1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Merge pull request #17699 from jfrazelle/update-release-script-to-new-process

update release script and release process
This commit is contained in:
Tianon Gravi 2015-11-12 09:51:36 -08:00
commit 8b9856dbd7
4 changed files with 51 additions and 129 deletions

View file

@ -53,9 +53,6 @@ RUN apt-get update && apt-get install -y \
python-mock \ python-mock \
python-pip \ python-pip \
python-websocket \ python-websocket \
reprepro \
ruby1.9.1 \
ruby1.9.1-dev \
s3cmd=1.1.0* \ s3cmd=1.1.0* \
ubuntu-zfs \ ubuntu-zfs \
xfsprogs \ xfsprogs \
@ -107,9 +104,6 @@ RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint
&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \ && (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
&& go install -v github.com/golang/lint/golint && go install -v github.com/golang/lint/golint
# TODO replace FPM with some very minimal debhelper stuff
RUN gem install --no-rdoc --no-ri fpm --version 1.3.2
# Install registry # Install registry
ENV REGISTRY_COMMIT ec87e9b6971d831f0eff752ddb54fb64693e51cd ENV REGISTRY_COMMIT ec87e9b6971d831f0eff752ddb54fb64693e51cd
RUN set -x \ RUN set -x \

View file

@ -63,7 +63,6 @@ DEFAULT_BUNDLES=(
cover cover
cross cross
tgz tgz
ubuntu
) )
VERSION=$(< ./VERSION) VERSION=$(< ./VERSION)

View file

@ -22,16 +22,12 @@ To run, I need:
environment variables AWS_S3_BUCKET and AWS_S3_BUCKET_PATH (default: ''); environment variables AWS_S3_BUCKET and AWS_S3_BUCKET_PATH (default: '');
- to be provided with AWS credentials for this S3 bucket, in environment - to be provided with AWS credentials for this S3 bucket, in environment
variables AWS_ACCESS_KEY and AWS_SECRET_KEY; variables AWS_ACCESS_KEY and AWS_SECRET_KEY;
- the passphrase to unlock the GPG key specified by the optional environment
variable GPG_KEYID (default: releasedocker) which will sign the deb
packages (passed as environment variable GPG_PASSPHRASE);
- a generous amount of good will and nice manners. - a generous amount of good will and nice manners.
The canonical way to run me is to run the image produced by the Dockerfile: e.g.:" The canonical way to run me is to run the image produced by the Dockerfile: e.g.:"
docker run -e AWS_S3_BUCKET=test.docker.com \ docker run -e AWS_S3_BUCKET=test.docker.com \
-e AWS_ACCESS_KEY=... \ -e AWS_ACCESS_KEY=... \
-e AWS_SECRET_KEY=... \ -e AWS_SECRET_KEY=... \
-e GPG_PASSPHRASE=... \
-i -t --privileged \ -i -t --privileged \
docker ./hack/release.sh docker ./hack/release.sh
EOF EOF
@ -41,8 +37,6 @@ EOF
[ "$AWS_S3_BUCKET" ] || usage [ "$AWS_S3_BUCKET" ] || usage
[ "$AWS_ACCESS_KEY" ] || usage [ "$AWS_ACCESS_KEY" ] || usage
[ "$AWS_SECRET_KEY" ] || usage [ "$AWS_SECRET_KEY" ] || usage
[ "$GPG_PASSPHRASE" ] || usage
: ${GPG_KEYID:=releasedocker}
[ -d /go/src/github.com/docker/docker ] || usage [ -d /go/src/github.com/docker/docker ] || usage
cd /go/src/github.com/docker/docker cd /go/src/github.com/docker/docker
[ -x hack/make.sh ] || usage [ -x hack/make.sh ] || usage
@ -51,7 +45,6 @@ RELEASE_BUNDLES=(
binary binary
cross cross
tgz tgz
ubuntu
) )
if [ "$1" != '--release-regardless-of-test-failure' ]; then if [ "$1" != '--release-regardless-of-test-failure' ]; then
@ -261,69 +254,6 @@ release_build() {
upload_release_build "$tgzDir/$tgz" "$s3Dir/$tgz" "$latestTgz" upload_release_build "$tgzDir/$tgz" "$s3Dir/$tgz" "$latestTgz"
} }
# Upload the 'ubuntu' bundle to S3:
# 1. A full APT repository is published at $BUCKET/ubuntu/
# 2. Instructions for using the APT repository are uploaded at $BUCKET/ubuntu/index
release_ubuntu() {
echo "Releasing ubuntu"
[ -e "bundles/$VERSION/ubuntu" ] || {
echo >&2 './hack/make.sh must be run before release_ubuntu'
exit 1
}
local debfiles=( "bundles/$VERSION/ubuntu/"*.deb )
# Sign our packages
dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k "$GPG_KEYID" --sign builder "${debfiles[@]}"
# Setup the APT repo
APTDIR=bundles/$VERSION/ubuntu/apt
mkdir -p "$APTDIR/conf" "$APTDIR/db"
s3cmd sync "s3://$BUCKET/ubuntu/db/" "$APTDIR/db/" || true
cat > "$APTDIR/conf/distributions" <<EOF
Codename: docker
Components: main
Architectures: amd64 i386
EOF
# Add the DEB package to the APT repo
reprepro -b "$APTDIR" includedeb docker "${debfiles[@]}"
# Sign
for F in $(find $APTDIR -name Release); do
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
--armor --sign --detach-sign \
--output "$F.gpg" "$F"
done
# Upload keys
s3cmd sync "$HOME/.gnupg/" "s3://$BUCKET/ubuntu/.gnupg/"
gpg --armor --export "$GPG_KEYID" > "bundles/$VERSION/ubuntu/gpg"
s3cmd --acl-public put "bundles/$VERSION/ubuntu/gpg" "s3://$BUCKET/gpg"
local gpgFingerprint=36A1D7869245C8950F966E92D8576A8BA88D21E9
local s3Headers=
if [[ $BUCKET == test* ]]; then
gpgFingerprint=740B314AE3941731B942C66ADF4FD13717AAD7D6
elif [[ $BUCKET == experimental* ]]; then
gpgFingerprint=E33FF7BF5C91D50A6F91FFFD4CC38D40F9A96B49
s3Headers='--add-header=Cache-Control:no-cache'
fi
# Upload repo
s3cmd --acl-public $s3Headers sync "$APTDIR/" "s3://$BUCKET/ubuntu/"
cat <<EOF | write_to_s3 s3://$BUCKET/ubuntu/index
echo "# WARNING! This script is deprecated. Please use the script"
echo "# at https://get.docker.com/"
EOF
# Add redirect at /ubuntu/info for URL-backwards-compatibility
rm -rf /tmp/emptyfile && touch /tmp/emptyfile
s3cmd --acl-public --add-header='x-amz-website-redirect-location:/ubuntu/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET/ubuntu/info"
echo "APT repository uploaded. Instructions available at $(s3_url)/ubuntu"
}
# Upload binaries and tgz files to S3 # Upload binaries and tgz files to S3
release_binaries() { release_binaries() {
[ -e "bundles/$VERSION/cross/linux/amd64/docker-$VERSION" ] || { [ -e "bundles/$VERSION/cross/linux/amd64/docker-$VERSION" ] || {
@ -369,31 +299,10 @@ release_test() {
fi fi
} }
setup_gpg() {
echo "Setting up GPG"
# Make sure that we have our keys
mkdir -p "$HOME/.gnupg/"
s3cmd sync "s3://$BUCKET/ubuntu/.gnupg/" "$HOME/.gnupg/" || true
gpg --list-keys "$GPG_KEYID" >/dev/null || {
gpg --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 4096
Passphrase: $GPG_PASSPHRASE
Name-Real: Docker Release Tool
Name-Email: docker@docker.com
Name-Comment: $GPG_KEYID
Expire-Date: 0
%commit
EOF
}
}
main() { main() {
build_all build_all
setup_s3 setup_s3
setup_gpg
release_binaries release_binaries
release_ubuntu
release_index release_index
release_test release_test
} }
@ -407,7 +316,6 @@ echo "Use the following text to announce the release:"
echo echo
echo "We have just pushed $VERSION to $(s3_url). You can download it with the following:" echo "We have just pushed $VERSION to $(s3_url). You can download it with the following:"
echo echo
echo "Ubuntu/Debian: curl -sSL $(s3_url) | sh"
echo "Linux 64bit binary: $(s3_url)/builds/Linux/x86_64/docker-$VERSION" echo "Linux 64bit binary: $(s3_url)/builds/Linux/x86_64/docker-$VERSION"
echo "Darwin/OSX 64bit client binary: $(s3_url)/builds/Darwin/x86_64/docker-$VERSION" echo "Darwin/OSX 64bit client binary: $(s3_url)/builds/Darwin/x86_64/docker-$VERSION"
echo "Darwin/OSX 32bit client binary: $(s3_url)/builds/Darwin/i386/docker-$VERSION" echo "Darwin/OSX 32bit client binary: $(s3_url)/builds/Darwin/i386/docker-$VERSION"

View file

@ -203,7 +203,18 @@ That last command will give you the proper link to visit to ensure that you
open the PR against the "release" branch instead of accidentally against open the PR against the "release" branch instead of accidentally against
"master" (like so many brave souls before you already have). "master" (like so many brave souls before you already have).
### 7. Publish release candidate binaries ### 7. Build release candidate rpms and debs
```bash
docker build -t docker .
docker run \
--rm -t --privileged \
-v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
docker \
hack/make.sh binary build-deb build-rpm
```
### 8. Publish release candidate binaries
To run this you will need access to the release credentials. Get them from the To run this you will need access to the release credentials. Get them from the
Core maintainers. Core maintainers.
@ -214,20 +225,19 @@ Replace "..." with the respective credentials:
docker build -t docker . docker build -t docker .
docker run \ docker run \
-e AWS_S3_BUCKET=test.docker.com \ -e AWS_S3_BUCKET=test.docker.com \ # static binaries are still pushed to s3
-e AWS_ACCESS_KEY="..." \ -e AWS_ACCESS_KEY="..." \
-e AWS_SECRET_KEY="..." \ -e AWS_SECRET_KEY="..." \
-e GPG_PASSPHRASE="..." \ -i -t --privileged \
-i -t --privileged \ docker \
docker \ hack/release.sh
hack/release.sh
``` ```
It will run the test suite, build the binaries and packages, and upload to the It will run the test suite, build the binaries and upload to the specified bucket,
specified bucket, so this is a good time to verify that you're running against so this is a good time to verify that you're running against **test**.docker.com.
**test**.docker.com.
After the binaries and packages are uploaded to test.docker.com, make sure After the binaries are uploaded to test.docker.com and the packages are on
apt.dockerproject.org and yum.dockerproject.org, make sure
they get tested in both Ubuntu and Debian for any obvious installation they get tested in both Ubuntu and Debian for any obvious installation
issues or runtime issues. issues or runtime issues.
@ -242,7 +252,7 @@ Announcing on multiple medias is the best way to get some help testing! An easy
way to get some useful links for sharing: way to get some useful links for sharing:
```bash ```bash
echo "Ubuntu/Debian: https://test.docker.com/ubuntu or curl -sSL https://test.docker.com/ | sh" echo "Ubuntu/Debian: curl -sSL https://test.docker.com/ | sh"
echo "Linux 64bit binary: https://test.docker.com/builds/Linux/x86_64/docker-${VERSION#v}" echo "Linux 64bit binary: https://test.docker.com/builds/Linux/x86_64/docker-${VERSION#v}"
echo "Darwin/OSX 64bit client binary: https://test.docker.com/builds/Darwin/x86_64/docker-${VERSION#v}" echo "Darwin/OSX 64bit client binary: https://test.docker.com/builds/Darwin/x86_64/docker-${VERSION#v}"
echo "Darwin/OSX 32bit client binary: https://test.docker.com/builds/Darwin/i386/docker-${VERSION#v}" echo "Darwin/OSX 32bit client binary: https://test.docker.com/builds/Darwin/i386/docker-${VERSION#v}"
@ -257,7 +267,7 @@ We recommend announcing the release candidate on:
- The [docker-maintainers](https://groups.google.com/a/dockerproject.org/forum/#!forum/maintainers) group - The [docker-maintainers](https://groups.google.com/a/dockerproject.org/forum/#!forum/maintainers) group
- Any social media that can bring some attention to the release candidate - Any social media that can bring some attention to the release candidate
### 8. Iterate on successive release candidates ### 9. Iterate on successive release candidates
Spend several days along with the community explicitly investing time and Spend several days along with the community explicitly investing time and
resources to try and break Docker in every possible way, documenting any resources to try and break Docker in every possible way, documenting any
@ -307,7 +317,7 @@ git push -f $GITHUBUSER bump_$VERSION
Repeat step 6 to tag the code, publish new binaries, announce availability, and Repeat step 6 to tag the code, publish new binaries, announce availability, and
get help testing. get help testing.
### 9. Finalize the bump branch ### 10. Finalize the bump branch
When you're happy with the quality of a release candidate, you can move on and When you're happy with the quality of a release candidate, you can move on and
create the real thing. create the real thing.
@ -323,25 +333,36 @@ git commit --amend
You will then repeat step 6 to publish the binaries to test You will then repeat step 6 to publish the binaries to test
### 10. Get 2 other maintainers to validate the pull request ### 11. Get 2 other maintainers to validate the pull request
### 11. Publish final binaries ### 12. Build final rpms and debs
```bash
docker build -t docker .
docker run \
--rm -t --privileged \
-v $(pwd)/bundles:/go/src/github.com/docker/docker/bundles \
docker \
hack/make.sh binary build-deb build-rpm
```
### 13. Publish final binaries
Once they're tested and reasonably believed to be working, run against Once they're tested and reasonably believed to be working, run against
get.docker.com: get.docker.com:
```bash ```bash
docker build -t docker .
docker run \ docker run \
-e AWS_S3_BUCKET=get.docker.com \ -e AWS_S3_BUCKET=get.docker.com \ # static binaries are still pushed to s3
-e AWS_ACCESS_KEY="..." \ -e AWS_ACCESS_KEY="..." \
-e AWS_SECRET_KEY="..." \ -e AWS_SECRET_KEY="..." \
-e GPG_PASSPHRASE="..." \ -i -t --privileged \
-i -t --privileged \ docker \
docker \ hack/release.sh
hack/release.sh
``` ```
### 12. Apply tag and create release ### 14. Apply tag and create release
It's very important that we don't make the tag until after the official It's very important that we don't make the tag until after the official
release is uploaded to get.docker.com! release is uploaded to get.docker.com!
@ -360,12 +381,12 @@ You can see examples in this two links:
https://github.com/docker/docker/releases/tag/v1.8.0 https://github.com/docker/docker/releases/tag/v1.8.0
https://github.com/docker/docker/releases/tag/v1.8.0-rc3 https://github.com/docker/docker/releases/tag/v1.8.0-rc3
### 13. Go to github to merge the `bump_$VERSION` branch into release ### 15. Go to github to merge the `bump_$VERSION` branch into release
Don't forget to push that pretty blue button to delete the leftover Don't forget to push that pretty blue button to delete the leftover
branch afterwards! branch afterwards!
### 14. Update the docs branch ### 16. Update the docs branch
You will need to point the docs branch to the newly created release tag: You will need to point the docs branch to the newly created release tag:
@ -384,7 +405,7 @@ distributed CDN system) is flushed. The `make docs-release` command will do this
_if_ the `DISTRIBUTION_ID` is set correctly - this will take at least 15 minutes to run _if_ the `DISTRIBUTION_ID` is set correctly - this will take at least 15 minutes to run
and you can check its progress with the CDN Cloudfront Chrome addon. and you can check its progress with the CDN Cloudfront Chrome addon.
### 15. Create a new pull request to merge your bump commit back into master ### 17. Create a new pull request to merge your bump commit back into master
```bash ```bash
git checkout master git checkout master
@ -398,14 +419,14 @@ echo "https://github.com/$GITHUBUSER/docker/compare/docker:master...$GITHUBUSER:
Again, get two maintainers to validate, then merge, then push that pretty Again, get two maintainers to validate, then merge, then push that pretty
blue button to delete your branch. blue button to delete your branch.
### 16. Update the VERSION files ### 18. Update the VERSION files
Now that version X.Y.Z is out, time to start working on the next! Update the Now that version X.Y.Z is out, time to start working on the next! Update the
content of the `VERSION` file to be the next minor (incrementing Y) and add the content of the `VERSION` file to be the next minor (incrementing Y) and add the
`-dev` suffix. For example, after 1.5.0 release, the `VERSION` file gets `-dev` suffix. For example, after 1.5.0 release, the `VERSION` file gets
updated to `1.6.0-dev` (as in "1.6.0 in the making"). updated to `1.6.0-dev` (as in "1.6.0 in the making").
### 17. Rejoice and Evangelize! ### 19. Rejoice and Evangelize!
Congratulations! You're done. Congratulations! You're done.