docs: Attempt to flesh out the different release responsibilities #20851
Conversation
Signed-off-by: Ryan Hamilton <[email protected]>
Signed-off-by: Ryan Hamilton <[email protected]>
|
/assign @mattklein123 |
|
I have a few questions which I've noted as "TODO" in the doc. Hopefully we can sort them out :) |
|
couple of general points re release/patches i think its important that we keep the stable branches' CI working. If we dont it makes it harder to land patches and see actual breakages etc. It also makes it harder to backport anything as every PR requires a senior maintainer to push past breakages. ~related to this point. As release managers are not maintainers they generally cant land PRs - so even with a non-broken release branch, PRs need still to be assigned/reviewed. Im wondering if it is worth having a rotation for a "release maintainer" that shadows the release manager, and can land PRs etc Ideally we need to also account for non-security-patch releases on supported branches - if for no other reason than so we can address eg container issues in a timely fashion. I think it would be a good thing to make it easier to land/test/release on the stable branches, outside of sec patches, and encouraging more bug-fix backports wrt to the first point - i think we can/should add some scheduled CI to make sure the stable branches are passing |
There was a problem hiding this comment.
Thanks for working on this. I left one major comment about the stability/security split, and I think @phlax also left a lot of good comments. Not all of them are actionable in this PR but we could use them to guide some of the text and future work.
/wait
RELEASES.md
Outdated
| TODO(RyanTheOptimist): It seems to me that we have two kinds of releases and it would be helpful for | ||
| this doc to make a clear distinction between them. For the sake of argument, I've called them | ||
| "Major Release" (v1.22) and "Security Releases" (v1.22.1, etc). Does this terminology work? |
There was a problem hiding this comment.
I think we effectively have 3 (well 2 with 1 having 2 subtypes):
- Major release
- Minor release (security)
- Minor release (stability)
The release mechanics for 2 and 3 are very similar, there is just more private coordination required for 2.
There was a problem hiding this comment.
Oh, interesting. I wasn't aware that we did minor releases for non-security reasons. Are these ad-hoc releases, or are they scheduled in some way? Presumably we should talk about these releases in this doc somewhere?
There was a problem hiding this comment.
They are basically ad-hoc and best effort. It's essentially if someone wants to do the work. I agree we should discuss this option and make it clear that it's best effort and requires people to volunteer for release work.
There was a problem hiding this comment.
Ok, I've updated this section to hopefully make this point clear. WDYT?
RELEASES.md
Outdated
| Major releases are handled by Matt Klein ([mattklein123](https://github.com/mattklein123)) | ||
| or Alyssa Wilk ([alyssawilk](https://github.com/alyssawilk)) and do not involve any backports. |
There was a problem hiding this comment.
It would be nice if other people did this. :)
There was a problem hiding this comment.
Completely agree :) Should we set up a rotation? I'd be happy to add a column to the schedule below.
Are there any steps in the stable release process with require a repo admin? (I seem to recall needing repo admin help from repo admins in the security release process).
There was a problem hiding this comment.
Sure a rotation would be great. I think it might require an admin to actually make the release (I'm not sure) but that is a tiny step.
There was a problem hiding this comment.
I talked to @alyssawilk about this and she proposed making this the responsibility of the on-call maintainer, which makes a lot of sense to me. It's not much work in the grand scheme of things so it should fit nicely on that person's plate.
Signed-off-by: Ryan Hamilton <[email protected]>
RELEASES.md
Outdated
| TODO(RyanTheOptimist): It seems to me that we have two kinds of releases and it would be helpful for | ||
| this doc to make a clear distinction between them. For the sake of argument, I've called them | ||
| "Major Release" (v1.22) and "Security Releases" (v1.22.1, etc). Does this terminology work? |
There was a problem hiding this comment.
Oh, interesting. I wasn't aware that we did minor releases for non-security reasons. Are these ad-hoc releases, or are they scheduled in some way? Presumably we should talk about these releases in this doc somewhere?
