Expand release management workflow for dom0-config to include yum-qa process
#116
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zenmonkeykstop
requested changes
Jan 23, 2024
|
|
||
| 1. Create a release branch in the ``securedrop-workstation`` repository. | ||
| 2. Push a changelog commit. | ||
| 3. Push an rc tag in the format ``<major>.<minor>.<patch>~rcN`` on your new commit. |
There was a problem hiding this comment.
This is confusing - are we creating the same tag twice as https://github.com/freedomofpress/securedrop-dev-docs/pull/116/files#diff-4734e6704c88c316b866a490f32ca0f4ed2965f9c43c73d2bcc1c6141ec558a3R149 suggests?
| signing ceremonies, and stakeholder communications. | ||
|
|
||
| 1. Push a release tag on the same commit of the rc tag that was approved during QA. | ||
| 2. :ref:`Sign the tag with the SecureDrop release key` (or ask another maintainer to do this). |
There was a problem hiding this comment.
RPMs need to be signed as well/instead. IIRC this happens automatically for test repos but a signer will be needed for prod.
|
|
||
| Once the package on ``yum-test`` has passed QA and it appears that no additional | ||
| release candidates are needed, repeat the process from Step 2, this time opening | ||
| the pull request against ``securedrop-yum-qa``. Once the package is uploaded there, |
There was a problem hiding this comment.
There is no securedrop-yum-qa, I think. The preflight procedure as I understand it is the same as for the repos:
- create and sign prod RPM
- create a
releasebranch on thesecuredrop-yum-prodrepo and add the RPM there - submit a PR for that branch - a webhook will deploy it to yum-qa.securedrop.org
- do preflight checks (as described below)
- when good, merge to
main, which will deploy it to prod.
|
@nathandyer Worth reviving? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review
Description of Changes
This PR expands the RPM release management section, or at least the portion dedicated to
securedrop-workstation-dom0-config, to match theaptcounterpart above, and incorporate theyum-testandyum-qarepos.Testing
Checklist (Optional)
make docs-lint) passed locallymake docs-linkcheck) passedmake docs) docs at http://localhost:8000