Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document the new release process for Rustup #3844

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

jdno
Copy link
Member

@jdno jdno commented May 28, 2024

The Rustup release process has historically been a manual process that involved copying files from S3 to the local machine and back to S3. This introduced a high risk of human error. When modifications to the existing release script became necessary, the decision was made to automate the release process (see #3819 for details).

The documentation in the dev-guide has been updated to cover the new release process, which is fully automated to produce beta releases using GitHub Actions and the promote-release tooling.

The Rustup release process has historically been a manual process that
involved copying files from S3 to the local machine and back to S3. This
introduced a high risk of human error. When modifications to the
existing release script became necessary, the decision was made to
automate the release process (see rust-lang#3819 for details).

The documentation in the dev-guide has been updated to cover the new
release process, which is fully automated to produce `beta` releases
using GitHub Actions and the [promote-release] tooling.

[promote-release]: https://github.com/rust-lang/promote-release
@jdno
Copy link
Member Author

jdno commented May 28, 2024

@rami3l rami3l added the meta This issue is related to project management. label May 28, 2024
doc/dev-guide/src/release-process.md Show resolved Hide resolved
### Release Artifacts

The release artifacts are produced by CI when a new commit is merged into the
`stable` branch, and they are uploaded to the `dev-static` bucket on S3. There,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should move this to a different bucket. CI shouldn't have direct access to the static buckets IMO, it also complicates any intermediate processing (e.g. signing or recompression).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fine with me. How about we create a rustup-builds bucket that stores the artifacts, similar to the bucket for rust-lang/rust?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds perfect.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The config for the new bucket has been created here: rust-lang/simpleinfra#428


After merging the PR in the previous step, update the commit SHA checksum in
`rustup-init.sh` to match the latest commit on `master`. Submit the change in a
PR and merge it.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This step sounds surprising to me. If someone updates this to some other commit, how will we notice? Is there an opportunity to adjust the script as part of CI publishing it?

Copy link
Member

@rami3l rami3l May 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Mark-Simulacrum This is the most painful point for me personally during the past 2 releases (v1.27.0 and v1.27.1, for which I actually handled the release process), and I have no idea why this have to be the case.

Well, when we migrated to GitHub Merge Queue in v1.27.0, we have almost broken the whole workflow (which relied on merges instead of rebases and thus assumed shasum stability; to keep the coherence with the old workflow, a 2nd PR is required with GHMQ enabled for script traceability, see #3653 (comment) for more context). The current description is the closest I could get from the "spirit" of the original.

I'd love to see this step being automated. As long as the resulting rustup-init.sh script is traceable via the shasum when it's published onto rustup.sh etc., I personally don't see a particular reason we cannot leave a placeholder on master for example.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can look into automating this step, but I would do that after refactoring the release process as-is. This is already quite a big change and I don't want to slow down the implementation or add additional complexity to it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, for sure. Mostly just flagging it since it sounded off.

the right version number when run `--version`.

Once the beta release has happened, post a new topic named "Seeking beta testers
for Rustup $VER_NUM" on the [Internals Forum].
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've automated this for rustc, maybe can reuse that for rustup...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to create a tracking issue for this so that we can look into it once we've refactored the tooling.

Once the official release has happened, prepare and push a tag on the latest
`stable` commit.

- `git tag -as $VER_NUM -m $VER_NUM` (optionally without `-s` if not GPG
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we do this in promote release? We do for rust and cargo (also always signing the commits with the official key).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Mark-Simulacrum Will be cool. So far I have to ping t-release before bedtime, and manually do the tagging the next morning 😓

Copy link
Member

@rami3l rami3l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jdno Should we remove the manual release script, as I assume it's not needed anymore?

doc/dev-guide/src/release-process.md Outdated Show resolved Hide resolved
Before making a release, ensure that `rustup-init.sh` is behaving correctly,
This document describes the process for making a new release of Rustup. It is
split into the two sections. The first section explains the release process,
while the second section documents for maintainers how to make a release.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"documents how to make a release"? The "for maintainers" part reads a little awkwardly.

(Also "make" feels a little vague here, can we make that more precise?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've rewritten the into a bit, but I'm not sure how much better it is now. 😅

doc/dev-guide/src/release-process.md Outdated Show resolved Hide resolved
@djc
Copy link
Contributor

djc commented Jun 11, 2024

Thanks for working on this!

jdno added 2 commits June 21, 2024 12:06
Based on a discussion[^1] with the release team, the decision has been
made to create a new S3 bucket for Rustup build artifacts. This enable
us to revoke the access that Rustup's CI has to the release bucket,
improving security and reducing the risk of malicious or accidental
compromise of Rustup releases.

[^1]: rust-lang#3844 (comment)
@djc
Copy link
Contributor

djc commented Jun 21, 2024

@jdno what's your plan for driving the new release process to completion? We're starting to think about how/when we want to publish our next release so it would be good to understand how much of a dependency we have on you and what that means for the schedule.

@jdno
Copy link
Member Author

jdno commented Jun 21, 2024

I've started working on it, but I can't give a good estimate on how long it'll take. My hope is to get most of the implementation work done in the next two weeks.

I don't want to be a blocker, though, so my work is strictly additive right now. The current process will continue to work until we have a full replacement. So regarding dependencies or the schedule, there shouldn't be any.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta This issue is related to project management.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants