Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document build, QA and release process #1196

Open
eloquence opened this issue Dec 8, 2020 · 5 comments
Open

Document build, QA and release process #1196

eloquence opened this issue Dec 8, 2020 · 5 comments
Labels
docs

Comments

@eloquence
Copy link
Member

eloquence commented Dec 8, 2020
edited
Loading

For the upcoming release 0.4.0 (#1189) we're again testing from the current nightlies on apt-test. We've previously agreed that we want to formalize the release process given the complexity and velocity of SecureDrop Client development. A formalized process will likely include:

  • use of release branches
  • upload of RC packages to apt-test.

We can resolve this issue once we have a docs PR merged that describes the process we want to use for the next release after 0.4.0.
@eloquence eloquence added the docs label Dec 8, 2020
@eloquence eloquence mentioned this issue Feb 8, 2021
Open
@eloquence
Copy link
Member Author

I think we can start with simply documenting the process we'll use for 0.4.1 on the wiki.

@eloquence
Copy link
Member Author

eloquence commented Mar 3, 2021
edited
Loading

Per chat w/ Mickael and Allie, we've agreed that for 0.4.1, we'll still use the nightlies for testing. We may want to do so for most point releases and hotfixes. For the next "minor" version level updates (e.g.,. 0.4.1->0.5.0; the minor level has historically denoted quite significant changes like read/unread), we may want to use the release branch + RC model.

As we improve our build pipeline (e.g., https://github.com/freedomofpress/securedrop-debian-packages-lfs/issues/35), we may be able to move away from ever using nightlies for pre-release testing, but for now, this seems to represent a good compromise to maintain release velocity.

@eloquence eloquence changed the title Formalize QA and release process Document build, QA and release process Jan 5, 2022
@eloquence
Copy link
Member Author

eloquence commented Jan 5, 2022
edited
Loading

As discussed in the 0.5.0/0.51 release retro, the sole use of nightlies for QA meant that we did not detect a build discrepancy with the final production release artifact before it was shipped to users. This is a good reason to at least formalize pre-flight QA with production release artifacts, e.g., using apt-qa.freedom.press. Adding documentation of our release process going forward as a sprint candidate to the next sprint.

Such documentation should ideally include recommendations for the build environment, e.g., the configuration and use of disposable VMs in Qubes.

@cfm
Copy link
Member

cfm commented Jan 5, 2022

I've posted a draft of an "Artifact Flow" diagram to the SecureDrop wiki. Revisions and feedback welcome!

@sssoleileraaa
Copy link
Contributor

Keeping this open, even though we have better documentation at this point (see recent changes in https://github.com/freedomofpress/securedrop-workstation/wiki#release for instance). Information is a bit scattered, so let's keep this open until we update the client readme to point to at least point the correct places in a step by step guide.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eloquence @cfm @sssoleileraaa