Documentation/contributor-guide/release.md
The guide talks about how to release a new version of etcd.
The procedure includes some manual steps for sanity checking, but it can probably be further scripted. Please keep this document up-to-date if making changes to the release process.
Under the leadership of James Blair @jmhbnz and Ivan Valdes Castillo @ivanvc, the following pool of release candidates manages the release of each etcd major/minor version as well as manages patches to each stable release branch. They are responsible for communicating the timelines and status of each release and for ensuring the stability of the release branch.
All release version numbers follow the format of semantic versioning 2.0.0.
base:release-<major>-<minor>). The k8s infra cherry pick robot /cherrypick <branch> PR chatops command may be used to automatically generate cherrypick PRs.[GH XXXX] at the head of the change line to reference the Pull Request that introduces the change. Moreover, add a link on it to jump to the Pull Request.release-note label and explain them in the NEWS file, as a straightforward summary of changes for end-users.The etcd project aims to release a new patch version if any of the following conditions are met:
There are some prerequisites, which should be done before the release process. These are one-time operations, which don't need to be executed before releasing each version.
.go-version file.etcd-development.gcloud auth logingcloud auth configure-dockergh auth login succeeds for the GitHub account you use to contribute to etcd,
and that gh auth status has a clean exit and doesn't show any issues.At least one day before the release:
kubernetes/org pull request (example PR) to ensure members of the release team are added to the release github team.On the day of the release:
Verify you can pass the authentication to the image registries,
docker login gcr.iodocker login quay.io
Your Vault Items on the right side.Password of quay.io.Share on the top right, and set expiration as 1 hour and only available to the release person using his/her email.Copy Link then send the link to the release person via slack or email.Clone the etcd repository and checkout the target branch,
git clone --branch release-3.X [email protected]:etcd-io/etcd.gitRun the release script under the repository's root directory, replacing ${VERSION} with a value without the v prefix, i.e. 3.5.13.
DRY_RUN=false ./scripts/release.sh ${VERSION}
NOTE: When doing a pre-release (i.e., a version from the main branch, 3.6.0-alpha.2), you will need to explicitly set the branch to main:
DRY_RUN=false BRANCH=main ./scripts/release.sh ${VERSION}
It generates all release binaries under the directory /tmp/etcd-release-${VERSION}/etcd/release/ and images. Binaries are pushed to the Google Cloud bucket
under project etcd-development, and images are pushed to quay.io and gcr.io.
It is advisable to do a dry run before the actual release. This will create a /tmp directory. Do NOT forget to remove this directory before the actual release.
DRY_RUN=true BRANCH=${BRANCH} ./scripts/release.sh ${VERSION}
Publish the release page on GitHub
Announce to the etcd-dev googlegroup
Follow the format of previous release emails sent to [email protected], see an example below. After sending out the email, ask one of the mailing list maintainers to approve the email from the pending list. Additionally, label the release email as Release.
Hello,
etcd v3.4.30 is now public!
https://github.com/etcd-io/etcd/releases/tag/v3.4.30
Thanks to everyone who contributed to the release!
etcd team
Update the changelog to reflect the correct release date.
Paste the release link to the issue raised in Step 1 and close the issue.
Raise a follow-up kubernetes/org pull request to return the GitHub release team to empty, least privilege state.
Crease a new stable branch through git push origin release-${VERSION_MAJOR}.${VERSION_MINOR} if this is a new major or minor stable release.
Re-generate a new password for quay.io if needed (e.g. shared to a contributor who isn't in the release team, and we should rotate the password at least once every 3 months).
Bump the new etcd release in Kubernetes, refer to Bump etcd Version in Kubernetes.
master branch)Timeouts pushing binaries - If binaries fail to fully upload to Google Cloud storage, the script must be re-run using the same command. Any artifacts that are already pushed will be overwritten to ensure they are correct. The storage bucket does not use object versioning so incorrect files cannot remain.
Timeouts pushing images - It is rare, although possible for connection timeouts to occur when publishing etcd release images to quay.io or gcr.io. If this occurs, it is known to be safe to rerun the release script command appending the --no-upload flag, and image uploads will gracefully resume.
GPG vs SSH signing - The release scripts assume that git tags will be signed with a GPG key. Since 2022 GitHub has supported signing commits and tags using ssh. Until further release script updates are completed you will need to disable this feature in your ~/.gitconfig and revert to signing via GPG to perform etcd releases.