Skip to content

Latest commit

 

History

History
98 lines (83 loc) · 5.01 KB

release.md

File metadata and controls

98 lines (83 loc) · 5.01 KB

Releasing a new version of the security-profiles-operator

A new security-profiles-operator release can be done by overall three Pull Requests (PRs). Please ensure that no other PRs got merged in between. This can be achieved by opening a new Release vx.y.z issue and applying the tide/merge-blocker label if appropriate.

The overall process should not take longer than a couple of minutes, but it is required to have one of the repository owners at hand to be able to merge the PRs.

Run the ./hack/release.sh x.y.z script by replacing the appropriate version. The script basically:

  • bumps the VERSION file to the target version
  • changes the images newName/newTag fields of ./deploy/kustomize-deployment/kustomization.yaml from gcr.io/k8s-staging-sp-operator/security-profiles-operator to registry.k8s.io/security-profiles-operator/security-profiles-operator (newName) and the corresponding tag (newTag). has to be run and the changes have to be committed.
  • changes the image in the CatalogSource in the same way at ./examples/olm/install-resources.yaml
  • changes hack/ci/e2e-olm.sh to sed "s#registry.k8s.io/security-profiles-operator/security-profiles-operator-catalog:v0.0.0#${CATALOG_IMG}#g" instead of "s#gcr.io/k8s-staging-sp-operator/security-profiles-operator-catalog:latest#${CATALOG_IMG}#g" (please note to change the version v0.0.0 to the upcoming release)
  • updates ./dependencies.yaml spo-current version as well as its linked files. Run make verify-dependencies to verify the results.
  • updates ./hack/deploy-localhost.patch to match the new deployment
  • updates ./deploy/base/clusterserviceversion.yaml to change replaces to the latest available version on OperatorHub as well as update the containerImage.
  • runs make bundle

Create a new PR from the proposed changes and wait for the CI to succeed.

After this PR has been merged, we have to watch out the successful build of the container image via the automatically triggered post-security-profiles-operator-push-image post submit job in prow. All jobs of this type can be found either on the commit status on the main branch or in prow directly.

If the image got built successfully, then we can create a second PR to the k8s.io GitHub repository. This PR promotes the built container images (the manifest as well as the builds for amd64 and arm).

We can use the tool kpromo to allow easier retrieval and modification of the necessary container image digests. To run the tool from $GOPATH/src/sigs.k8s.io/promo-tools, just execute:

> export GITHUB_TOKEN=<YOUR_TOKEN>
> kpromo pr \
    --fork <YOUR_GH_USERNAME> \
    --project sp-operator \
    --tag v0.x.y

This will automatically create a PR in the k/k8s.io repository. If this PR got merged, then we're finally ready to create the release directly on GitHub and add the release notes. The release notes can be generated by the official Kubernetes Release Notes tool.

Run make nix-spoc and attach the results from the build directory to the GitHub release.

After that, run the ./hack/back-to-dev.sh script, which will:

Create a new pull request in the OperatorHub.io community operators repository to add the new version like in this PR.

The last step about the release creation is to send a release announcement to the #security-profiles-operator Slack channel.