This project uses cargo-release in order to prepare new releases, tag and sign the relevant git commit, and publish the resulting artifacts to crates.io.
The release process follows the usual PR-and-review flow, allowing an external reviewer to have a final check before publishing.
In order to ease downstream packaging of Rust binaries, an archive of vendored dependencies is also provided (only relevant for offline builds).
These steps show how to release version x.y.z on the origin remote (this can be checked via git remote -av).
Push access to the upstream repository is required in order to publish the new tag and the PR branch.
:warning:: if origin is not the name of the locally configured remote that points to the upstream git repository (i.e. git@github.com:coreos/ssh-key-dir.git), be sure to assign the correct remote name to the UPSTREAM_REMOTE variable.
prepare environment:
[x] RELEASE_VER=x.y.z
[x] UPSTREAM_REMOTE=origin
[x] git checkout -b pre-release-${RELEASE_VER}
check Cargo.toml for unintended increases of lower version bounds:
Release process
This project uses cargo-release in order to prepare new releases, tag and sign the relevant git commit, and publish the resulting artifacts to crates.io. The release process follows the usual PR-and-review flow, allowing an external reviewer to have a final check before publishing.
In order to ease downstream packaging of Rust binaries, an archive of vendored dependencies is also provided (only relevant for offline builds).
Requirements
This guide requires:
git
cargo
(suggested: latest stable toolchain from rustup)cargo-release
(suggested:cargo install -f cargo-release
)cargo vendor-filterer
(suggested:cargo install -f cargo-vendor-filterer
)Release checklist
These steps show how to release version
x.y.z
on theorigin
remote (this can be checked viagit remote -av
). Push access to the upstream repository is required in order to publish the new tag and the PR branch.:warning:: if
origin
is not the name of the locally configured remote that points to the upstream git repository (i.e.git@github.com:coreos/ssh-key-dir.git
), be sure to assign the correct remote name to theUPSTREAM_REMOTE
variable.prepare environment:
RELEASE_VER=x.y.z
UPSTREAM_REMOTE=origin
git checkout -b pre-release-${RELEASE_VER}
check
Cargo.toml
for unintended increases of lower version bounds:git diff $(git describe --abbrev=0) Cargo.toml
update all dependencies:
cargo update
git add Cargo.lock && git commit -m "cargo: update dependencies"
write release notes:
docs/release-notes.md
git add docs/release-notes.md && git commit -m "docs/release-notes: update for release ${RELEASE_VER}"
land the changes:
docs/release-notes.md
changes into mainmake sure the project is clean:
cargo-release
andcargo-vendor-filterer
are up to date:cargo install cargo-release cargo-vendor-filterer
git checkout main && git pull ${UPSTREAM_REMOTE} main
cargo vendor-filterer target/vendor
cargo test --all-features --config 'source.crates-io.replace-with="vv"' --config 'source.vv.directory="target/vendor"'
cargo clean
git clean -fd
create release commit on a dedicated branch and tag it (the commit and tag will be signed with the GPG signing key you configured):
git checkout -b release-${RELEASE_VER}
cargo release --execute ${RELEASE_VER}
(and confirm the version when prompted)open and merge a PR for this release:
git push ${UPSTREAM_REMOTE} release-${RELEASE_VER}
publish the artifacts (tag and crate):
git checkout v${RELEASE_VER}
grep "^version = \"${RELEASE_VER}\"$" Cargo.toml
produces outputgit push ${UPSTREAM_REMOTE} v${RELEASE_VER}
cargo publish
assemble vendor archive:
cargo vendor-filterer --format=tar.gz --prefix=vendor target/ssh-key-dir-${RELEASE_VER}-vendor.tar.gz
publish this release on GitHub:
target/ssh-key-dir-${RELEASE_VER}-vendor.tar.gz
sha256sum target/package/ssh-key-dir-${RELEASE_VER}.crate
sha256sum target/ssh-key-dir-${RELEASE_VER}-vendor.tar.gz
clean up the local environment (optional, but recommended):
cargo clean
git checkout main
git pull ${UPSTREAM_REMOTE} main
git push ${UPSTREAM_REMOTE} :pre-release-${RELEASE_VER} :release-${RELEASE_VER}
git branch -d pre-release-${RELEASE_VER} release-${RELEASE_VER}
Fedora packaging:
rust-ssh-key-dir
spec file in FedoraVersion
Release
back to1%{?dist}
spectool -g -S rust-ssh-key-dir.spec
kinit your_fas_account@FEDORAPROJECT.ORG
fedpkg new-sources $(spectool -S rust-ssh-key-dir.spec | sed 's:.*/::')
fedpkg build
rust-ssh-key-dir
forPackages
link to GitHub release
"Update name
blankType
,Severity
andSuggestion
can be left asunspecified
unless it is a security release. In that case selectsecurity
with the appropriate severity.Stable karma
andUnstable
karma can be set to2
and-1
, respectively.CentOS Stream 9 packaging:
rebase-c9s-ssh-key-dir
issue in the internal team-operations repo and follow the steps there