Page MenuHomePhabricator
Create Task
Maniphest T343433

Automate the wbSuite Release Process
Closed, ResolvedPublic5 Estimated Story PointsSpike
Actions

Description

Goal: Analyse the release process and identify steps that can be automated.

Context: the current release process is fully manual and cumbersome (see T332786). That makes is too time consuming and prone to errors and overlooking things. Threshold for new engineers to step it is also too high. Confidence that we are doing it right is usually low.

Open Question:

  • Check for the "latest" tag. What should we tag as the "latest" release?

Acceptance Criteria:

  • Write tickets to automate the release process

Some tickets may hypothetically be:

  • script for the creation of the needed env files with the needed variables
  • script that checks the last commit hashes of the different extensions, till we get to the point that everything is done for us and we just need to do the last checking 💥
  • store the commit hashes to ensure reproducibility of the releases, see also T340226
  • create make target for dockerhub publish
  • fix the dockerhub publish script https://github.com/wmde/wikibase-release-pipeline/pull/499 (or move all this stuff to CI)
  • make the tarball upload script work with yubikeys and gpg-agent in ssh-mode (or move all this stuff to CI)
  • make it possible to publish images and tarballs no matter whether you are using yubikey or ssh keys (at the moment it's only possible with ssh keys from your .ssh file)
  • build publish workflow in gh actions (CI) - using secrets for keys

Related Objects
Search...

Event Timeline

darthmon_wmde created this task.Aug 3 2023, 10:45 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 3 2023, 10:45 AM
roti_WMDE updated the task description. (Show Details)Aug 7 2023, 6:25 AM
roti_WMDE moved this task from Inbox (no prioritisation) to Ticket needs work on the wbSuite Release Pipeline Analysis board.Aug 7 2023, 8:42 AM
darthmon_wmde edited projects, added Wikibase Suite Team; removed wbSuite Release Pipeline Analysis.Aug 14 2023, 1:14 PM
darthmon_wmde moved this task from wbSuite Release Pipeline Analysis to Prioritised + Unrefined on the Wikibase Suite Team board.
roti_WMDE added a parent task: T345564: Review and define a strategy for our build process.Sep 5 2023, 9:18 AM
roti_WMDE mentioned this in T345564: Review and define a strategy for our build process.
roti_WMDE mentioned this in T345690: Github artifacts expire.Oct 10 2023, 10:44 AM
RickiJay-WMDE moved this task from Prioritised + Unrefined to Focus: Initial Setup and Configuration on the Wikibase Suite Team board.Oct 19 2023, 1:15 PM
lojo_wmde moved this task from Focus: Initial Setup and Configuration to Focus: User Metrics on the Wikibase Suite Team board.Oct 19 2023, 1:22 PM
RickiJay-WMDE added a project: Spike.Oct 19 2023, 1:41 PM
RickiJay-WMDE updated the task description. (Show Details)
RickiJay-WMDE set the point value for this task to 5.
Restricted Application changed the subtype of this task from "Task" to "Spike". · View Herald TranscriptOct 19 2023, 1:41 PM
darthmon_wmde added a project: Speedier Release.Oct 23 2023, 10:44 PM
darthmon_wmde moved this task from Focus: User Metrics to Prioritised + Unrefined on the Wikibase Suite Team board.Oct 24 2023, 2:34 PM
lojo_wmde added a parent task: T349621: Create Branch+Version structure in our github repository.Oct 26 2023, 2:21 PM
darthmon_wmde added a project: wbSuite Release Pipeline.Oct 27 2023, 11:53 AM
darthmon_wmde updated the task description. (Show Details)Oct 30 2023, 8:55 AM
darthmon_wmde updated the task description. (Show Details)Oct 30 2023, 9:56 AM
darthmon_wmde updated the task description. (Show Details)Oct 30 2023, 10:21 AM
darthmon_wmde moved this task from Prioritised + Unrefined to Prioritised + Refined (ready to be moved into the sprint) on the Wikibase Suite Team board.Oct 30 2023, 12:19 PM
darthmon_wmde updated the task description. (Show Details)Oct 30 2023, 12:22 PM
darthmon_wmde updated the task description. (Show Details)Oct 30 2023, 12:30 PM
darthmon_wmde updated the task description. (Show Details)Oct 31 2023, 9:00 AM
roti_WMDE updated the task description. (Show Details)Oct 31 2023, 10:14 AM
darthmon_wmde moved this task from Prioritised + Refined (ready to be moved into the sprint) to Sprint-∞ on the Wikibase Suite Team board.Nov 8 2023, 12:37 PM
darthmon_wmde edited projects, added Wikibase Suite Team (Sprint-∞); removed Wikibase Suite Team.
roti_WMDE added a subtask: T351290: Trigger upload ghcr github action workflow on prep-mw- branches as well.Nov 15 2023, 8:59 AM
darthmon_wmde added a subtask: T340939: wmde.14 (1.40.1) major release.Nov 16 2023, 4:01 PM
roti_WMDE changed the status of subtask T351290: Trigger upload ghcr github action workflow on prep-mw- branches as well from Open to In Progress.Nov 17 2023, 11:32 AM
roti_WMDE changed the task status from Open to In Progress.Nov 20 2023, 9:30 AM
roti_WMDE claimed this task.
roti_WMDE moved this task from To do (prio from top to bottom) to Doing on the Wikibase Suite Team (Sprint-∞) board.
roti_WMDE added a comment.EditedNov 20 2023, 9:46 AM

