moby/project/RELEASE-CHECKLIST.md
Jérôme Petazzoni 1135eadff9 Make rc announcement mandatory
Last month, when people upgraded their K8S clusters to use Engine 1.13, networking broke for them
because the default forwarding policy changed to `DROP` to increase the security and prevent some
specific network attacks. After a [long discussion on Twitter](https://twitter.com/jbeda/status/826969113801093121)
we realized that while the 1.13-rc releases had been out for months, they hadn't received as much
testing as we wanted because they hadn't been announced through all available channels.

This is a proposal to alter the release process to make sure that release candidate versions are
announced as widely as possible.

Signed-off-by: Jerome Petazzoni <jerome.petazzoni@gmail.com>
2017-03-01 10:06:00 -08:00

519 lines
17 KiB
Markdown

# Release Checklist
## A maintainer's guide to releasing Docker
So you're in charge of a Docker release? Cool. Here's what to do.
If your experience deviates from this document, please document the changes
to keep it up-to-date.
It is important to note that this document assumes that the git remote in your
repository that corresponds to "https://github.com/docker/docker" is named
"origin". If yours is not (for example, if you've chosen to name it "upstream"
or something similar instead), be sure to adjust the listed snippets for your
local environment accordingly. If you are not sure what your upstream remote is
named, use a command like `git remote -v` to find out.
If you don't have an upstream remote, you can add one easily using something
like:
```bash
export GITHUBUSER="YOUR_GITHUB_USER"
git remote add origin https://github.com/docker/docker.git
git remote add $GITHUBUSER git@github.com:$GITHUBUSER/docker.git
```
### 1. Pull from master and create a release branch
All releases version numbers will be of the form: vX.Y.Z where X is the major
version number, Y is the minor version number and Z is the patch release version number.
#### Major releases
The release branch name is just vX.Y because it's going to be the basis for all .Z releases.
```bash
export BASE=vX.Y
export VERSION=vX.Y.Z
git fetch origin
git checkout --track origin/master
git checkout -b release/$BASE
```
This new branch is going to be the base for the release. We need to push it to origin so we
can track the cherry-picked changes and the version bump:
```bash
git push origin release/$BASE
```
When you have the major release branch in origin, we need to create the bump fork branch
that we'll push to our fork:
```bash
git checkout -b bump_$VERSION
```
#### Patch releases
If we have the release branch in origin, we can create the forked bump branch from it directly:
```bash
export VERSION=vX.Y.Z
export PATCH=vX.Y.Z+1
git fetch origin
git checkout --track origin/release/$BASE
git checkout -b bump_$PATCH
```
We cherry-pick only the commits we want into the bump branch:
```bash
# get the commits ids we want to cherry-pick
git log
# cherry-pick the commits starting from the oldest one, without including merge commits
git cherry-pick -s -x <commit-id>
git cherry-pick -s -x <commit-id>
...
```
### 2. Update the VERSION files and API version on master
We don't want to stop contributions to master just because we are releasing.
So, after the release branch is up, we bump the VERSION and API version to mark
the start of the "next" release.
#### 2.1 Update the VERSION files
Update the content of the `VERSION` file to be the next minor (incrementing Y)
and add the `-dev` suffix. For example, after the release branch for 1.5.0 is
created, the `VERSION` file gets updated to `1.6.0-dev` (as in "1.6.0 in the
making").
#### 2.2 Update API version on master
We don't want API changes to go to the now frozen API version. Create a new
entry in `docs/reference/api/` by copying the latest and bumping the version
number (in both the file's name and content), and submit this in a PR against
master.
### 3. Update CHANGELOG.md
You can run this command for reference with git 2.0:
```bash
git fetch --tags
LAST_VERSION=$(git tag -l --sort=-version:refname "v*" | grep -E 'v[0-9\.]+$' | head -1)
git log --stat $LAST_VERSION..bump_$VERSION
```
If you don't have git 2.0 but have a sort command that supports `-V`:
```bash
git fetch --tags
LAST_VERSION=$(git tag -l | grep -E 'v[0-9\.]+$' | sort -rV | head -1)
git log --stat $LAST_VERSION..bump_$VERSION
```
If releasing a major version (X or Y increased in vX.Y.Z), simply listing notable user-facing features is sufficient.
