Version and release documentation #531
Conversation
estroz
added
needs discussion
docs
do-not-merge/work-in-progress
estroz
requested review from
AlexNPavel,
hasbro17,
lilic,
rithujohn191,
robszumski and
spahl
openshift-ci-robot
added
the
size/L
|
This is off to a great start. Brainstorming other topics we might want to cover that are less about the mechanics and more about how it affects an Operator developer:
|
|
@estroz Can you rebase these commits? Due to the way travis works, there's some dependency issues that should be fixed by simply rebasing. |
estroz
force-pushed
the
version-release-doc
branch
from
3cdb811 to
43e5b24
Compare
AlexNPavel
left a comment
AlexNPavel
left a comment
There was a problem hiding this comment.
Overall, the release process seems pretty reasonable, but we need to make sure we build for all supported platforms, and we should probably automate some of these steps to reduce the chance of mistakes.
doc/release-versioning.md
Outdated
|
|
||
| ## Binaries | ||
|
|
||
| Release binaries will be built for the `x86_64` architecture. Binaries will be signed using a maintainers' [PGP key][doc-maintainer-pgp-keys], and signatures will be uploaded to the release along with its accompanying tarball-ed binary. Ensure you import maintainer keys to verify release binaries. Note: `gpg` and `gpg2` can be used interchangeably to sign and verify binaries; substitute `gpg2` for `gpg` below. |
There was a problem hiding this comment.
Why are we tarballing the binary (and the build directory as a whole)? Most projects I've seen just upload the raw binary as their release (and most exceptions include more than 1 file, such as openshift/origin which also includes a license and readme). Uploading just a raw binary makes it easier to download and use the binary as well.
doc/release-versioning.md
Outdated
|
|
||
| Creating a release binary tarball: | ||
| ```bash | ||
| $ make build |
There was a problem hiding this comment.
make build just builds the binary for architecture and os of the current machine. We should have a make release function that cross-compiles for all supported platforms (linux and macos x86_64). I built a release for ct last year, which has a pretty well designed release process. This is their makefile (they support many more platforms than us, but still a good reference): https://github.com/coreos/container-linux-config-transpiler/blob/master/Makefile
There was a problem hiding this comment.
Ah excellent. I wasn't sure which architectures were supported so I assumed only linux x86_64 was. I will make updates to the Makefile.
doc/release-versioning.md
Outdated
| ```bash | ||
| $ git tag \ | ||
| -s "v${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}" \ | ||
| "$GIT_COMMIT_HASH" |
There was a problem hiding this comment.
There's a lot of different steps to perform to do a release and that leaves a lot of room for error. A script might make sense to help simplify this. As I mentioned in an above comment, ct has a pretty nice release process. They have a script that does various checks, creates and verifies a signed tag, and then runs make release. I feel that this would work well for our release process as well: https://github.com/coreos/container-linux-config-transpiler/blob/master/release.sh
There was a problem hiding this comment.
I fully agree. I'll take a look at that script and make adaptions.
|
Something I forgot to mention in my first lookthrough of this: we need to update the version we are pointing to in |
lilic
left a comment
lilic
left a comment
There was a problem hiding this comment.
In general lgtm, but agree with @AlexNPavel it should be more automated.
doc/release-versioning.md
Outdated
| $ make build | ||
| ``` | ||
|
|
||
| Creating a release tarball: |
There was a problem hiding this comment.
Can we automate the following parts as well, we could have a script that does all these steps for us. You could pass in the needed args but it should be possible to automate.
We should just document the minimum supported version of Kubernetes, which is already documented in https://github.com/operator-framework/operator-sdk#prerequisites, don't think it needs to be in the release notes as well. |
doc/release-versioning.md
Outdated
|
|
||
| Making an Operator SDK release involves: | ||
| - Tagging and signing a git commit and pushing the tag to GitHub. | ||
| - Building a release binary, signing the binary, and uploading both binary and signature to GitHub. |
There was a problem hiding this comment.
As part of this, I would like to see discussion about releasing ansible operator base image and helm operator along with the binary.
I think that we should start thinking about all of these things as 1 project and not separate entities with their own release timelines or procedures.
In this case, I believe that a tagged version of the ansible-operator base image (and maybe the binary as well?) should be built, and pushed to a shared quay.io repo. I would like this to happen at the exact same time that operator-sdk release is happening.
I believe the helm-operator should have a published binary and base-image. I don't know enough about how it is expected to be used to comment much further.
There was a problem hiding this comment.
@spahl @AlexNPavel @robszumski can you comment on this? Not sure if ansible image packaging has been discussed outside of this PR. This suggestion sounds reasonable to me but needs its own PR.
There was a problem hiding this comment.
We should do this in a separate PR. I do agree that it should be tracked and released at the same time. Let's create an issue to not forget.
|
@AlexNPavel I've adopted the |
|
When running |
estroz
force-pushed
the
version-release-doc
branch
from
1752a92 to
f496a95
Compare
|
@lilic @robszumski noted the location of Kubernetes version info. Do we want to have a compatibility matrix for the SDK, as suggested in this issue comment? |
estroz
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
doc/release-versioning.md
Outdated
|
|
||
| ## Binaries and signatures | ||
|
|
||
| Binaries will be signed using a maintainers' [PGP key][doc-maintainer-pgp-keys], and signatures will be uploaded to the release along with its accompanying binary. Ensure you import maintainer keys to verify release binaries. |
There was a problem hiding this comment.
