Release checklist
This checklist was created after the v2.0.0 release in order to facilitate a better release process going forward.
Pre-release checklist
- Designate a release manager and assign them this issue.
- Clone this template into a GitHub release issue.
- Identify target release version (major, minor, or patch) and milestones (alpha, beta, ...).
- Identify and communicate the release timeline.
- Community meeting
- OpenBao Core Mailing list
- TSC Mailing List
- Matrix
- GitHub milestones
- Ensure relevant features and bug fixes are present in the release.
- Check generated changelog via
make release-changelog
and make any necessary updates to entries. - Draft release notification announcement.
- Tag new API versions (including in auth plugins), if necessary.
- When bumping API major version, ensure
api/go.mod
is updated to the new version.
- When bumping API major version, ensure
- Update SDK to use the new API version, if necessary.
- When bumping SDK major version, ensure
sdk/go.mod
is updated to the new version.
- When bumping SDK major version, ensure
- Tag new SDK version, if necessary.
- Update first-party external dependencies to use new API & SDK modules, if necessary.
- Update API, SDK, and first-party external dependencies in main
go.mod
. While API and SDK always use the built-in version, the first-party external modules still use the external version and thus must be updated. - Update external dependencies with vulnerabilities. Major changes should be done earlier in the release cycle to give the community time to find any breaking issues.
- Update container image base layer versions.
- Update Go version pinning in
/.go-release
and in the thetoolchain
directive ingo.mod
; go-releaser uses this version via a custom (in-repo)set-up-go
action.
Release checklist
- Open PR to update
CHANGELOG.md
and release notes on website. - Tag release commit (
CHANGELOG.md
change). - Start release workflow: select target tag, and set applicable pre-release/latest set (pre-releases should not be marked latest on GitHub).
- Manually upload GPG signing key to the release artifacts.
- Spot-check release artifacts:
- Container images work.
- Linux binaries work.
- Website download page.
- CoSign and GPG Signatures on binaries.
- In the event of issues during the release that require new tags to be pushed, write a postmortem indicating why.
- Share release notification announcement:
- OpenBao Core mailing list (cc TSC mailing list)
- GitHub Discussions
- Link from Matrix
- Mention in next community meeting & TSC meetings.
- Close the release milestone on GitHub.
- For large releases, work with LF Edge for a release blog post.