```markdown
#### Notable features since <last major version>
* New docker command to do something useful
* Engine API change (deprecating old version)
* Performance improvements in some usecases
* ...
```
For minor releases (only Z increases in vX.Y.Z), provide a list of user-facing changes.
Each change should be listed under a category heading formatted as `#### CATEGORY`.
`CATEGORY` should describe which part of the project is affected.
Valid categories are:
* Builder
* Documentation
* Hack
* Packaging
* Engine API
* Runtime
* Other (please use this category sparingly)
Each change should be formatted as `BULLET DESCRIPTION`, given:
* BULLET: either `-`, `+` or `*`, to indicate a bugfix, new feature or
upgrade, respectively.
* DESCRIPTION: a concise description of the change that is relevant to the
end-user, using the present tense. Changes should be described in terms
of how they affect the user, for example "Add new feature X which allows Y",
"Fix bug which caused X", "Increase performance of Y".
EXAMPLES:
```markdown
## 0.3.6 (1995-12-25)
#### Builder
+ 'docker build -t FOO .' applies the tag FOO to the newly built image
#### Engine API
- Fix a bug in the optional unix socket transport
#### Runtime
* Improve detection of kernel version
```
If you need a list of contributors between the last major release and the
current bump branch, use something like:
```bash
git log --format='%aN <%aE>' v0.7.0...bump_v0.8.0 | sort -uf
```
Obviously, you'll need to adjust version numbers as necessary. If you just need
a count, add a simple `| wc -l`.
### 4. Change the contents of the VERSION file
Before the big thing, you'll want to make successive release candidates and get
people to test. The release candidate number `N` should be part of the version:
```bash
export RC_VERSION=${VERSION}-rcN
echo ${RC_VERSION#v} > VERSION
```
### 5. Test the docs
Make sure that your tree includes documentation for any modified or
new features, syntax or semantic changes.
To test locally:
```bash
make docs
```
To make a shared test at https://beta-docs.docker.io:
(You will need the `awsconfig` file added to the `docs/` dir)
```bash
make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release
```
### 6. Commit and create a pull request to the "release" branch
```bash
git add VERSION CHANGELOG.md
git commit -m "Bump version to $VERSION"
git push $GITHUBUSER bump_$VERSION
echo "https://github.com/$GITHUBUSER/docker/compare/docker:release/$BASE...$GITHUBUSER:bump_$VERSION?expand=1"
```
That last command will give you the proper link to visit to ensure that you
open the PR against the "release" branch instead of accidentally against
"master" (like so many brave souls before you already have).
### 7. Create a PR to update the AUTHORS file for the release
Update the AUTHORS file, by running the `hack/generate-authors.sh` on the
release branch. To prevent duplicate entries, you may need to update the
`.mailmap` file accordingly.
### 8. Build release candidate rpms and debs
**NOTE**: It will be a lot faster if you pass a different graphdriver with
`DOCKER_GRAPHDRIVER` than `vfs`.
```bash
docker build -t docker .
docker run \
--rm -t --privileged \
-e DOCKER_GRAPHDRIVER=aufs \
-v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
docker \
hack/make.sh binary build-deb build-rpm
```
### 9. Publish release candidate rpms and debs
With the rpms and debs you built from the last step you can release them on the
same server, or ideally, move them to a dedicated release box via scp into
another docker/docker directory in bundles. This next step assumes you have
a checkout of the docker source code at the same commit you used to build, with
the artifacts from the last step in `bundles`.
**NOTE:** If you put a space before the command your `.bash_history` will not
save it. (for the `GPG_PASSPHRASE`).
```bash
docker build -t docker .
docker run --rm -it --privileged \
-v /volumes/repos:/volumes/repos \
-v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
-v $HOME/.gnupg:/root/.gnupg \
-e DOCKER_RELEASE_DIR=/volumes/repos \
-e GPG_PASSPHRASE \
-e KEEPBUNDLE=1 \
docker \
hack/make.sh release-deb release-rpm sign-repos generate-index-listing
```
### 10. Upload the changed repos to wherever you host
For example, above we bind mounted `/volumes/repos` as the storage for
`DOCKER_RELEASE_DIR`. In this case `/volumes/repos/apt` can be synced with
a specific s3 bucket for the apt repo and `/volumes/repos/yum` can be synced with
a s3 bucket for the yum repo.
