diff --git a/.github/ISSUE_TEMPLATE/release-check-list.md b/.github/ISSUE_TEMPLATE/release-check-list.md index 74833b8..5bcac97 100644 --- a/.github/ISSUE_TEMPLATE/release-check-list.md +++ b/.github/ISSUE_TEMPLATE/release-check-list.md @@ -51,6 +51,8 @@ Releases of most subprojects are now decoupled from releases of the CoCo project ## The Steps +Note: It may be useful when doing these steps to refer to a previous example. The v0.9.0-alpha1 release applied [these changes](https://github.com/confidential-containers/operator/pull/388/files). After following steps 1-5 below, you should end up with a similar set of changes. + ### Determine release builds Identify/create the bundles that we will release for Kata and enclave-cc. @@ -70,29 +72,34 @@ Identify/create the bundles that we will release for Kata and enclave-cc. If you absolutely cannot use a Kata release, you can consider releasing one of these bundles. +- [ ] 3. :eyes: **Create a peer pods release** + + Create a peer pods release based on the Kata release, by following the [documented flow](https://github.com/confidential-containers/cloud-api-adaptor/blob/main/docs/Release-Process.md). + ### Test Release with Operator -- [ ] 3. :eyes: **Check operator pre-installation and open PR if needed** +- [ ] 4. :eyes: **Check operator pre-installation and open PR if needed** The operator uses a pre-install container to setup the node. Check that the container matches the dependencies used in Kata and that the operator pulls the most recent version of the container. * Check that the version of the `nydus-snapshotter` used by Kata matches the one used by the operator - * Compare `nydus-snapshotter` version in Kata [versions.yaml](https://github.com/kata-containers/kata-containers/blob/main/versions.yaml#L325) with the [Makefile](https://github.com/confidential-containers/operator/blob/main/install/pre-install-payload/Makefile#L4) for the operator pre-install container. + * Compare the `nydus-snapshotter` version in Kata [versions.yaml](https://github.com/kata-containers/kata-containers/blob/main/versions.yaml) (search for `nydus-snapshotter` and check its `version` field) with the [Makefile](https://github.com/confidential-containers/operator/blob/main/install/pre-install-payload/Makefile) (check the `NYDUS_SNAPSHOTTER_VERSION` value) for the operator pre-install container. * **If they do not match, stop and open a PR now. In the PR, update the operator's Makefile to match the version used in kata. After the PR is merged, continue.** -- [ ] 4. :wrench: **Open a PR to the operator to update the release artifacts** +- [ ] 5. :wrench: **Open a PR to the operator to update the release artifacts** - Update the operator to use the payloads identified in steps 1, 2, and 3. + Update the operator to use the payloads identified in steps 1, 2, 3, and 4. Make sure that the operator pulls the most recent version of the pre-install container - * Find the last commit in the [pre-install directory](https://github.com/confidential-containers/operator/tree/main/install/pre-install-payload) - * As a sanity check, the sha hash of the last commit in that pre-install directory will correspond to a pre-install image in quay, i.e. a reqs-payload image [here](quay.io/confidential-containers/reqs-payload). - * Make sure that the commit matches the preInstall / postUninstall image specified for [enclave-cc CRD](https://github.com/confidential-containers/operator/blob/main/config/samples/enclave-cc/base/ccruntime-enclave-cc.yaml) and [ccruntime CRD](https://github.com/confidential-containers/operator/blob/main/config/samples/ccruntime/default/kustomization.yaml) - * If these do not match (for instance if you changed the snapshotter in step 3), update the operator so that they do match. - There are a number of places where the payloads are referenced. Make sure to update all of the following to the tag matching the latest commit hash from steps 1 and 2: + * Find the last commit in the [pre-install directory](https://github.com/confidential-containers/operator/tree/main/install/pre-install-payload) + * As a sanity check, the sha hash of the last commit in that pre-install directory will correspond to a pre-install image in quay, i.e. a reqs-payload image [here](https://quay.io/confidential-containers/reqs-payload). + * Make sure that the commit matches the preInstall / postUninstall image specified for [enclave-cc CRD](https://github.com/confidential-containers/operator/blob/main/config/samples/enclave-cc/base/ccruntime-enclave-cc.yaml) and [ccruntime CRD](https://github.com/confidential-containers/operator/blob/main/config/samples/ccruntime/default/kustomization.yaml) + * If these do not match (for instance if you changed the snapshotter in step 4), update the operator so that they do match. + + There are a number of places where the payloads are referenced. Make sure to update all of the following to the tag matching the latest commit hash from steps 1, 2, and 3: * Enclave CC: * [sim](https://github.com/confidential-containers/operator/blob/main/config/samples/enclave-cc/sim/kustomization.yaml) * [hw](https://github.com/confidential-containers/operator/blob/main/config/samples/enclave-cc/hw/kustomization.yaml) @@ -103,17 +110,17 @@ Identify/create the bundles that we will release for Kata and enclave-cc. * [peer-pods](https://github.com/confidential-containers/operator/blob/main/config/samples/ccruntime/peer-pods/kustomization.yaml) Note that we need the quay.io/confidential-containers/runtime-payload-ci registry and kata-containers-latest tag - **Also, update the [operator version](https://github.com/confidential-containers/operator/blob/main/config/release/kustomization.yaml#L7)** + **Also, update the [operator version](https://github.com/confidential-containers/operator/blob/main/config/release/kustomization.yaml) (update the `newTag` value)** ### Final Touches -- [ ] 5. :trophy: **Cut an operator release using the GitHub release tool** +- [ ] 6. :trophy: **Cut an operator release using the GitHub release tool** -- [ ] 6. :green_book: **Make sure to update the [release notes](https://github.com/confidential-containers/confidential-containers/tree/main/releases) and tag/release the confidential-containers repo using the GitHub release tool.** +- [ ] 7. :green_book: **Make sure to update the [release notes](https://github.com/confidential-containers/confidential-containers/tree/main/releases) and tag/release the confidential-containers repo using the GitHub release tool.** -- [ ] 7. :hammer: **Poke Wainer Moschetta (@wainersm) to update the release to the OperatorHub. Find the documented flow [here](https://github.com/confidential-containers/operator/blob/main/docs/OPERATOR_HUB.md).** +- [ ] 8. :hammer: **Poke Wainer Moschetta (@wainersm) to update the release to the OperatorHub. Find the documented flow [here](https://github.com/confidential-containers/operator/blob/main/docs/OPERATOR_HUB.md).** ### Post-release -- [ ] 8. :wrench: **Open a PR to the operator to go back to latest payloads after release** - After the release, the operator's payloads need to go back to what they were (e.g. using "latest" instead of a specific commit sha). As an example, step 4 for the v0.9.0-alpha0 release applied [these changes](https://github.com/confidential-containers/operator/pull/368/files), and for this step, you should use `git revert` to undo such changes you made during the release. +- [ ] 9. :wrench: **Open a PR to the operator to go back to latest payloads after release** + After the release, the operator's payloads need to go back to what they were (e.g. using "latest" instead of a specific commit sha). As an example, the v0.9.0-alpha1 release applied [these changes](https://github.com/confidential-containers/operator/pull/389/files). You should use `git revert -s` for this.