2015-08-15 09:21:46 -04:00
|
|
|
# Releasing Rails
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
In this document, we'll cover the steps necessary to release Rails. Each
|
|
|
|
section contains steps to take during that time before the release. The times
|
|
|
|
suggested in each header are just that: suggestions. However, they should
|
2011-08-04 14:27:26 -04:00
|
|
|
really be considered as minimums.
|
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
## 10 Days before release
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
Today is mostly coordination tasks. Here are the things you must do today:
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
### Is the CI green? If not, make it green. (See "Fixing the CI")
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
Do not release with a Red CI. You can find the CI status here:
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
```
|
2019-04-08 21:58:49 -04:00
|
|
|
https://buildkite.com/rails/rails
|
2015-08-15 09:21:46 -04:00
|
|
|
```
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
### Do we have any Git dependencies? If so, contact those authors.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2012-08-11 02:19:51 -04:00
|
|
|
Having Git dependencies indicates that we depend on unreleased code.
|
|
|
|
Obviously Rails cannot be released when it depends on unreleased code.
|
2011-08-04 14:27:26 -04:00
|
|
|
Contact the authors of those particular gems and work out a release date that
|
2011-08-12 20:23:16 -04:00
|
|
|
suits them.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2022-05-18 19:04:29 -04:00
|
|
|
### Announce your plans to the rest of the team on Campfire
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2022-05-18 19:04:29 -04:00
|
|
|
Let them know of your plans to release.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
### Update each CHANGELOG.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
Many times commits are made without the CHANGELOG being updated. You should
|
2011-08-04 14:27:26 -04:00
|
|
|
review the commits since the last release, and fill in any missing information
|
|
|
|
for each CHANGELOG.
|
|
|
|
|
|
|
|
You can review the commits for the 3.0.10 release like this:
|
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
```
|
|
|
|
[aaron@higgins rails (3-0-10)]$ git log v3.0.9..
|
|
|
|
```
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2011-11-14 06:29:57 -05:00
|
|
|
If you're doing a stable branch release, you should also ensure that all of
|
2021-01-19 15:43:24 -05:00
|
|
|
the CHANGELOG entries in the stable branch are also synced to the main
|
2011-11-14 06:29:57 -05:00
|
|
|
branch.
|
|
|
|
|
2022-05-18 19:04:29 -04:00
|
|
|
## Day of release
|
|
|
|
|
2022-09-09 16:34:27 -04:00
|
|
|
If making multiple releases. Publish them in order from oldest to newest, to
|
|
|
|
ensure that the "greatest" version also shows up in NPM and GitHub Releases as
|
|
|
|
"latest".
|
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
### Put the new version in the RAILS_VERSION file.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
Include an RC number if appropriate, e.g. `6.0.0.rc1`.
|
2011-11-14 12:08:24 -05:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
### Build and test the gem.
|
2011-11-14 12:08:24 -05:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
Run `rake verify` to generate the gems and install them locally. `verify` also
|
|
|
|
generates a Rails app with a migration and boots it to smoke test with in your
|
|
|
|
browser.
|
2016-05-07 10:41:23 -04:00
|
|
|
|
2011-11-18 14:22:18 -05:00
|
|
|
This will stop you from looking silly when you push an RC to rubygems.org and
|
2015-05-13 16:03:43 -04:00
|
|
|
then realize it is broken.
|
2011-11-14 12:08:24 -05:00
|
|
|
|
2022-09-09 16:34:27 -04:00
|
|
|
### Check credentials for RubyGems, npm, and GitHub
|
|
|
|
|
|
|
|
For npm run `npm whoami` to check that you are logged in (`npm login` if not).
|
|
|
|
|
|
|
|
For RubyGems run `gem login`. If there's no output you are logged in.
|
|
|
|
|
|
|
|
For GitHub run `gh auth status` to check that you are logged in (run `gh login` if not).
|
|
|
|
|
|
|
|
npm and RubyGems require MFA. The release task will attempt to use a yubikey if
|
|
|
|
available, which as we have release several packages at once is strongly
|
|
|
|
recommended. Check that `ykman oath accounts list` has an entry for both
|
|
|
|
`npmjs.com` and `rubygems.org`, if not refer to
|
|
|
|
https://tenderlovemaking.com/2021/10/26/publishing-gems-with-your-yubikey.html
|
|
|
|
for setup instructions.
|
|
|
|
|
2019-01-09 08:09:51 -05:00
|
|
|
### Release to RubyGems and npm.
|
|
|
|
|
|
|
|
IMPORTANT: Several gems have JavaScript components that are released as npm
|
|
|
|
packages, so you must have Node.js installed, have an npm account (npmjs.com),
|
|
|
|
and be a package owner for `@rails/actioncable`, `@rails/actiontext`,
|
|
|
|
`@rails/activestorage`, and `@rails/ujs`. You can check this by making sure your
|
|
|
|
npm user (`npm whoami`) is listed as an owner (`npm owner ls <pkg>`) of each
|
|
|
|
package. Do not release until you're set up with npm!
