Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

next: new release on 2024-07-01 (40.20240701.1.0) #916

Closed
43 tasks done
c4rt0 opened this issue Jun 19, 2024 · 7 comments
Closed
43 tasks done

next: new release on 2024-07-01 (40.20240701.1.0) #916

c4rt0 opened this issue Jun 19, 2024 · 7 comments

Comments

@c4rt0
Copy link
Member

c4rt0 commented Jun 19, 2024

First, verify that you meet all the prerequisites

Edit the issue title to include today's date. Once the pipeline spits out the new version ID, you can append it to the title e.g. (31.20191117.1.0).

Pre-release

Promote next-devel changes to next

Manual alternative

Sometimes you need to run the process manually like if you need to add an extra commit to change something in manifest.yaml. The steps for this are:

Build

Sanity-check the build

Using the the build browser for the next stream:

  • Verify that the parent commit and version match the previous next release (in the future, we'll want to integrate this check in the release job)
    • x86_64
    • aarch64
    • ppc64le
    • s390x
  • Check kola extended upgrade runs to make sure they didn't fail
    • x86_64
    • aarch64
    • ppc64le
    • s390x
  • Check kola AWS runs to make sure they didn't fail
    • x86_64
    • aarch64
  • Check kola OpenStack runs to make sure they didn't fail
    • x86_64
    • aarch64
  • Check kola Azure run to make sure it didn't fail
    • x86_64
  • Check kola GCP runs to make sure they didn't fail
    • x86_64
    • aarch64

⚠️ Release ⚠️

IMPORTANT: this is the point of no return here. Once the OSTree commit is
imported into the unified repo, any machine that manually runs rpm-ostree upgrade will have the new update.

Run the release job

  • Run the release job, filling in for parameters next and the new version ID
  • Post a link to the job as a comment to this issue
  • Wait for job to finish

At this point, Cincinnati will see the new release on its next refresh and create a corresponding node in the graph without edges pointing to it yet.

Refresh metadata (stream and updates)

  • Wait for all releases that will be released simultaneously to reach this step in the process
  • Go to the rollout workflow, click "Run workflow", and fill out the form
Rollout general guidelines
Risk Day of the week Rollout Start Time Time allocation
risky Tuesday 2PM UTC 72H
common Tuesday 2PM UTC 48H
rapid Tuesday 2PM UTC 24H

When setting a rollout start time ask "when would be the best time to react to
any errors or regressions from updates?". Commonly we select 2PM UTC so that the
rollout's start at 10am EST(±1 for daylight savings), but these can be fluid and
adjust after talking with the fedora-coreos IRC. Note, this is impacted by the
day of the week and holidays.

The later in the week the release gets held up due to unforeseen issues the more
likely the rollout time allocation will need to shrink or the release will need
to be deferred.

Manual alternative
  • Make sure your fedora-coreos-stream-generator binary is up-to-date.

From a checkout of this repo:

  • Update stream metadata, by running:
fedora-coreos-stream-generator -releases=https://fcos-builds.s3.amazonaws.com/prod/streams/next/releases.json  -output-file=streams/next.json -pretty-print
  • Add a rollout. For example, for a 48-hour rollout starting at 10 AM ET the same day, run:
./rollout.py add next <version> "10 am ET today" 48
  • Commit the changes and open a PR against the repo
Update graph manual check
curl -H 'Accept: application/json' 'https://updates.coreos.fedoraproject.org/v1/graph?basearch=x86_64&stream=next&rollout_wariness=0'
curl -H 'Accept: application/json' 'https://updates.coreos.fedoraproject.org/v1/graph?basearch=aarch64&stream=next&rollout_wariness=0'
curl -H 'Accept: application/json' 'https://updates.coreos.fedoraproject.org/v1/graph?basearch=ppc64le&stream=next&rollout_wariness=0'
curl -H 'Accept: application/json' 'https://updates.coreos.fedoraproject.org/v1/graph?basearch=s390x&stream=next&rollout_wariness=0'

NOTE: In the future, most of these steps will be automated.

Housekeeping

  • If one doesn't already exist, open an issue in this repo for the next release in this stream. Use the approximate date of the release in the title.
  • Issues opened via the previous link will automatically create a linked Jira card. Assign the GitHub issue and Jira card to the next person in the rotation.
@marmijo
Copy link
Member

marmijo commented Jun 27, 2024

This will be a barrier release due to coreos/fedora-coreos-tracker#1752. See the checklist in: coreos/fedora-coreos-tracker#1752 (comment).

@marmijo
Copy link
Member

marmijo commented Jul 1, 2024

Promotion PR: coreos/fedora-coreos-config#3044

@marmijo
Copy link
Member

marmijo commented Jul 1, 2024

Build Jobs:

@marmijo marmijo changed the title next: new release on 2024-07-01 next: new release on 2024-07-01 (40.20240630.1.0) Jul 2, 2024
@marmijo
Copy link
Member

marmijo commented Jul 2, 2024

We're restarting the next release process to include a fix for: CVE-2024-6387: OpenSSH 9.8: regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems

@marmijo
Copy link
Member

marmijo commented Jul 2, 2024

Build Jobs (40.20240701.1.0):

@marmijo marmijo changed the title next: new release on 2024-07-01 (40.20240630.1.0) next: new release on 2024-07-01 (40.20240701.1.0) Jul 2, 2024
@marmijo
Copy link
Member

marmijo commented Jul 3, 2024

@marmijo
Copy link
Member

marmijo commented Jul 3, 2024

Rollout PR: #919

@marmijo marmijo closed this as completed Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants