Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

switch from trigger-release target to release target (#1560)

Browse source 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
This commit is contained in:
Alex Goodman 2023-02-09 11:35:11 -05:00 committed by GitHub
parent 988041ba6d
commit 88c81d33ed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 52 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/scripts/ci-check.sh vendored
View file

@ -6,6 +6,6 @@ normal=$(tput sgr0)
# assert we are running in CI (or die!) # assert we are running in CI (or die!)
if [[ -z "$CI" ]]; then if [[ -z "$CI" ]]; then
echo "${bold}${red}This script should ONLY be run in CI. Exiting...${normal}" echo "${bold}${red}This step should ONLY be run in CI. Exiting...${normal}"
exit 1 exit 1
fi fi

2
.github/workflows/release.yaml vendored
View file

@ -125,7 +125,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build & publish release artifacts - name: Build & publish release artifacts
run: make release run: make ci-release
env: env:
# for mac signing and notarization... # for mac signing and notarization...
QUILL_SIGN_P12: ${{ secrets.ANCHORE_APPLE_DEVELOPER_ID_CERT_CHAIN }} QUILL_SIGN_P12: ${{ secrets.ANCHORE_APPLE_DEVELOPER_ID_CERT_CHAIN }}

13
Makefile
View file

@ -315,14 +315,13 @@ changelog: clean-changelog ## Generate and show the changelog for the current u
$(CHANGELOG): $(CHANGELOG):
$(CHRONICLE_CMD) -vvv > $(CHANGELOG) $(CHRONICLE_CMD) -vvv > $(CHANGELOG)
.PHONY: trigger-release .PHONY: release
trigger-release: release:
@.github/scripts/trigger-release.sh @.github/scripts/trigger-release.sh
.PHONY: release .PHONY: ci-release
release: clean-dist $(CHANGELOG) ci-release: ci-check clean-dist $(CHANGELOG)
$(call title,Publishing release artifacts) $(call title,Publishing release artifacts)
@.github/scripts/ci-check.sh
# create a config with the dist dir overridden # create a config with the dist dir overridden
echo "dist: $(DIST_DIR)" > $(TEMP_DIR)/goreleaser.yaml echo "dist: $(DIST_DIR)" > $(TEMP_DIR)/goreleaser.yaml
@ -337,6 +336,10 @@ release: clean-dist $(CHANGELOG)
# upload the version file that supports the application version update check (excluding pre-releases) # upload the version file that supports the application version update check (excluding pre-releases)
.github/scripts/update-version-file.sh "$(DIST_DIR)" "$(VERSION)" .github/scripts/update-version-file.sh "$(DIST_DIR)" "$(VERSION)"
.PHONY: ci-check
ci-check:
@.github/scripts/ci-check.sh
## Cleanup targets ################################# ## Cleanup targets #################################
.PHONY: clean .PHONY: clean

