This page describes the release process and the currently planned schedule for upcoming releases as well as the respective release shepherd. Release shepherds are chosen on a voluntary basis.
Our goal is to provide a new minor release every 6 weeks. This is a new process and everything in this document is subject to change.
release series | date of first pre-release (year-month-day) | release shepherd |
---|---|---|
v0.1.0 | 2019-07-31 | Chris Marchbanks (GitHub: @csmarchbanks) |
v0.2.0 | 2019-08-28 | Goutham Veeramachaneni (Github: @gouthamve) |
v0.3.0 | 2019-10-09 | Bryan Boreham (@bboreham) |
v0.4.0 | 2019-11-13 | Tom Wilkie (@tomwilkie) |
v0.5.0 | 2020-01-08 | Abandoned |
v0.6.0 | 2020-01-22 | Marco Pracucci (@pracucci) |
v0.7.0 | 2020-03-09 | Marco Pracucci (@pracucci) |
v1.0.0 | 2020-03-31 | Goutham Veeramachaneni (@gouthamve) |
v1.1.0 | 2020-05-11 | Peter Štibraný (@pstibrany) |
v1.2.0 | 2020-06-24 | Bryan Boreham |
v1.3.0 | 2020-08-03 | Marco Pracucci (@pracucci) |
v1.4.0 | 2020-09-14 | Marco Pracucci (@pracucci) |
v1.5.0 | 2020-10-26 | Chris Marchbanks (@csmarchbanks) |
v1.6.0 | 2020-12-07 | Jacob Lisi (@jtlisi) |
v1.7.0 | 2021-01-18 | Ken Haines (@khaines) |
v1.8.0 | 2021-03-08 | Peter Štibraný (@pstibrany) |
v1.9.0 | 2021-04-29 | Goutham Veeramachaneni (@gouthamve) |
v1.10.0 | 2021-06-25 | Bryan Boreham (@bboreham) |
v1.11.0 | 2021-08-06 | Marco Pracucci (@pracucci) |
v1.12.0 | 2022-02-17 | Abandoned |
v1.13.0 | 2022-06-23 | Alvin Lin (@alvinlin123) |
v1.14.0 | 2022-11-15 | Alan Protasio (@alanprot) |
v1.15.0 | 2023-03-27 | Ben Ye (@yeya24) |
The release shepherd is responsible for the entire release series of a minor release, meaning all pre- and patch releases of a minor release. The process formally starts with the initial pre-release, but some preparations should be done a few days in advance.
- We aim to keep the master branch in a working state at all times. In principle, it should be possible to cut a release from master at any time. In practice, things might not work out as nicely. A few days before the pre-release is scheduled, the shepherd should check the state of master. Following their best judgement, the shepherd should try to expedite bug fixes that are still in progress but should make it into the release. On the other hand, the shepherd may hold back merging last-minute invasive and risky changes that are better suited for the next minor release.
- On the date listed in the table above, the release shepherd cuts the first pre-release (using the suffix
-rc.0
) and creates a new branch calledrelease-<major>.<minor>
starting at the commit tagged for the pre-release. In general, a pre-release is considered a release candidate (that's whatrc
stands for) and should therefore not contain any known bugs that are planned to be fixed in the final release. - With the pre-release, the release shepherd is responsible for coordinating or running the release candidate in any end user production environment for 3 days. This is typically done in Grafana Labs or Weaveworks but we are looking for more volunteers!
- If regressions or critical bugs are detected, they need to get fixed before cutting a new pre-release (called
-rc.1
,-rc.2
, etc.).
See the next section for details on cutting an individual release.
We use Semantic Versioning.
We maintain a separate branch for each minor release, named release-<major>.<minor>
, e.g. release-1.1
, release-2.0
.
The usual flow is to merge new features and changes into the master branch and to merge bug fixes into the latest release branch. Bug fixes are then merged into master from the latest release branch. The master branch should always contain all commits from the latest release branch. As long as master hasn't deviated from the release branch, new commits can also go to master, followed by merging master back into the release branch.
If a bug fix got accidentally merged into master after non-bug-fix changes in master, the bug-fix commits have to be cherry-picked into the release branch, which then have to be merged back into master. Try to avoid that situation.
Maintaining the release branches for older minor releases happens on a best effort basis.
This helps ongoing PRs to get their changes in the right place, and to consider whether they need cherry-picked.
- Make a PR to update
CHANGELOG.md
on master- Add a new section for the new release so that "## master / unreleased" is blank and at the top.
- New section should say "## x.y.0 in progress".
- Get this PR reviewed and merged.
- Comment on open PRs with a CHANGELOG entry to rebase
master
and move the CHANGELOG entry to the top under## master / unreleased
For a new major or minor release, create the corresponding release branch based on the master branch. For a patch release, work in the branch of the minor release you want to patch.
