-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Release Process
The google
and google-beta
providers release new minor versions approximately once a week, and major versions approximately once a year. Patch releases are created on an as-needed basis for emergency bugfixes (such as if a popular resource has become unusable in a minor version). The google
and google-beta
provider versions are kept in sync.
Releases are run by the Bug Onduty, releasing the prior BOD's tag on the Monday of their BOD week, and creating a new tag for the next week on Wednesday.
-
Ensure that you do this before 12:00pm PST. If you don't, confirm whether we have someone from HashiCorp around to support in case something goes wrong. If not, make the release the next day.
-
Confirm that the release branches are ready and the changelogs are merged - last week's onduty should have created them.
- Check that the latest commit SHA on the release branch matches the TeamCity build number for the Tuesday night (Wednesday morning) run
- Check the style of the changelog (the On Wednesday section has a bullet point with common violations to look for)
- Merge the changelog PRs
-
Kick off the release process for TPG, substituting your remote name for the provider repo if it is not
upstream
, typicallyorigin
git pull upstream --tags
git checkout release-X.Y.Z
git tag vX.Y.Z
git push upstream vX.Y.Z
This will trigger a Github Action to run the release for the tagged commit.
-
Wait until the previous step is successful. Double-check
releases.hashicorp.com/terraform-provider-google
shows the current release. Failure often requires manual cleanup so it's better to not cause manual work on multiple builds. -
Confirm that the release notes for the published GitHub release are correct.
- The release workflow creates the release notes automatically from the CHANGELOG, and relies on it being in a standardised format.
-
Kick off the release process for TPGB.
git pull upstream --tags
git checkout release-X.Y.Z
git tag vX.Y.Z
git push upstream vX.Y.Z
This will trigger a Github Action to run the release for the tagged commit.
-
Wait until the previous step is successful. Double-check
releases.hashicorp.com/terraform-provider-google-beta
shows the current release. -
Confirm that the release notes for the published GitHub release are correct.
- The release workflow creates the release notes automatically from the CHANGELOG, and relies on it being in a standardised format.
-
After the release has been confirmed, update the CHANGELOG on
main
branch TPG & TPGB repositories with the correct headers- The simplest way to make this change is to use the GitHub UI and make a PR against
main
: TPG changelog and TPGB changelog - The newly released header will need the correct release date. ex:
## 3.18.0 (April 20, 2020)
- The top of the changelog should have the next unreleased version as a heading. ex:
## 3.19.0 (Unreleased)
- The simplest way to make this change is to use the GitHub UI and make a PR against
- Identify the commit SHA used by the builds from this morning, for both TPG and TPGB.
- To do this, navigate to the GA and Beta providers' nightly test projects in TeamCity Cloud.
- Note: As of Sept'24 the nightly test builds run off
refs/heads/nightly-test
instead of main.- This branch is recreated each night. For more info see this PR.
- Note: As of Sept'24 the nightly test builds run off
- Click on any of the package build configurations listed in a project to view its past builds.
- Find the build that was triggered on today's date.
- The commit SHA tested in the nightly tests for that provider can be found by either of these methods:
- Looking at the build's id ; all builds triggered in nightly tests set their id as the shortened version of the commit SHA
- Clicking on the build and searching for "build.vcs.number" in the Parameters tab
- Note: The
refs/heads/nightly-test
branch is empty, so the commit SHA will match the base commit from main branch that you need when making release branches later.
- To do this, navigate to the GA and Beta providers' nightly test projects in TeamCity Cloud.
- For each repository, run the following release-cutting script, filling in values as appropriate.
