Update and document release process

Replace the rkt release process with a docker one.
Document the process that we follow for each release.

diff --git a/.gitignore b/.gitignore
index f130579..0d94fb8 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ bin/
 gopath/
 *.sw[ponm]
 .vagrant
+release-*

diff --git a/RELEASING.md b/RELEASING.md
new file mode 100644 (file)
index 0000000..dd1b7a9
--- /dev/null
+++ b/RELEASING.md
@@ -0,0 +1,34 @@
+# Release process
+
+## Resulting artifacts
+Creating a new release produces the following artifacts:
+
+- Binaries (stored in the `release-<TAG>` directory) :
+  - `cni-<PLATFORM>-<VERSION>.tgz` binaries
+  - `cni-<VERSION>.tgz` binary (copy of amd64 platform binary)
+  - `sha1`, `sha256` and `sha512` files for the above files.
+
+## Preparing for a release
+1. Releases are performed by maintainers and should usually be discussed and planned at a maintainer meeting.
+  - Choose the version number. It should be prefixed with `v`, e.g. `v1.2.3`
+  - Take a quick scan through the PRs and issues to make sure there isn't anything crucial that _must_ be in the next release.
+  - Create a draft of the release note
+  - Discuss the level of testing that's needed and create a test plan if sensible
+  - Check what version of `go` is used in the build container, updating it if there's a new stable release.
+
+## Creating the release artifacts
+1. Make sure you are on the master branch and don't have any local uncommitted changes.
+1. Create a signed tag for the release `git tag -s $VERSION` (Ensure that GPG keys are created and added to GitHub)
+1. Run the release script from the root of the repository
+  - `scripts/release.sh`
+  - The script requires Docker and ensures that a consistent environment is used.
+  - The artifacts will now be present in the `release-<TAG>` directory.
+1. Test these binaries according to the test plan.
+
+## Publishing the release
+1. Push the tag to git `git push origin <TAG>`
+1. Create a release on Github, using the tag which was just pushed.
+1. Attach all the artifacts from the release directory.
+1. Add the release note to the release.
+1. Announce the release on at least the CNI mailing, IRC and Slack.
+

diff --git a/scripts/release-with-rkt.sh b/scripts/release-with-rkt.sh
deleted file mode 100755 (executable)
index e7cf96f..0000000
--- a/scripts/release-with-rkt.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-set -xe
-
-SRC_DIR="${SRC_DIR:-$PWD}"
-
-FEDORA_INSTALL="dnf install -y golang tar xz bzip2 gzip sudo iproute wget"
-FEDORA_IMAGE="docker://fedora:25"
-ACBUILD_URL="https://github.com/appc/acbuild/releases/download/v0.2.2/acbuild.tar.gz"
-ACBUILD="acbuild --debug"
-BUILDFLAGS="-a --ldflags '-extldflags \"-static\"'"
-
-TAG=$(git describe --exact-match --abbrev=0) || TAG=$(git describe)
-RELEASE_DIR=release-${TAG}
-OUTPUT_DIR=bin
-
-rm -Rf ${SRC_DIR}/${RELEASE_DIR}
-mkdir -p ${SRC_DIR}/${RELEASE_DIR}
-
-sudo -E rkt run \
-    --volume src-dir,kind=host,source=$SRC_DIR \
-    --mount volume=src-dir,target=/opt/src \
-    --interactive \
-    --insecure-options=image \
-    --net=host \
-    --dns=host \
-    ${FEDORA_IMAGE} \
-    --exec /bin/bash \
-    -- -xe -c "\
-    ${FEDORA_INSTALL}; cd /opt/src; umask 0022; 
-    for arch in amd64 arm arm64 ppc64le s390x; do \
-        CGO_ENABLED=0 GOARCH=\$arch ./build.sh ${BUILDFLAGS}; \
-        for format in tgz; do \
-            FILENAME=cni-\$arch-${TAG}.\$format; \
-            FILEPATH=${RELEASE_DIR}/\$FILENAME; \
-            tar -C ${OUTPUT_DIR} --owner=0 --group=0 -caf \$FILEPATH .; \
-            if [ \"\$arch\" == \"amd64\" ]; then \
-                cp \$FILEPATH ${RELEASE_DIR}/cni-${TAG}.\$format; \
-            fi; \
-        done; \
-    done; \
-    wget -O - ${ACBUILD_URL} | tar -C /usr/bin -xzvf -; \
-    ${ACBUILD} begin; \
-    ${ACBUILD} set-name coreos.com/cni; \
-    ${ACBUILD} label add version ${TAG}; \
-    ${ACBUILD} copy --to-dir ${OUTPUT_DIR} /opt/cni/; \
-    ${ACBUILD} write ${RELEASE_DIR}/cni-${TAG}.aci; \
-    ${ACBUILD} end; \
-    pushd ${RELEASE_DIR}; for f in \$(ls); do sha1sum \$f > \$f.sha1; done; popd; \
-    chown -R ${UID} ${OUTPUT_DIR} ${RELEASE_DIR}; \
-    :"

diff --git a/scripts/release.sh b/scripts/release.sh
new file mode 100755 (executable)
index 0000000..37e2001
--- /dev/null
+++ b/scripts/release.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -xe
+
+SRC_DIR="${SRC_DIR:-$PWD}"
+BUILDFLAGS="-a --ldflags '-extldflags \"-static\"'"
+
+TAG=$(git describe --tags --dirty)
+RELEASE_DIR=release-${TAG}
+
+OUTPUT_DIR=bin
+
+# Always clean first
+rm -Rf ${SRC_DIR}/${RELEASE_DIR}
+mkdir -p ${SRC_DIR}/${RELEASE_DIR}
+
+docker run -i -v ${SRC_DIR}:/opt/src --rm golang:1.8-alpine \
+/bin/sh -xe -c "\
+    apk --no-cache add bash tar;
+    cd /opt/src; umask 0022;
+    for arch in amd64 arm arm64 ppc64le; do \
+        CGO_ENABLED=0 GOARCH=\$arch ./build.sh ${BUILDFLAGS}; \
+        for format in tgz; do \
+            FILENAME=cni-\$arch-${TAG}.\$format; \
+            FILEPATH=${RELEASE_DIR}/\$FILENAME; \
+            tar -C ${OUTPUT_DIR} --owner=0 --group=0 -caf \$FILEPATH .; \
+            if [ \"\$arch\" == \"amd64\" ]; then \
+                cp \$FILEPATH ${RELEASE_DIR}/cni-${TAG}.\$format; \
+            fi; \
+        done; \
+    done;
+    cd ${RELEASE_DIR};
+      for f in *.tgz; do sha1sum \$f > \$f.sha1; done;
+      for f in *.tgz; do sha256sum \$f > \$f.sha256; done;
+      for f in *.tgz; do sha512sum \$f > \$f.sha512; done;
+    cd ..
+    chown -R ${UID} ${OUTPUT_DIR} ${RELEASE_DIR}"