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
The release task will sign the release tag. If you haven't got commit signing
|
2019-03-12 17:14:36 -04:00
|
|
|
set up, use https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work as a
|
2017-07-22 15:16:04 -04:00
|
|
|
guide. You can generate keys with the GPG suite from here: https://gpgtools.org.
|
|
|
|
|
|
|
|
Run `rake changelog:header` to put a header with the new version in every
|
|
|
|
CHANGELOG. Don't commit this, the release task handles it.
|
|
|
|
|
2019-05-12 05:59:14 -04:00
|
|
|
Run `rake release`. This will populate the gemspecs and npm package.json with
|
2016-05-07 10:41:23 -04:00
|
|
|
the current RAILS_VERSION, commit the changes, tag it, and push the gems to
|
|
|
|
rubygems.org.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2022-09-09 16:34:27 -04:00
|
|
|
### Make GitHub Releases from pushed tags
|
|
|
|
|
|
|
|
We use GitHub Releases to publish the combined release summary for all gems. We
|
|
|
|
can use a rake task and [GitHub cli](https://cli.github.com/) to do this
|
|
|
|
(releases can also be created or edited on the web).
|
|
|
|
|
|
|
|
```
|
|
|
|
bundle exec rake changelog:release_summary > ../6-1-7-release-summary.md
|
|
|
|
gh release create v6.1.7 -R rails/rails -F ../6-1-7-release-summary.md
|
|
|
|
```
|
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
### Send Rails release announcements
|
2011-08-04 14:27:26 -04:00
|
|
|
|
|
|
|
Write a release announcement that includes the version, changes, and links to
|
2017-07-22 15:16:04 -04:00
|
|
|
GitHub where people can find the specific commit list. Here are the mailing
|
2011-08-04 14:27:26 -04:00
|
|
|
lists where you should announce:
|
|
|
|
|
2021-08-29 17:02:56 -04:00
|
|
|
* [rubyonrails-core](https://discuss.rubyonrails.org/c/rubyonrails-core)
|
|
|
|
* [rubyonrails-talk](https://discuss.rubyonrails.org/c/rubyonrails-talk)
|
2011-08-04 14:27:26 -04:00
|
|
|
* ruby-talk@ruby-lang.org
|
|
|
|
|
2017-07-22 15:16:04 -04:00
|
|
|
Use Markdown format for your announcement. Remember to ask people to report
|
2011-08-04 14:27:26 -04:00
|
|
|
issues with the release candidate to the rails-core mailing list.
|
|
|
|
|
2017-10-31 13:53:37 -04:00
|
|
|
NOTE: For patch releases, there's a `rake announce` task to generate the release
|
2017-07-22 15:16:04 -04:00
|
|
|
post. It supports multiple patch releases too:
|
|
|
|
|
|
|
|
```
|
|
|
|
VERSIONS="5.0.5.rc1,5.1.3.rc1" rake announce
|
|
|
|
```
|
|
|
|
|
2011-08-04 15:00:06 -04:00
|
|
|
IMPORTANT: If any users experience regressions when using the release
|
2017-07-22 15:16:04 -04:00
|
|
|
candidate, you *must* postpone the release. Bugfix releases *should not*
|
2011-08-04 14:27:26 -04:00
|
|
|
break existing applications.
|
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
### Post the announcement to the Rails blog.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2022-09-09 16:34:27 -04:00
|
|
|
The blog at https://rubyonrails.org/blog is built from
|
|
|
|
https://github.com/rails/website.
|
|
|
|
|
|
|
|
Create a file named like
|
|
|
|
`_posts/$(date +'%F')-Rails-<versions>-have-been-released.markdown`
|
|
|
|
|
|
|
|
Add YAML frontmatter
|
|
|
|
```
|
|
|
|
---
|
|
|
|
layout: post
|
|
|
|
title: 'Rails <VERSIONS> have been released!'
|
|
|
|
categories: releases
|
|
|
|
author: <your handle>
|
|
|
|
published: true
|
|
|
|
date: <YYYY-MM-DD or `date +%F`>
|
|
|
|
---
|
|
|
|
```
|
|
|
|
|
|
|
|
Use the markdown generated by `rake announce` earlier as a base for the post.
|
|
|
|
Add some context for users as to the purpose of this release (bugfix/security).
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2022-09-09 16:34:27 -04:00
|
|
|
If this is a part of the latest release series, update `_data/version.yml` so
|
|
|
|
that the homepage points to the latest version.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
### Post the announcement to the Rails Twitter account.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2022-05-18 19:04:29 -04:00
|
|
|
## Security releases
|
2011-08-16 19:30:29 -04:00
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
### Emailing the Rails security announce list
|
2011-08-16 19:30:29 -04:00
|
|
|
|
2011-08-16 20:39:58 -04:00
|
|
|
Email the security announce list once for each vulnerability fixed.
|
2011-08-04 14:27:26 -04:00
|
|
|
|
|
|
|
You can do this, or ask the security team to do it.
|
|
|
|
|
2011-08-16 20:39:58 -04:00
|
|
|
Email the security reports to:
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2011-08-16 20:39:58 -04:00
|
|
|
* rubyonrails-security@googlegroups.com
|
2012-06-12 17:34:44 -04:00
|
|
|
* oss-security@lists.openwall.com
|
2011-08-04 14:27:26 -04:00
|
|
|
|
|
|
|
Be sure to note the security fixes in your announcement along with CVE numbers
|
2017-07-22 15:16:04 -04:00
|
|
|
and links to each patch. Some people may not be able to upgrade right away,
|
2011-08-04 14:27:26 -04:00
|
|
|
so we need to give them the security fixes in patch form.
|
|
|
|
|
|
|
|
* Blog announcements
|
|
|
|
* Twitter announcements
|
2016-11-21 14:38:03 -05:00
|
|
|
* Merge the release branch to the stable branch
|
2011-08-04 14:27:26 -04:00
|
|
|
* Drink beer (or other cocktail)
|
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
## Misc
|
2011-08-04 14:27:26 -04:00
|
|
|
|
2015-08-15 09:21:46 -04:00
|
|
|
### Fixing the CI
|
2011-08-04 14:27:26 -04:00
|
|
|
|
|
|
|
There are two simple steps for fixing the CI:
|
|
|
|
|
|
|
|
1. Identify the problem
|
|
|
|
2. Fix it
|
|
|
|
|
2016-02-04 12:59:28 -05:00
|
|
|
Repeat these steps until the CI is green.
|