# Fixed values- consider setting them in `.bash_profile` or `bashrc`
# REMOTE is the name of the primary repo's remote on your machine. Typically `upstream` or `origin`
REMOTE=upstream
# MM_REPO should point to your checked-out copy of the GoogleCloudPlatform/magic-modules repo
MM_REPO="path/to/magic-modules"
# https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token, no permissions
export GITHUB_TOKEN=
# Fill these in each time
# COMMIT_SHA is build.vcs.number in TeamCity
COMMIT_SHA=
RELEASE_VERSION=4.XX.0
PREVIOUS_RELEASE_VERSION=4.XX.0
COMMIT_SHA_OF_LAST_RELEASE=`git merge-base main v${PREVIOUS_RELEASE_VERSION}`
REPO_NAME=$(basename $(git rev-parse --show-toplevel))
# use [ -n "$COMMIT_SHA" ] to make sure COMMIT_SHA is set, `git checkout` is a valid command on its own
git pull $REMOTE main --tags && [ -n "$COMMIT_SHA" ] && git checkout $COMMIT_SHA && git checkout -b release-$RELEASE_VERSION && git push -u $REMOTE release-$RELEASE_VERSION
COMMIT_SHA_OF_LAST_COMMIT_IN_CURRENT_RELEASE=`git rev-list -n 1 HEAD`
go install github.com/paultyng/changelog-gen@master
changelog-gen -repo $REPO_NAME -branch main -owner hashicorp -changelog ${MM_REPO}/.ci/changelog.tmpl -releasenote ${MM_REPO}/.ci/release-note.tmpl -no-note-label "changelog: no-release-note" $COMMIT_SHA_OF_LAST_RELEASE $COMMIT_SHA_OF_LAST_COMMIT_IN_CURRENT_RELEASE
open https://github.com/hashicorp/$REPO_NAME/edit/release-$RELEASE_VERSION/CHANGELOG.md
Note: go install github.com/paultyng/changelog-gen@91f787dc0cf1eedf016a444740cd28a4f1370e4
for Go 1.17+
Using this commit is necessary to get a version that supports the -no-note-label
flag.
Note: If you see the following error: zsh: command not found: changelog-gen
, make sure to change the shell from zsh
to bash
.
- We want to be reasonably confident that new releases are not introducing new bugs. Go through every test failure in the nightly builds for both GA and Beta:
- To see all test failures for a given nightly test run:
- Look at the Change Log tab for a given project (GA Change Log, Beta Change Log) and find the commit used to cut the release for that provider. Click on the commit SHA and navigate to the
Problems & Tests
tab on the new page. The page will list all test failures linked to that change.
- Look at the Change Log tab for a given project (GA Change Log, Beta Change Log) and find the commit used to cut the release for that provider. Click on the commit SHA and navigate to the
- In general, failing tests will fall into the following categories:
- Old bugs / test failures. These are tests which have been failing consistently with the same error since prior to the previous release. Search for the test name (and/or error message and/or resource) in Issues and create an issue if none exists. Label as a bug if the underlying behavior is also broken, and as a "test failure" otherwise.
- Flakey tests. These are tests which have been failing occasionally with the same error (or set of errors) for some time. It could be an issue with the test code, an inconsistent API response, or a quota issue. Search for the test name (and/or error message and/or resource) in Issues and create an issue if none exists. If you're not sure if a test is flakey, try to get it to pass in CI / locally. Label as "test failure"
-
New bugs. This is a test which you can confirm is failing due to a change in behavior that is new to this release, including non-destructive permadiffs. The preferred action to take is:
- Revert the change(s) on the release branch in TPG and TPGB.
- Revert the change(s) in magic-modules. For the release note, set
Revert: <release note from reverted PR>
to ensure that the revert will be caught during changelog review.- Notify the reverted PR's author about the revert and ask them to resend the PR with a fix for the bug.
- Manually run TPB/TPGB tests in TeamCity that are potentially impacted by any reverts.
- To see all test failures for a given nightly test run:
- Update the CHANGELOG as needed
- Ask the team if you have questions about any of their changelogs
- The generated changelog will have a section at the top for PRs it doesn’t know what to do with, which is any PR without the “changelog: no-release-note” label and without a release note or with an unrecognised release note type
- Any PRs that were already released (e.g., as part of a patch release) need to be removed
- This can be done by just adding a “changelog: no-release-note” label to them
- Any style guide violations should, as a best effort and as time permits, be fixed. The usual suspects are:
- Not starting with a service
- Starting with a resource instead of a service
- Starting with a service, but including it within `` marks (this was a case of mistaken guidance telling people the wrong thing)
- Not using the past tense--a changelog is read from the perspective of a user looking for what we did in a release, and so should be written in past tense
- Not describing the change from a user’s perspective. Our user’s don’t know what “computed” means, so it’s not helpful to tell them we made a field computed in a release. A better way to phrase it is to focus on the user impact: “fixed spurious diffs in
google_compute_instance
when no description is set”.
- After fixing style violations, make sure that the entries in each section are ordered alphabetically
- Make sure to only include beta-only release notes in the terraform-provider-google-beta CHANGELOG
- When you do include them, remove
(beta)
from the end of any beta-only release notes
- When you do include them, remove
- Double-check for semver compliance--make sure we’re not accidentally releasing breaking changes as part of a minor release, etc.