RELEASES.md
Outdated
| Major releases are handled by Matt Klein ([mattklein123](https://github.com/mattklein123)) | ||
| or Alyssa Wilk ([alyssawilk](https://github.com/alyssawilk)) and do not involve any backports. |
There was a problem hiding this comment.
Completely agree :) Should we set up a rotation? I'd be happy to add a column to the schedule below.
Are there any steps in the stable release process with require a repo admin? (I seem to recall needing repo admin help from repo admins in the security release process).
|
Another issue i want to flag is around release versioning Historically we had a ~bitrot issue where version histories contained links to removed code that was causing docs builds to fail (and a ton of workarounds to make links point to vaguely relevant current code) As a result, i added "intersphinx mappings" which allows us to point to specific published versions in version histories, so the links should theoretically remain correct - they are essentially permalinked This also however, complexifies the release process for a few reasons
all in all, it means that quite specific sets of steps are required for releasing either from main or from a release branch, and that the steps have to be done in roughly the correct order. some of this can most likely be automated, but one difficulty is automating updating ref links in the version history file as its not easily parsable/editable programatically i will try to figure out a smoother workflow and automate what i can. For now im going to manually clean up the version histories on |
Sounds great. It'd be great to write this up when you get this worked out (which I assume is already your plan :>) |
I think we can probably use the on-call maintainer for this role. WDYT? |
Signed-off-by: Ryan Hamilton <[email protected]>
|
/assign @alyssawilk |
Release stepsPosting some notes and steps i have taken re release Release, versions and version mappingswe always want/need the on current Steps requiredusing the release branch that i have just worked on (v1.19.4), these are ~the steps i had to take before release (on release branch):
after release (on release branch):
after release (on
(to be comprehensive we may wish to do ^^ step on all newer release branches not just after release (on
regarding editing the almost certainly a bunch of this can be automated altho there are some issues, eg:
|
|
re "release maintainer" mho is that it would be better working on same cycle as release for a few reasons
just my 2p tho - i think anything we can do to make it clearer/easier to contribute is a good thing we may also want to make more use of milestones for tracking (patch) releases and related tickets/blockers/etc |
| responsible for approving and merging backports. The Fix Lead is a member of the security | ||
| team and is responsible for coordinating the overall release. This includes identifying | ||
| issues to be fixed in the release, communications with the Envoy community, and the | ||
| actual mechanics of the release itself. |
There was a problem hiding this comment.
do we want to link to the docs here? is there anything private in the doc?
AFIK the release manager generally responsible for doing backports for releases.
Also somewhere maybe we should outline all the responsibilities for the role? Right now they're docced up here https://docs.google.com/document/d/1AnIqmJlGlN0nZaxDme2uMjcO9VJxIokGDMYsq2IZM98/edit but we could fold the content in here and delete that doc?
There was a problem hiding this comment.
Oh, I didn't realize that doc existed. I added a link to it. But I'd be happy to inline it here, if you think that would be better?
There was a problem hiding this comment.
yeah I think inlining would be better but you're already voluntering for enough improvements so your call :-)
There was a problem hiding this comment.
Will do! But I'll do it in a follow up so as not to drag this PR out any longer.
| * Begin marshalling the ongoing PR flow in this repo. Ask maintainers to hold off merging any | ||
| particularly risky PRs until after the release is tagged. This is because we aim for main to be | ||
| at release candidate quality at all times. | ||
| * Do a final check of the [release notes](docs/root/version_history/current.rst): |
There was a problem hiding this comment.
no - not here - this branch wants to keep links to its own version - we only update the ref: links after a release
in the case of a release from main (described as "major release" here) we want to update the ref: links for the v1.X.Y.rst files after the release has happened
this is because main is now on a new (pending) version so the just released version has now become historical - any future branches will also carry the updated ref: s
to use a concrete example - at the point of just happened v1.22.0:
- when release happens
current.rsthas links with no version prefix - after release
v1.22.0is now historical so all links need to be updated onmain - on the
release/v1.22branch (and patches cut from it) the links from allv1.22.x.rstfiles will always not have the link prefix as the version is contemporaneous
There was a problem hiding this comment.
@phlax Can you suggest text to be added here?
There was a problem hiding this comment.
i think the text here is fine - its below that we need to update....
|
re release process im experimenting with some CI which will at least flag some of the issues - like the recent one we had with a as i work on it ill try and figure out any autofix/mate opportunities |
Signed-off-by: Ryan Hamilton <[email protected]>
Signed-off-by: Ryan Hamilton <[email protected]>
| * Make sure we tweet the new release: either have Matt do it or email [email protected] and ask them to do an Envoy account | ||
| post. | ||
| * Do a new PR to setup the next version | ||
| * Update [VERSION.txt](VERSION.txt) to the next development release. E.g., "1.7.0-dev". |
There was a problem hiding this comment.
* Edit `docs/conf.py` adding a version to `intersphinx_mapping`, eg:
\```python
'v1.16': ('https://www.envoyproxy.io/docs/envoy/v1.16.0', None),
\```
this should work for now - there is another step required to sync inventories and use a local copy - but some missing railway track for that
There was a problem hiding this comment.
lets not worry about this for now and i will either try to automate or add relevant docs
if we dont resolve this, it will cause issues down the road, and has mostly been forgotten, so ill try to prioritize automating this update, or making it unnecessary
|
So these are examples of the PRs required before/after a patch release (in this case v1.20.3): beforeClose the release branch (make non-dev, fix version and update current)afterUpdate version_history/inventory on
|
| responsible for approving and merging backports. The Fix Lead is a member of the security | ||
| team and is responsible for coordinating the overall release. This includes identifying | ||
| issues to be fixed in the release, communications with the Envoy community, and the | ||
| actual mechanics of the release itself. |
There was a problem hiding this comment.
yeah I think inlining would be better but you're already voluntering for enough improvements so your call :-)
There was a problem hiding this comment.
@RyanTheOptimist thanks for working on this
mostly, im feeling lets land and iterate
would be good to remove the instructions for updating the website now i think, as these will be almost immediately obsolete
i can update/remove anything else after as we change stuff
| tag build to make sure that the final docker images get pushed along with | ||
| the final docs. The final documentation will end up in the | ||
| [envoy-website repository](https://github.com/envoyproxy/envoy-website/tree/main/docs/envoy). | ||
| * Update the website ([example PR](https://github.com/envoyproxy/envoy-website/pull/148)) for the new release. |
There was a problem hiding this comment.
lets just remove this - its not quite correct, and is about to be obsolete
| * Make sure we tweet the new release: either have Matt do it or email [email protected] and ask them to do an Envoy account | ||
| post. | ||
| * Do a new PR to setup the next version | ||
| * Update [VERSION.txt](VERSION.txt) to the next development release. E.g., "1.7.0-dev". |
There was a problem hiding this comment.
lets not worry about this for now and i will either try to automate or add relevant docs
if we dont resolve this, it will cause issues down the road, and has mostly been forgotten, so ill try to prioritize automating this update, or making it unnecessary
There was a problem hiding this comment.
Thanks for the review @phlax
If this work for you, I'm happy to land it and we can iterate form there...
| responsible for approving and merging backports. The Fix Lead is a member of the security | ||
| team and is responsible for coordinating the overall release. This includes identifying | ||
| issues to be fixed in the release, communications with the Envoy community, and the | ||
| actual mechanics of the release itself. |
There was a problem hiding this comment.
Will do! But I'll do it in a follow up so as not to drag this PR out any longer.
| tag build to make sure that the final docker images get pushed along with | ||
| the final docs. The final documentation will end up in the | ||
| [envoy-website repository](https://github.com/envoyproxy/envoy-website/tree/main/docs/envoy). | ||
| * Update the website ([example PR](https://github.com/envoyproxy/envoy-website/pull/148)) for the new release. |
|
@mattklein123 Are you good with this merging and we can continue to iterate? |
…voyproxy#20851) Signed-off-by: Ryan Hamilton <[email protected]>
Signed-off-by: Ryan Hamilton [email protected]
docs: Attempt to flesh out the different release responsibilitiesRisk Level:
Testing: N/A
Docs Changes: RELEASES.md
Release Notes: N/A
Platform Specific Features: N/A