To prepare release branch, first create new release branch (release-X.Y) in Cortex repository from master commit of your choice, and then do the following steps on a private branch (prepare-release-X.Y) and send PR to merge this private branch to the new release branch (prepare-release-X.Y -> release-X.Y).
- Make sure you've a GPG key associated to your GitHub account (
git tag
will be signed with that GPG key)- You can add a GPG key to your GitHub account following this procedure
- Update the version number in the
VERSION
file to say "X.Y-rc.0" - Update
CHANGELOG.md
- Ensure changelog entries for the new release are in this order:
[CHANGE]
[FEATURE]
[ENHANCEMENT]
[BUGFIX]
- Run
./tools/release/check-changelog.sh LAST-RELEASE-TAG...master
and add any missing PR which includes user-facing changes
- Ensure changelog entries for the new release are in this order:
Once your PR with release prepartion is approved, merge it to "release-X.Y" branch, and continue with publishing.
To publish a release candidate:
- Do not change the release branch directly; make a PR to the release-X.Y branch with VERSION and any CHANGELOG changes.
- Ensure the
VERSION
file has the-rc.X
suffix (X
starting from0
)
- Ensure the
- After merging your PR to release branch,
git tag
the new release (see How to tag a release) from release branch. - Wait until CI pipeline succeeded (once a tag is created, the release process through GitHub actions will be triggered for this tag)
- Create a pre-release in GitHub
- Write the release notes (including a copy-paste of the changelog)
- Build binaries with
make dist
and attach them to the release - Build packages with
make packages
, test them withmake test-packages
and attach them to the release
- Sign the artifact and generate SBOM for the release
To publish a stable release:
- Do not change the release branch directly; make a PR to the release-X.Y branch with VERSION and any CHANGELOG changes.
- Ensure the
VERSION
file has no-rc.X
suffix - Update the Cortex version in the following locations:
- Kubernetes manifests located at
k8s/
- Documentation located at
docs/
- Kubernetes manifests located at
- Ensure the
- After merging your PR to release branch,
git tag
the new release (see How to tag a release) from release branch. - Wait until CI pipeline succeeded (once a tag is created, the release process through GitHub actions will be triggered for this tag)
- Create a release in GitHub
- Write the release notes (including a copy-paste of the changelog)
- Build binaries with
make dist
and attach them to the release - Build packages with
make packages
, test them withmake test-packages
and attach them to the release
- Sign the artifact and generate SBOM for the release
- Merge the release branch
release-x.y
tomaster
- Create
merge-release-X.Y-to-master
branch fromrelease-X.Y
branch locally - Merge upstream
master
branch into yourmerge-release-X.Y-to-master
and resolve conflicts - Send PR for merging your
merge-release-X.Y-to-master
branch intomaster
- Once approved, merge the PR by using "Merge" commit.
- This can either be done by temporarily enabling "Allow merge commits" option in "Settings > Options".
- Alternatively, this can be done locally by merging
merge-release-X.Y-to-master
branch intomaster
, and pushing resultingmaster
to upstream repository. This doesn't breakmaster
branch protection, since PR has been approved already, and it also doesn't require removing the protection.
- Create
- Open a PR to add the new version to the backward compatibility integration test (
integration/backward_compatibility_test.go
)
- Make sure you have the release brnach checked out, and you don't have any local modifications
- Create and
cd
to an empty directory not within the project directory - Run
mkdir sbom
- Generate SBOMs using https://github.com/kubernetes-sigs/bom
bom generate -o sbom/go-mod.spdx -n https://github.com/cortexproject/cortex -d <cortex repo>
bom generate -o sbom/cortex-container-image.spdx -n https://github.com/cortexproject/cortex -i quay.io/cortexproject/cortex:<release tag>
bom generate -o sbom/query-tee-container-image.spdx -n https://github.com/cortexproject/cortex -i quay.io/cortexproject/query-tee:<release tag>
tar -zcvf sbom.tar.gz sbom
- Download the artifacts attached to the published release
curl -H "Authorization: Bearer <your GitHub API token>" -s https://api.github.com/repos/cortexproject/cortex/releases/tags/<release tag> \ | grep "browser_download_url" \ | cut -d: -f2- \ | tr -d "\"" \ | wget -qi -
- Sign the files with your PGP key:
find . -maxdepth 1 -type f | xargs -L 1 gpg --armor --detach-sign
- Attach
sbom.tar.gz
to the release - Attach the generated
.asc
files to the release - Attach
sign.pub
which contains the the public key of the PGP key you used to sign the binaries- You can get the public key by doing
gpg --armor --export <[email protected]>
- You can get the public key by doing
Every release is tagged with v<major>.<minor>.<patch>
, e.g. v0.1.3
. Note the v
prefix.
You can do the tagging on the commandline:
$ tag=$(< VERSION)
$ git tag -s "v${tag}" -m "v${tag}"
$ git push origin "v${tag}"