I am suggesting the following optimizations:

  • Test Release prep builds on GHCR With this PR main, mw- release branches and PRs merging to releases branches (that is release preparations) publish their docker builds on GHCR (which we could consider being our staging container registry for now). This way, we can easily test release candidates by just pointing our docker-compose files to GHCR.
  • Review Docker Hub Upload Action We have an action to automatically upload Github CI artifacts directly to Docker Hub. It one needs to be tested, potentially fixed and could become our default way to uploading docker releases. This way we would store the docker hub API key in Github Action Secrets (it is there already) and individual devs do not need to bother.
  • Leave tarball upload as a manual process Uploading tarballs currently relies on moving SSH keys around. This is incompatible with Yubikeys. This should probably also not be moved to Github Actions as we probably are not allowed to store production keys on Github. My suggestion is to leave the process as it is for now until we spoke about the future of tarballs. If we really keep them, we will figure out a way to automatically publish them as well.
  • Docs Update Release Checklist Phabricator Ticket Template and this document
  • Reproducible Builds Focus on T340226 soon.
  • Update upstream components [Spike] Find out how to update the versions of locked upstream components once our builds are reproducible.
roti_WMDE moved this task from Doing to In Review on the Wikibase Suite Team (Sprint-∞) board.Nov 20 2023, 9:50 AM
roti_WMDE closed subtask T351290: Trigger upload ghcr github action workflow on prep-mw- branches as well as Resolved.Nov 20 2023, 10:33 AM
lojo_wmde subscribed.Nov 21 2023, 8:41 AM

Does the proposed task: "script that checks the last commit hashes of the different extensions, till we get to the point that everything is done for us and we just need to do the last checking 💥" require " store the commit hashes to ensure reproducibility of the releases, see also T340226"? If so, and its clear something we want/need to do, as part of completing this spike lets make a ticket for it as a subtask of T340226.

roti_WMDE added a comment.Nov 21 2023, 10:04 AM

The intention of my comment was to replace the task list above. Relevant for the topic you mention is

Update upstream components [Spike] Find out how to update the versions of locked upstream components once our builds are reproducible.

darthmon_wmde added a comment.Nov 21 2023, 3:27 PM

I find those steps a great improvement to the build process. Thanks @roti_WMDE for the summary and the explanations behind them.

darthmon_wmde added a comment.Nov 21 2023, 3:29 PM

I have one question though: are we getting into automating the first steps of the process: changing the .env files and such? or that is work to be done under T349803?

darthmon_wmde added a comment.Nov 21 2023, 3:39 PM

For transparency:

In T343433#9343859, @roti_WMDE wrote:

I am suggesting the following optimizations:

  • Test Release prep builds on GHCR With this PR main, mw- release branches and PRs merging to releases branches (that is release preparations) publish their docker builds on GHCR (which we could consider being our staging container registry for now). This way, we can easily test release candidates by just pointing our docker-compose files to GHCR.
  • Review Docker Hub Upload Action We have an action to automatically upload Github CI artifacts directly to Docker Hub. It one needs to be tested, potentially fixed and could become our default way to uploading docker releases. This way we would store the docker hub API key in Github Action Secrets (it is there already) and individual devs do not need to bother.

--> ticket created T351720

  • Leave tarball upload as a manual process Uploading tarballs currently relies on moving SSH keys around. This is incompatible with Yubikeys. This should probably also not be moved to Github Actions as we probably are not allowed to store production keys on Github. My suggestion is to leave the process as it is for now until we spoke about the future of tarballs. If we really keep them, we will figure out a way to automatically publish them as well.

--> nothing to do here

  • Docs Update Release Checklist Phabricator Ticket Template and this document

--> ticket created T351723

  • Reproducible Builds Focus on T340226 soon.
  • Update upstream components [Spike] Find out how to update the versions of locked upstream components once our builds are reproducible.

--> ticket created T340226 to be tackled after the ones above are done

roti_WMDE closed subtask T340939: wmde.14 (1.40.1) major release as Resolved.Nov 29 2023, 11:43 AM
roti_WMDE added a comment.Dec 5 2023, 10:47 AM

Update upstream components [Spike] Find out how to update the versions of locked upstream components once our builds are reproducible.

New ticket is T352752

roti_WMDE closed this task as Resolved.Dec 5 2023, 10:48 AM
roti_WMDE moved this task from In Review to Done on the Wikibase Suite Team (Sprint-∞) board.

Closed as we have follow up tasks for everything that remains.

roti_WMDE moved this task from Sprint-∞ to Archive (closed) on the Wikibase Suite Team board.Dec 5 2023, 12:58 PM
roti_WMDE edited projects, added Wikibase Suite Team; removed Wikibase Suite Team (Sprint-∞).
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits