This document details the steps to create a release for
cluster-api-provider-metal3 aka CAPM3.
NOTE: Always follow release documentation from the main branch. Release documentation in release branches may be outdated.
Things you should check before making a release:
- Check the Metal3 release process for high-level process and possible follow-up actions
- Use the
./hack/verify-release.shscript as helper to identify possible issues to be addressed before creating any release tags. It verifies issues like:- Verify CAPI go module is uplifted in root,
api/andtest/go modules andcluster-api/testmodule intest/go module. Prior art: #1157 - Verify controller Go modules use latest corresponding CAPI modules. Prior art: #1145
- Verify BMO's
apisandpkg/hardwareutilsdependencies are the latest. Prior art: #1163 - Uplift IPAM
apidependency, container image version , and manifest resource . Prior art: #999 - Verify any other direct or indirect dependency is uplifted to close any public vulnerabilities
- Verify CAPI go module is uplifted in root,
Creating a release requires repository write permissions for:
- Tag pushing
- Branch creation
- GitHub Release publishing
These permissions are implicit for the org admins and repository admins.
Release team member gets his/her permissions via metal3-release-team
membership. This GitHub team has the required permissions in each repository
required to release CAPM3. Adding person to the team gives him/her the necessary
rights in all relevant repositories in the organization. Individual persons
should not be given permissions directly.
CAPM3 uses semantic versioning.
- Regular releases:
v1.x.y - Beta releases:
v1.x.y-beta.z - Release candidate releases:
v1.x.y-rc.z
- Clone the repository:
git clone git@github.com:metal3-io/cluster-api-provider-metal3
or if using existing repository, make sure origin is set to the fork and
upstream is set to metal3-io. Verify if your remote is set properly or not
by using following command git remote -v.
- Fetch the remote (
metal3-io):git fetch upstreamThis makes sure that all the tags are accessible.
-
Switch to the main branch:
git checkout main -
Create a new branch for the release notes**:
git checkout -b release-notes-1.x.x origin/main -
Generate the release notes:
RELEASE_TAG=v1.x.x make release-notes- Replace
v1.x.xwith the new release tag you're creating. - This command generates the release notes here
releasenotes/<RELEASE_TAG>.md.
- Replace
-
Next step is to clean up the release note manually.
- If release is not a beta or release candidate, check for duplicates, reverts, and incorrect classifications of PRs, and whatever release creation tagged to be manually checked.
- For any superseded PRs (like same dependency uplifted multiple times, or commit revertion) that provide no value to the release, move them to Superseded section. This way the changes are acknowledged to be part of the release, but not overwhelming the important changes contained by the release.
-
Commit your changes, push the new branch and create a pull request:
- The commit and PR title should be 🚀 Release v1.x.y:
git commit -S -s -m ":rocket: Release v1.x.x"git push -u origin release-notes-1.x.x
- Important! The commit should only contain the release notes file, nothing else, otherwise automation will not work.
- The commit and PR title should be 🚀 Release v1.x.y:
-
Ask maintainers and release team members to review your pull request.
Once PR is merged following GitHub actions are triggered:
- GitHub action
Create Releaseruns following jobs:- GitHub job
push_release_tagswill create and push the tags. This action will also create release branch if its missing and release isrcor minor. - GitHub job
create draft releasecreates draft release. Don't publish the release until release tag is visible in. Running actions are visible on the Actions page, and draft release will be visible on top of the Releases. If the release you're making is not a new major release, new minor release, or a new patch release from the latest release branch, uncheck the box for latest release. If it is a release candidate (RC) or a beta release, tick pre-release box. - GitHub job
build_CAPM3builds release image with the release tag, and pushes it to Quay. Make sure the release tag is visible in Quay tags page. If the release tag build is not visible, check if the action has failed and retrigger as necessary.
- GitHub job
We need to verify all release artifacts are correctly built or generated by the release workflow.
We can use ./hack/verify-release.sh to check for existence of release artifacts,
which should include the following:
Git tags pushed:
- Primary release tag:
v1.x.y - Go module tags:
api/v1.x.y,test/v1.x.y
Container images at Quay registry:
Files included in the release page:
- A manifest file -
infrastructure-components.yaml - A metadata file -
metadata.yaml - A cluster template -
cluster-template.yaml - A file containing an example of variables to set -
example_variables.rc
After everything is checked out, hit the Publish button your GitHub draft
release!
Some post-release actions are needed if new minor or major branch was created.
Branch protection rules need to be applied to the new release branch. Copy the
settings after the previous release branch, with the exception of
Required tests selection. Required tests can only be selected after new
keywords are implemented in Jenkins JJB, and in project-infra, and have been run
at least once in the PR targeting the branch in question.
NOTE: Branch protection rules need repository admin rights to modify.
Organization admins and security team members can help you.
Update README.md with release specific information, both on main and
in the new release-1.x branch as necessary.
In the release-1.x branch, update the build badges in the README.md to point
to correct Jenkins jobs, so the build statuses of the release branch are
visible.
Further additional actions are required in the Metal3 project after CAPM3 release. For that, please continue following the instructions provided in Metal3 release process