aiden
/
calamares
mirror of https://github.com/cutefishos/calamares
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8497aad7a1'
${ noResults }
calamares/ci/RELEASE.md

126 lines
4.7 KiB
Markdown
Raw Blame History

# Calamares Release Process
> Calamares releases are now rolling when-they-are-ready releases.
> Releases are made from *calamares* and tagged there. When, in future,
> LTS releases resume, these steps may be edited again.
>
> Most things are automated through the release script [RELEASE.sh](RELEASE.sh)
## (1) Preparation
* Make sure all tests pass.
```
make
make test
```
Note that *all* means all-that-make-sense. The partition-manager tests need
an additional environment variable to be set for some tests, which will
destroy an attached disk. This is not always desirable. There are some
sample config-files that are empty and which fail the config-tests.
* Pull latest translations from Transifex. We only push / pull translations
from master, so longer-lived branches (e.g. 3.1.x) don't get translation
updates. This is to keep the translation workflow simple. The script
automatically commits changes to the translations.
```
sh ci/txpull.sh
```
* Update the list of enabled translation languages in `CMakeLists.txt`.
Check the [translation site][transifex] for the list of languages with
fairly complete translations, or use `ci/txstats.py` for an automated
suggestion. If there are changes, commit them.
* Push the changes.
* Check defaults in `settings.conf` and other configuration files.
* Drop the RC variable to 0 in `CMakeLists.txt`, *CALAMARES_VERSION_RC*.
* Edit `CHANGES` and set the date of the release.
* Commit both. This is usually done with commit-message
*Changes: pre-release housekeeping*.
## (2) Release Day
* Run the helper script `ci/RELEASE.sh` or follow steps below.
The script checks:
- for uncommitted local changes,
- if translations are up-to-date and translators
have had enough time to chase new strings,
- that the build is successful (with gcc and clang, if available),
- tests pass,
- tarball can be created,
- tarball can be signed.
On success, it prints out a suitable signature- and SHA256 blurb
for use in the release announcement.
## (3) Release
Follow the instructions printed by the release script.
* Push the tags.
* Create a new release on GitHub.
* Upload tarball and signature.
* Publish release article on `calamares.io`.
* Close associated milestone on GitHub if it's entirely done.
* Update topic on #calamares IRC channel.
## (4) Post-Release
* Bump the version number in `CMakeLists.txt` in the `project()` command.
* Set *CALAMARES_VERSION_RC* back to 1.
* Add a placeholder entry for the next release in `CHANGES` with date
text *not released yet*.
* Commit and push that, usually with the message
*Changes: post-release housekeeping*.
```
# 3.2.XX (unreleased) #
This release contains contributions from (alphabetically by first name):
- No external contributors yet
## Core ##
- No core changes yet
## Modules ##
- No module changes yet
```
# Related Material
> This section isn't directly related to any specific release,
> but bears on all releases.
## GPG Key Maintainence
Calamares uses GPG Keys for signing the tarballs and some commits
(tags, mostly). Calamares uses the **maintainer's** personal GPG
key for this. This section details some GPG activities that the
maintainer should do with those keys.
- Signing sub-key. It's convenient to use a signing sub-key specifically
for the signing of Calamares. To do so, add a key to the private key.
It's recommended to use key expiry, and to update signing keys periodically.
- Run `gpg -K` to find the key ID of your personal GPG secret key.
- Run `gpg --edit-key <keyid>` to edit that personal GPG key.
- In gpg edit-mode, use `addkey`, then pick a key type that is *sign-only*
(e.g. type 4, *RSA (sign only)*), then pick a keysize (3072 seems ok
as of 2020) and set a key expiry time, (e.g. in 18 months time).
- After generation, the secret key information is printed again, now
including the new signing subkey:
```
ssb rsa3072/0xCFDDC96F12B1915C
created: 2020-07-11 expires: 2022-01-02 usage: S
```
- Update the `RELEASE.sh` script with a new signing sub-key ID when a new
one is generated. Also announce the change of signing sub-key (e.g. on
the Calmares site or as part of a release announcement).
- Send the updated key to keyservers with `gpg --send-keys <keyid>`
- Optional: sanitize the keyring for use in development machines.
Export the current subkeys of the master key and keep **only** those
secret keys around. There is documentation
[here](https://blog.tinned-software.net/create-gnupg-key-with-sub-keys-to-sign-encrypt-authenticate/)
but be careful.
- Export the public key material with `gpg --export --armor <keyid>`,
possibly also setting an output file.
- Upload that public key to the relevant GitHub profile.
- Upload that public key to the Calamares site.
Reference in New Issue View Git Blame Copy Permalink