76
RELEASE.md
View file

@ -1,4 +1,39 @@
# Release Process # Release
## Creating a release
This release process itself should be as automated as possible, and has only a few steps:
1. **Trigger a new release with `make release`**. At this point you'll see a preview
changelog in the terminal. If you're happy with the changelog, press `y` to continue, otherwise
you can abort and adjust the labels on the PRs and issues to be included in the release and
re-run the release trigger command.
1. A release admin must approve the release on the GitHub Actions release pipeline run page.
Once approved, the release pipeline will generate all assets and publish a GitHub Release.
1. If there is a release Milestone, close it.
Ideally releasing should be done often with small increments when possible. Unless a
breaking change is blocking the release, or no fixes/features have been merged, a good
target release cadence is between every 1 or 2 weeks.
## Retracting a release
If a release is found to be problematic, it can be retracted with the following steps:
- Deleting the GitHub Release
- Untag the docker images in the `ghcr.io` and `docker.io` registries
- Revert the brew formula in [`anchore/homebrew-syft`](https://github.com/anchore/homebrew-syft) to point to the previous release
- Add a new `retract` entry in the go.mod for the versioned release
**Note**: do not delete release tags from the git repository since there may already be references to the release
in the go proxy, which will cause confusion when trying to reuse the tag later (the H1 hash will not match and there
will be a warning when users try to pull the new release).
## Background
A good release process has the following qualities: A good release process has the following qualities:
@ -7,7 +42,8 @@ A good release process has the following qualities:
1. Allow for different kinds of releases (major breaking vs backwards compatible enhancements vs patch updates) 1. Allow for different kinds of releases (major breaking vs backwards compatible enhancements vs patch updates)
1. Specify a repeatable way to build and publish software artifacts 1. Specify a repeatable way to build and publish software artifacts
## Planning a release
### Planning a release
To indicate a set of features to be released together add each issue to an in-repository To indicate a set of features to be released together add each issue to an in-repository
Milestone named with major-minor version to be released (e.g. `v0.1`). It is OK for other Milestone named with major-minor version to be released (e.g. `v0.1`). It is OK for other
@ -25,7 +61,8 @@ release (where some partial or breaking features have already been merged).
Unless necessary, feature releases should be small and frequent, which may obviate the Unless necessary, feature releases should be small and frequent, which may obviate the
need for regular release planning under a Milestone. need for regular release planning under a Milestone.
## What is in a release
### What is in a release
Milestones are specifically for planning a release, not necessarily tracking all changes Milestones are specifically for planning a release, not necessarily tracking all changes
that a release may bring (and more importantly, not all releases are necessarily planned that a release may bring (and more importantly, not all releases are necessarily planned
@ -59,7 +96,8 @@ The above suggestions imply that we should:
**With this approach as we cultivate good organization of PRs and issues we automatically **With this approach as we cultivate good organization of PRs and issues we automatically
get an equally good Changelog.** get an equally good Changelog.**
## Major, minor, and patch releases
### Major, minor, and patch releases
The latest version of the tool is the only supported version, which implies that multiple The latest version of the tool is the only supported version, which implies that multiple
parallel release branches will not be a regular process (if ever). Multiple releases can parallel release branches will not be a regular process (if ever). Multiple releases can
@ -72,33 +110,3 @@ tracking).
Semantic versioning should be used to indicate breaking changes, new features, and fixes. Semantic versioning should be used to indicate breaking changes, new features, and fixes.
The exception to this is `< 1.0`, where the major version is not bumped for breaking changes, The exception to this is `< 1.0`, where the major version is not bumped for breaking changes,
instead the minor version indicates both new features and breaking changes. instead the minor version indicates both new features and breaking changes.
## Cutting a release
Ideally releasing should be done often with small increments when possible. Unless a
breaking change is blocking the release, or no fixes/features have been merged, a good
target release cadence is between every 1 or 2 weeks.
This release process itself should be as automated as possible, and has only a few steps:
1. **Trigger a new release with `make trigger-release`**. At this point you'll see a preview
changelog in the terminal. If you're happy with the changelog, press `y` to continue, otherwise
you can abort and adjust the labels on the PRs and issues to be included in the release and
re-run the release trigger command.
1. A release admin must approve the release on the GitHub Actions release pipeline run page.
Once approved, the release pipeline will generate all assets and publish a GitHub Release.
1. If there is a release Milestone, close it.
## Retracting a release
If a release is found to be problematic, it can be retracted with the following steps:
- Deleting the GitHub Release
- Untag the docker images in the `ghcr.io` and `docker.io` registries
- Revert the brew formula in [`anchore/homebrew-syft`](https://github.com/anchore/homebrew-syft) to point to the previous release
**Note**: do not delete release tags from the git repository since there may already be references to the release
in the go proxy, which will cause confusion when trying to reuse the tag later (the H1 hash will not match and there
will be a warning when users try to pull the new release).