T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
06a93d33462f5460a1c5289f4001ccde49bf562d
wasmtime/docs/contributing-release-process.md
Alex Crichton b553d84362 Change how security advisories work on CI (#3461) 
Before this commit we actually have two builders checking for security
advisories on CI, one is `cargo audit` and one is `cargo deny`. The
`cargo deny` builder is slightly different in that it checks a few other
things about our dependency tree such as licenses, duplicates, etc. This
commit removes the advisory check from `cargo deny` on CI and then moves
the `cargo audit` check to a separate workflow.

The `cargo audit` check will now run nightly and will open an issue on
the Wasmtime repository when an advisory is found. This should help make
it such that our CI is never broken by the publication of an advisory
but we're still promptly notified whenever an advisory is made. I've
updated the release process notes to indicate that the open issues
should be double-checked to ensure that there are no open advisories
that we need to take care of.
2021-10-19 10:12:36 -05:00

38 lines
1.9 KiB
Markdown
Raw Blame History

# Release Process
This is intended to serve as documentation for Wasmtime's release process. It's
largely an internal checklist for those of us performing a Wasmtime release, but
others might be curious in this as well!
To kick off the release process someone decides to do a release. Currently
there's not a schedule for releases or something similar. Once the decision is
made (there's also not really a body governing these decisions, it's more
whimsical currently, or on request from others) then the following steps need to
be executed to make the release:
1. Double-check that there are no open [rustsec advisory
issues][rustsec-issues] on the Wasmtime repository.
1. `git pull` - make sure you've got the latest changes
1. Run `rustc scripts/publish.rs`
1. Run `./publish bump`
* Review and commit the changes
* Note that this bumps all cranelift/wasmtime versions as a major version bump
at this time. See the `bump_version` function in `publish.rs` to tweak this.
1. Make sure `RELEASES.md` is up-to-date, and fill it out if it doesn't have an
entry yet for the current release.
1. Send this version update as a PR to the `wasmtime` repository, wait for a merge
1. After merging, tag the merge as `vA.B.C`
1. Push the tag to the repository
* This will trigger the release CI which will create all release artifacts and
publish them to GitHub releases.
1. Run `./publish publish`
* This will fail on some crates, but that's expected.
* Keep running this script until all crates are published. Note that crates.io
won't let you publish something twice so rerunning is only for crates which
need the index to be udpated and if it hasn't yet. It's recommended to wait
a bit between runs of the script.
And that's it, then you've done a Wasmtime release.
[rustsec-issues]: https://github.com/bytecodealliance/wasmtime/issues?q=RUSTSEC+is%3Aissue+is%3Aopen+
Reference in New Issue View Git Blame Copy Permalink