

    make release-publish
    
  6. Merge the PR. This will cause the live docs site to be updated (after a few minutes).

Release notes

Release notes for a Calico release contain notable changes across Calico repositories. To write release notes for a given version, perform the following steps.

  1. Check the merged pull requests in the milestone and make sure each has a release note if it needs one.

    Use this URL to query for PRs, replacing vX.Y.Z with your desired version.

    https://github.com/issues?utf8=%E2%9C%93&q=user%3Aprojectcalico+milestone%3A%22Calico+vX.Y.Z%22+
    

    Each PR that wants a release note must meet the following conditions to have its release note considered:

    • It is in the correct Calico vX.Y.Z GitHub milestone
    • It has the release-note-required label
    • It has one or more release notes included in the description (Optional).
  2. Run the following command to collect all release notes for the given version.

    make release-notes
    

    A file called <VERSION>-release-notes.md will be created with the raw release note content.

    NOTE: If you receive a ratelimit error, you can specify a GITHUB_TOKEN in the above command to increase the number of allowed API calls. See here for details.

  3. Edit the generated file.

    The release notes should be edited to highlight a few major enhancements and their value to the user. Bug fixes and other changes should be summarized in a bulleted list at the end of the release notes. Any limitations or incompatible changes in behavior should be explicitly noted.

    Consistent release note formatting is important. Here are some examples for reference:

Verifying the release

The final steps in the process are to check it all worked. This is important, so please don't skip it.

  1. Checkout the relevant docs branch (i.e. the release-vX.Y branch)
  2. run make release-test. The release validation checks will run - they check for the presence of all the required binaries tarballs, tags, etc. They do NOT check that the contents of those are valid, but are a good test that the release process itself worked correctly.
  3. check the output of the tests - if any test failed, dig in and understand why.
  4. Kick off some e2e tests to test the contents of the release.