Before this PR is merged we need to have a discussion about signing processes and handling maintainer PGP keys.
estroz
added
the
do-not-merge/work-in-progress
shawn-hurley
left a comment
shawn-hurley
left a comment
There was a problem hiding this comment.
LGTM pending the discussion about signing and handling maintainer PGP keys.
…within project context (in 'build' dir), and .gitignore clause
…ntics and mechanics
These Makefile updates allow the SDK to be built for multiple platforms with one command, 'make release'
…move arm64 release make target
….sh' automates everything from building multi-arch to signing
…g is retrieved regardless of signature
…d Kubernetes version(s)
…ures, and platforms in their own section
estroz
force-pushed
the
version-release-doc
branch
from
82b7bda to
54267d2
Compare
estroz
force-pushed
the
version-release-doc
branch
from
54267d2 to
8fd7047
Compare
* .gitignore,Makefile: added 'build' Makefile target to build a binary within project context (in 'build' dir), and .gitignore clause * doc/release-versioning.md: rough draft of release and versioning semantics and mechanics * Makefile: add mutiple build targets and reformat 'all' make target * release.sh: tag and build release with a few pre-build checks * Makefile: added signature make targets to run under release target * doc/release-versioning.md: revised release process such that 'release.sh' automates everything from building multi-arch to signing * Makefile: add '--tags' flag when retrieving version so the current tag is retrieved regardless of signature * Makefile: ensure git and gpg are configured to have the same signing key * doc/release-versioning.md: document supported k8s versions, architectures, and platforms in their own section * release.sh,Makefile,pkg/generator/templates.go: check versions before tagging on release
* .gitignore,Makefile: added 'build' Makefile target to build a binary within project context (in 'build' dir), and .gitignore clause * doc/release-versioning.md: rough draft of release and versioning semantics and mechanics * Makefile: add mutiple build targets and reformat 'all' make target * release.sh: tag and build release with a few pre-build checks * Makefile: added signature make targets to run under release target * doc/release-versioning.md: revised release process such that 'release.sh' automates everything from building multi-arch to signing * Makefile: add '--tags' flag when retrieving version so the current tag is retrieved regardless of signature * Makefile: ensure git and gpg are configured to have the same signing key * doc/release-versioning.md: document supported k8s versions, architectures, and platforms in their own section * release.sh,Makefile,pkg/generator/templates.go: check versions before tagging on release
* .gitignore,Makefile: added 'build' Makefile target to build a binary within project context (in 'build' dir), and .gitignore clause * doc/release-versioning.md: rough draft of release and versioning semantics and mechanics * Makefile: add mutiple build targets and reformat 'all' make target * release.sh: tag and build release with a few pre-build checks * Makefile: added signature make targets to run under release target * doc/release-versioning.md: revised release process such that 'release.sh' automates everything from building multi-arch to signing * Makefile: add '--tags' flag when retrieving version so the current tag is retrieved regardless of signature * Makefile: ensure git and gpg are configured to have the same signing key * doc/release-versioning.md: document supported k8s versions, architectures, and platforms in their own section * release.sh,Makefile,pkg/generator/templates.go: check versions before tagging on release
* .gitignore,Makefile: added 'build' Makefile target to build a binary within project context (in 'build' dir), and .gitignore clause * Makefile: add mutiple build targets and reformat 'all' make target * Makefile: added signature make targets to run under release target * Makefile: ensure git and gpg are configured to have the same signing key * doc/release-versioning.md: document supported k8s versions, architectures, and platforms in their own section * release.sh,Makefile,pkg/generator/templates.go: check versions before tagging on release
… (operator-framework#604) * .gitignore,Makefile: added 'build' Makefile target to build a binary within project context (in 'build' dir), and .gitignore clause * Makefile: add mutiple build targets and reformat 'all' make target * Makefile: added signature make targets to run under release target * Makefile: ensure git and gpg are configured to have the same signing key * doc/release-versioning.md: document supported k8s versions, architectures, and platforms in their own section * release.sh,Makefile,pkg/generator/templates.go: check versions before tagging on release
* .gitignore,Makefile: added 'build' Makefile target to build a binary within project context (in 'build' dir), and .gitignore clause * Makefile: add mutiple build targets and reformat 'all' make target * Makefile: added signature make targets to run under release target * Makefile: ensure git and gpg are configured to have the same signing key * doc/release-versioning.md: document supported k8s versions, architectures, and platforms in their own section * release.sh,Makefile,pkg/generator/templates.go: check versions before tagging on release
8 participants
This PR contains documentation outlining how releases will be done, release semantics, and versioning. The release and versioning documentation is a now in final draft form.
Resolves: #166, #476
Note: discussion of PGP key signing process has been moved to #588