-
Notifications
You must be signed in to change notification settings - Fork 708
Release Guide Obsolete
Refer to https://github.com/ComplianceAsCode/content/tree/master/release_tools for how to make a release
-
Make sure the milestone for the version you are releasing has no open tickets. If tickets are open move them to the next milestone.
-
Make sure you are in the master branch and have the latest version. Run
git checkout master
and thengit pull
. Make sure you have a clean working directory, rungit status
and check if everything is okay. -
Check the
CMakeLists.txt
file from project's root directory and make sure it has the version you are about to release. Check variables such as:SSG_MAJOR_VERSION
,SSG_MINOR_VERSION
,SSG_PATCH_VERSION
. It is most likely that only theSSG_PATCH_VERSION
needs to be changed for a new release. -
Verify that Jenkins builds and tests for the latest commit in git successfully finish. (I should be sufficient if jenkins jobs are "green")
-
Verify that
make package_source
works, from project's root directory, run following commands:
$ cd build/
$ cmake ../
$ make package_source
- Build and validate all content using
ctest
, from project's root directory, run following commands:
$ cd build/
$ cmake ../
$ make -j4
$ ctest -j4
$ cmake -DSSG_TARGET_OVAL_MINOR_VERSION:STRING=10 ../
$ make -j4
$ ctest -j4
- Test some datastreams on their target platforms. Test sanity (no validation issues) as well as functionality (evaluate + remediate). Load randomly chosen SSG guide from
build/guides
and verify it looks safe - Check whether
make zipfile
builds a zip file successfully (for both OVAL-5.10 and OVAL-5.11). Also check jenkins jobs: - Check STIG ids:
cd build; PYTHONPATH=.. ../build-scripts/profile_tools.py stats -b ./ssg-rhel7-xccdf.xml --missing-stig-ids
for rhel6 and rhel7, optionally for others. Look for** rules of 'XYZ' profile missing STIG IDs: ? of ? have them
. Make sure every rule missing a stig ID really doesn't have it. - Run
PYTHONPATH=. utils/generate_contributors.py
to refresh contributor lists and commit it - Tag the release -
git tag -a v0.1.xy
-
git push --tags
(this will create new release on GitHub) - Close the GitHub milestone for the version you just tagged, click "Close"
- Run
make package_source
to generate source tarball to upload - Trigger build of zipfiles in Jenkins
- Download the zipfiles and rename them.
The OVAL-5.11 ZIP name will have the formscap-security-guide-0.1.xy.zip
, while the OVAL-5.10 ZIP name will have the formscap-security-guide-0.1.xy-oval-5.10.zip
.
- Download the zipfiles and rename them.
- Trigger the build for static docs, see https://jenkins.complianceascode.io/job/static_openscap_docs/
- Create release notes, recommended sources:
git log
, list of tickets targeted at the version milestone (preferred way is to copy the template from previous release, fill it with new data [list of bug fixes / features], but keep the form of the release notes) - If some of the changes within the release introduced a new profile for some of the SCAP Security Guide products, add a mention about this new profile also into Choosing Policy page (section
Security policies available in the SCAP Security Guide
) of the OpenSCAP portal, - Edit the github release page
- Add the release notes
- Upload source tarball from
make package_source
- Upload zipfiles, there will be 2 ZIP files, one for OVAL 5.11 and one for OVAL 5.10.
We consider OVAL 5.11 the default but a lot of users still need SDS with SCAP 1.2 / OVAL 5.10
- Upload the Ansible roles to Ansible galaxy
$ cmake ../
$ make -j4
$ PYTHONPATH=../ ../utils/upload_ansible_roles_to_galaxy.py --build-roles-dir ./roles/
(if it says 404 it most likely means you haven't authenticated successfully)
- Login into https://galaxy.ansible.com/, and import all Playbooks.
- Announce on scap-security-guide and open-scap mailing lists. Announce on twitter via @OpenSCAP
- Submit Fedora updates, check:
- Do build for COPR repository: https://copr.fedorainfracloud.org/coprs/openscapmaint/openscap-latest/builds/
- Bump version in the git repo in
CMakeLists.txt