-
-
Notifications
You must be signed in to change notification settings - Fork 55
Maintainer's Release Workflow
This page contains a step-by-step guide to releasing OpenCoarrays. In the future I hope to automate this further, based on watching for tags, however, for right now these steps are manual. In addition, I have created a page dedicated to the standard release notes template where a preview of the template can be seen, and the raw markdown can easily be copied to the clipboard.
You should have a GPG key setup, with a public key pushed to the key servers and signed by other OpenCoarrays developers, and publicized in the appropriate locations, such as keybase.io. However, you can create a release without the GPG signature, and another OpenCoarrays maintainer can verify and sign the package after the fact since we always used detached signatures. Unfortunately setting up GPG is a pain, and there are a number of different good, but tin-foil-hat-y tutorials out there. I recommend just using https://gpgtools.org/ to setup and maintain your GPG public key.
In addition, you'll need to verify that the package builds locally, and passes all the tests after tagging it, and before releasing it. It's a good idea to do a sanity check using the release archive as well.
Please DO NOT tag a release from the github web interface! This creates a dangling commit object that then gets tagged. The OpenCoarrays build system contains logic to embed the version number in builds when built from version control so that we may assist users in their debugging efforts. If you tag a release from the GitHub web interface, you will break this functionality.
This functionality uses git describe
to return version numbers like 2.7.1-38-g90cfb59
which indicate the current version is 38 commits ahead of the last tag (2.7.1) on commit g90cfb59
, allowing a precise mapping and checkout of the source code used to build that version of OpenCoarrays. If you create a tag based on a dangling commit object using the GitHub web interface, say version 2.8.0, then git describe
will not give the "correct" answer, it will say, e.g., 2.7.1-41-0123abcd
instead of 2.8.1-3-0123dcba
.
- Turn off branch protection on
main
for administrators in the settings. -
git checkout main
and get the latest versiongit pull origin main
- Edit and commit the version number in
.VERSION
- Create a signed tag (if you have GPG setup, or an annotated tag if you don't):
- For a signed tag:
git tag -s x.y.z <commit-sha>
- For an annotated tag:
git tag -a x.y.z <commit-sha>
- For a signed tag:
- Checkout the tag:
git checkout <x.y.z>
- Build, test, install and uninstall OpenCoarrays to ensure that everything works as expected:
cmake -B build -Wdev . cd build make -j 4 install ctest --output-on-failure make uninstall
- Generate the source archive, the cryptographic checksums, and, if possible, the detached GPG signature of the cryptographic checksum using:
make dist
- Verify checksum, and signatures (if present):
-
shasum -c opencoarrays-<x.y.z>-SHA256.txt
on macOS orsha256sum -c opencoarrays-<x.y.z>-SHA256.txt
on Linux gpg --verify opencoarrays-<x.y.z>-SHA256.txt.asc
gpg --verify OpenCoarrays-<x.y.z>.tar.gz.asc
-
- Extract and test the source archive outside of the git project, using sudo privileges if possible:
mkdir ~/tmp cp OpenCoarrays-<x.y.z>.tar.gz ~/tmp cd ~/tmp tar -xvf OpenCoarrays-<x.y.z>.tar.gz cd OpenCoarrays-<x.y.z> cmake -B build -Wdev . cd build sudo make -j 4 install caf --version # double check things look ok caf --show cafrun --version cafrun --show sudo ctest --output-on-failure sudo make uninstall cd ~/tmp sudo rm -r OpenCoarrays-<x.y.z>
- If everything is looking good, then push the tags and release!
git push --tags origin
- Draft a new release or edit current draft (https://github.com/sourceryinstitute/OpenCoarrays/releases)
- Upload to the release assets area, NOT just in the text of the release:
OpenCoarrays-<x.y.z>.tar.gz
opencoarrays-<x.y.z>-SHA256.txt
OpenCoarrays-<x.y.z>.tar.gz.asc
(if gpg signed)
opencoarrays-<x.y.z>-SHA256.txt.asc
(if gpg signed)
- Select
<x.y.z>
as the version to release and ensure that it says✔️ Existing tag
below it. You may need to refresh your browser or wait for the GitHub interface to realize you've pushed up your tag. - You should copy the release notes template as the starting point for the release message in github and edit the description of the release and the links that have comments saying they need to be updated.
- Re-enable branch protection for main for administrators and prevent users from pushing to main in settings
- Profit! (And checkout main locally so you're not on a detatched head:
git checkout main
) -
Optional further steps: Submit a PR to update Homebrew:
- Copy the sha256 hash from
opencoarrays-<x.y.z>-SHA256.txt
to your clipboard - Navigate to https://github.com/sourceryinstitute/OpenCoarrays/releases so you can get ready to copy the link to the release asset; it should look like:
https://github.com/sourceryinstitute/OpenCoarrays/releases/download/<x.y.z>/OpenCoarrays-<x.y.z>.tar.gz
- Make sure
HOMEBREW_DEVELOPER=1
andHOMBREW_FORCE_VENDOR_RUBY=1
are set andexport
ed in your environment - Run:
If all goes well a page like https://github.com/Homebrew/homebrew-core/pull/45035 will open with your PR in the browser
brew bump-formula-pr --strict --url=https://github.com/sourceryinstitute/OpenCoarrays/releases/download/<x.y.z>/OpenCoarrays-<x.y.z>.tar.gz --sha256=<paste sha245 from clipboard> --verbose opencoarrays
- Copy the sha256 hash from