- Send the PR against the release branch to the team, allowing them to review the changelog. Ensure that you respond to comments and merge it before Friday so that the release shepherd next week is not delayed.
In general cherrypicks should only be used to fix bugs with extreme impact, similar to the qualifications for a backport. For example, if Terraform failed to work entirely (i.e. a crash during plan or apply), a "perma-destroy" issue (a perma-diff on a ForceNew
field), dropped resources from state inadvertently, or deleted a resource bypassing plan, a cherry-pick may be appropriate. A perma-diff alone is generally not a qualifier.
Features should generally never be cherry-picked, and should wait for the next release instead. Cherry-picking features incentivizes rushing a change in, and if we miss making an integration test run it's possible we won't catch failing tests introduced by the new feature.
Delaying a release so that it includes a change is roughly identical to a cherry-pick, and we should generally only do it for a reason we would cherry-pick.
For both google
and google-beta
as appropriate, prior to creating the changelog:
- Identify the Git SHA of the commit you intend to include
- Run
git cherry-pick {{sha}}
- Add an appropriate changelog entry in CHANGELOG.md, or verify that the entry was already added
- Determine the appropriate set of tests to run. As a general rule-of-thumb, consider the following categories. In the case of ambiguities, more testing should be preferred.
- If the change impacts provider-wide files like common helper functions, provider.go/config.go (other than resource registrations), resources referenced across services like
google_compute_instance
andgoogle_storage_bucket
, etc., run tests against the whole provider. - If the change impacts multiple resources in a service, the central resource in a service (i.e.
google_cloud_run_service
in Cloud Run), or a reference value run tests against the entire service. - If the change impacts a single resource file, run tests against the resource.
- If the change impacts provider-wide files like common helper functions, provider.go/config.go (other than resource registrations), resources referenced across services like
- For running tests in TeamCity, use the
Upstream MM Testing
project to run a custom build (userefs/heads/release-X.Y.Z
as the build branch; adjust the TEST_PREFIX parameter as needed) - Next week, ensure that the entry is removed from the changelog. Responsibility falls on the cherrypicker.
Given an out-of-band change to the API that causes issues for users of old TPG releases, we're able to release backports with cherry-picked changes into past major release series (1.X
, 2.X
, etc.). However, there are significant downsides to backports and we want to use them only when necessary.
- "Users using backports in N.X who wish to upgrade to the next major release series will need to upgrade to to
N+1.Y
, whereY
is the minor/patch version that the change was introduced.- Massive jumps should be safe, but we've experienced in practice that there are often minor incompatibilities that can accumulate within a release. While going from
X.Y
->X.Y+1
is almost always safe, jumping directly toX.Y+10
occasionally isn't.
- Massive jumps should be safe, but we've experienced in practice that there are often minor incompatibilities that can accumulate within a release. While going from
- Users may demand backports for issues impacting them specifically
- Backports may cause users to stay on old major release series for longer. We don't run integration tests using old versions so they may behave unexpectedly as the API changes underneath them, particularly as defaults are added/changed or new fields added to existing nested objects. Additionally users will miss out on preventative fixes, new features, etc.
Releasing a backport immediately before another major release is especially dangerous, as it may cause users to stay 2 major releases behind HEAD. As such, we should consider these criteria when cutting one:
- When was the last major release?
- ~6 months after a release is probably sufficient time for users to have upgraded, and leaves a window until our next major release.
- What is the issue? Is there a workaround?
- Failures in
Read
cause users to be completely unable to work with a resource, including verifying that their current config is stable to upgrade. - Crashes, particularly in
Read
, are even worse. They cause the provider to be unable to be used on entire configs withouttarget
.
- Failures in
- How cleanly will the backport apply?
- Resources like GKE may have drifted significantly since the last major version. If the backport behaves subtly differently than the code @ HEAD, users may have no viable alternative.
For both google
and google-beta
as appropriate:
- Checkout the
release-X.Y.Z
branch of the last release in the major release series. - Create a new
release-X.Y.Z+1
branch. - Cherrypick the change to the new branch by following Making a cherrypick.
- Be sure to add a
NOTES
entry to the changelog mentioning which future release includes the fix. eg:2.20.3 is a backport release, and some changes will not appear in 3.X series releases until 3.11.0.
. - If there is a breaking change, update the upgrade guide for that release with the same note.
- Commit the changes and push the new branch to be reviewed by a team member.
- Run the release process following On Monday, except you will not need to update
main
at the end. - Fix up the release notes for your release: you might need to remove a large chunk of changelog history.