### 11. Publish release candidate binaries
To run this you will need access to the release credentials. Get them from the
Core maintainers.
```bash
docker build -t docker .
# static binaries are still pushed to s3
docker run \
-e AWS_S3_BUCKET=test.docker.com \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_DEFAULT_REGION \
-i -t --privileged \
docker \
hack/release.sh
```
It will run the test suite, build the binaries and upload to the specified bucket,
so this is a good time to verify that you're running against **test**.docker.com.
### 12. Purge the cache!
After the binaries are uploaded to test.docker.com and the packages are on
apt.dockerproject.org and yum.dockerproject.org, make sure
they get tested in both Ubuntu and Debian for any obvious installation
issues or runtime issues.
If everything looks good, it's time to create a git tag for this candidate:
```bash
git tag -a $RC_VERSION -m $RC_VERSION bump_$VERSION
git push origin $RC_VERSION
```
Announcing on multiple medias is the best way to get some help testing! An easy
way to get some useful links for sharing:
```bash
echo "Ubuntu/Debian: curl -sSL https://test.docker.com/ | sh"
echo "Linux 64bit binary: https://test.docker.com/builds/Linux/x86_64/docker-${VERSION#v}"
echo "Darwin/OSX 64bit client binary: https://test.docker.com/builds/Darwin/x86_64/docker-${VERSION#v}"
echo "Linux 64bit tgz: https://test.docker.com/builds/Linux/x86_64/docker-${VERSION#v}.tgz"
echo "Windows 64bit client binary: https://test.docker.com/builds/Windows/x86_64/docker-${VERSION#v}.exe"
echo "Windows 32bit client binary: https://test.docker.com/builds/Windows/i386/docker-${VERSION#v}.exe"
```
### 13. Announce the release candidate
The release candidate should be announced on:
- IRC on #docker, #docker-dev, #docker-maintainers
- In a comment on the pull request to notify subscribed people on GitHub
- The [docker-dev](https://groups.google.com/forum/#!forum/docker-dev) group
- The [docker-maintainers](https://groups.google.com/a/dockerproject.org/forum/#!forum/maintainers) group
- (Optional) Any social media that can bring some attention to the release candidate
### 14. Iterate on successive release candidates
Spend several days along with the community explicitly investing time and
resources to try and break Docker in every possible way, documenting any
findings pertinent to the release. This time should be spent testing and
finding ways in which the release might have caused various features or upgrade
environments to have issues, not coding. During this time, the release is in
code freeze, and any additional code changes will be pushed out to the next
release.
It should include various levels of breaking Docker, beyond just using Docker
by the book.
Any issues found may still remain issues for this release, but they should be
documented and give appropriate warnings.
During this phase, the `bump_$VERSION` branch will keep evolving as you will
produce new release candidates. The frequency of new candidates is up to the
release manager: use your best judgement taking into account the severity of
reported issues, testers availability, and time to scheduled release date.
Each time you'll want to produce a new release candidate, you will start by
adding commits to the branch, usually by cherry-picking from master:
```bash
git cherry-pick -s -x -m0 <commit_id>
```
You want your "bump commit" (the one that updates the CHANGELOG and VERSION
files) to remain on top, so you'll have to `git rebase -i` to bring it back up.
Now that your bump commit is back on top, you will need to update the CHANGELOG
file (if appropriate for this particular release candidate), and update the
VERSION file to increment the RC number:
```bash
export RC_VERSION=$VERSION-rcN
echo $RC_VERSION > VERSION
```
You can now amend your last commit and update the bump branch:
```bash
git commit --amend
git push -f $GITHUBUSER bump_$VERSION
```
Repeat steps 6 to 14 to tag the code, publish new binaries, announce availability, and
get help testing.
### 15. Finalize the bump branch
When you're happy with the quality of a release candidate, you can move on and
create the real thing.
You will first have to amend the "bump commit" to drop the release candidate
suffix in the VERSION file:
```bash
echo $VERSION > VERSION
git add VERSION
git commit --amend
```
You will then repeat step 6 to publish the binaries to test
### 16. Get 2 other maintainers to validate the pull request
### 17. Build final rpms and debs
```bash
docker build -t docker .
docker run \
--rm -t --privileged \
-v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
docker \
hack/make.sh binary build-deb build-rpm
```
### 18. Publish final rpms and debs
With the rpms and debs you built from the last step you can release them on the
same server, or ideally, move them to a dedicated release box via scp into
another docker/docker directory in bundles. This next step assumes you have
a checkout of the docker source code at the same commit you used to build, with
the artifacts from the last step in `bundles`.
**NOTE:** If you put a space before the command your `.bash_history` will not
save it. (for the `GPG_PASSPHRASE`).
```bash
docker build -t docker .
docker run --rm -it --privileged \
-v /volumes/repos:/volumes/repos \
-v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
-v $HOME/.gnupg:/root/.gnupg \
-e DOCKER_RELEASE_DIR=/volumes/repos \
-e GPG_PASSPHRASE \
-e KEEPBUNDLE=1 \
docker \
hack/make.sh release-deb release-rpm sign-repos generate-index-listing
```
### 19. Upload the changed repos to wherever you host
For example, above we bind mounted `/volumes/repos` as the storage for
`DOCKER_RELEASE_DIR`. In this case `/volumes/repos/apt` can be synced with
a specific s3 bucket for the apt repo and `/volumes/repos/yum` can be synced with
a s3 bucket for the yum repo.
### 20. Publish final binaries
Once they're tested and reasonably believed to be working, run against
get.docker.com:
```bash
docker build -t docker .
# static binaries are still pushed to s3
docker run \
-e AWS_S3_BUCKET=get.docker.com \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_DEFAULT_REGION \
-i -t --privileged \
docker \
hack/release.sh
```
### 21. Purge the cache!
### 22. Apply tag and create release
It's very important that we don't make the tag until after the official
release is uploaded to get.docker.com!
```bash
git tag -a $VERSION -m $VERSION bump_$VERSION
git push origin $VERSION
```
Once the tag is pushed, go to GitHub and create a [new release](https://github.com/docker/docker/releases/new).
If the tag is for an RC make sure you check `This is a pre-release` at the bottom of the form.
Select the tag that you just pushed as the version and paste the changelog in the description of the release.
You can see examples in this two links:
https://github.com/docker/docker/releases/tag/v1.8.0
https://github.com/docker/docker/releases/tag/v1.8.0-rc3
### 23. Go to github to merge the `bump_$VERSION` branch into release
Don't forget to push that pretty blue button to delete the leftover
branch afterwards!
### 24. Update the docs branch
You will need to point the docs branch to the newly created release tag:
```bash
git checkout origin/docs
git reset --hard origin/$VERSION
git push -f origin docs
```
The docs will appear on https://docs.docker.com/ (though there may be cached
versions, so its worth checking http://docs.docker.com.s3-website-us-east-1.amazonaws.com/).
For more information about documentation releases, see `docs/README.md`.
Note that the new docs will not appear live on the site until the cache (a complex,
distributed CDN system) is flushed. The `make docs-release` command will do this
_if_ the `DISTRIBUTION_ID` is set correctly - this will take at least 15 minutes to run
and you can check its progress with the CDN Cloudfront Chrome addon.
### 25. Create a new pull request to merge your bump commit back into master
```bash
git checkout master
git fetch
git reset --hard origin/master
git cherry-pick -s -x $VERSION
git push $GITHUBUSER merge_release_$VERSION
echo "https://github.com/$GITHUBUSER/docker/compare/docker:master...$GITHUBUSER:merge_release_$VERSION?expand=1"
```
Again, get two maintainers to validate, then merge, then push that pretty
blue button to delete your branch.
### 26. Rejoice and Evangelize!
Congratulations! You're done.
Go forth and announce the glad tidings of the new release in `#docker`,
`#docker-dev`, on the [dev mailing list](https://groups.google.com/forum/#!forum/docker-dev),
the [announce mailing list](https://groups.google.com/forum/#!forum/docker-announce),
and on Twitter!