The guide talks about how to release a new version of etcd.
The procedure includes some manual steps for sanity checking, but it can probably be further scripted. Please keep this document up-to-date if making changes to the release process.
etcd community members are assigned to manage the release each etcd major/minor version as well as manage patches
and to each stable release branch. The managers are responsible for communicating the timelines and status of each
release and for ensuring the stability of the release branch.
Releases | Manager |
---|---|
3.1 patch (post 3.1.0) | Joe Betz @jpbetz |
3.2 patch (post 3.2.0) | Joe Betz @jpbetz |
3.3 patch (post 3.3.0) | Gyuho Lee @gyuho |
Set desired version as environment variable for following steps. Here is an example to release 2.3.0:
export VERSION=v2.3.0
export PREV_VERSION=v2.2.5
All releases version numbers follow the format of semantic versioning 2.0.0.
base:release-<major>-<minor>
). hack/patch/cherrypick.sh
may be used to automatically generate cherrypick PRs.[GH XXXX]
at the head of change line to reference Pull Request that introduces the change. Moreover, add a link on it to jump to the Pull Request.release-note
label and explain them in NEWS
file, as a straightforward summary of changes for end-users.${VERSION}
.git tag -s ${VERSION}
.git show tags/$VERSION
.git push origin tags/$VERSION
. This assumes origin
corresponds to "https://github.com/etcd-io/etcd".docker
is available.Run release script in root directory:
TAG=gcr.io/etcd-development/etcd ./scripts/release.sh ${VERSION}
It generates all release binaries and images under directory ./release.
etcd project key must be used to sign the generated binaries and images.$SUBKEYID
is the key ID of etcd project Yubikey. Connect the key and run gpg2 --card-status
to get the ID.
The following commands are used for public release sign:
cd release
for i in etcd-*{.zip,.tar.gz}; do gpg2 --default-key $SUBKEYID --armor --output ${i}.asc --detach-sign ${i}; done
for i in etcd-*{.zip,.tar.gz}; do gpg2 --verify ${i}.asc ${i}; done
# sign zipped source code files
wget https://github.com/etcd-io/etcd/archive/${VERSION}.zip
gpg2 --armor --default-key $SUBKEYID --output ${VERSION}.zip.asc --detach-sign ${VERSION}.zip
gpg2 --verify ${VERSION}.zip.asc ${VERSION}.zip
wget https://github.com/etcd-io/etcd/archive/${VERSION}.tar.gz
gpg2 --armor --default-key $SUBKEYID --output ${VERSION}.tar.gz.asc --detach-sign ${VERSION}.tar.gz
gpg2 --verify ${VERSION}.tar.gz.asc ${VERSION}.tar.gz
The public key for GPG signing can be found at CoreOS Application Signing Key
gcloud docker -- login -u _json_key -p "$(cat /etc/gcp-key-etcd.json)" https://gcr.io
for TARGET_ARCH in "-arm64" "-ppc64le" ""; do
gcloud docker -- push gcr.io/etcd-development/etcd:${VERSION}${TARGET_ARCH}
done
latest
tag to the new image on gcr.io if this is a stable release.for TARGET_ARCH in "amd64" "arm64" "ppc64le"; do
TAG=quay.io/coreos/etcd GOARCH=${TARGET_ARCH} \
BINARYDIR=release/etcd-${VERSION}-linux-${TARGET_ARCH} \
BUILDDIR=release \
./scripts/build-docker ${VERSION}
done
docker login quay.io
for TARGET_ARCH in "-arm64" "-ppc64le" ""; do
docker push quay.io/coreos/etcd:${VERSION}${TARGET_ARCH}
done
latest
tag to the new image on quay.io if this is a stable release.git log ...${PREV_VERSION} --pretty=format:"%an" | sort | uniq | tr '\n' ',' | sed -e 's#,#, #g' -e 's#, $##'
git push origin ${VERSION_MAJOR}.${VERSION_MINOR}
if this is a major stable release. This assumes origin
corresponds to "https://github.com/etcd-io/etcd".${VERSION}+git
.