NSS/Release Management: Difference between revisions

← Older edit

NSS/Release Management (view source)

Revision as of 23:35, 30 August 2023

2,580 bytes added , 30 August 2023

Change upload instructions following switch to google cloud

Jschanck

9

edits

@@ Line 33: / Line 33: @@
 If the above reports that any <code>*.def</code> files changed, inspect those changes. Mistakes must be fixed before a release.
+===== Verify branch readiness =====
+Make sure the branch is passing all appropriate tests in CI. Sometimes older branches may have expected failures, but if you aren't sure, confirm before making a release.
+You may have to search [https://treeherder.mozilla.org/#/jobs?repo=nss the prior jobs in treeherder] to find the relevant branch.
+===== Prepare a beta =====
+# Make sure the beta tags are there in <code>lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h</code>
+# If the branch hasn't been made yet, make it
+#: <code>$ hg branch NSS_3_39_BRANCH</code>
+# Otherwise, ensure you're on the correct branch.
+# Then produce the beta tag on the branch. We number betas from BETA1 upward
+#: <code>$ hg tag NSS_3_39_BETA1</code>
+# Push the changes
+#: <code>$ hg outgoing</code>
+#: <code>$ hg push --new-branch</code>
 ===== Prepare the release =====
+# Make sure that the release notes are in NSS before the release
+# Ensure the required NSPR version has been updated
+## Edit file automation/release/nspr-version.txt and set it to the minimum NSPR version that is required for this NSS release.
 # Remove beta tags
 #: <code>$ cd nss</code>
-#: <span style="color:#FF0000"> This doesn't remove " Beta" strings.</span>
 #: <code>$ python automation/release/nss-release-helper.py remove_beta</code>
 #: <code>$ hg diff</code>
-#: There should be differences in, <code>lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h</code>
+#: There should be differences in <code>lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h</code>
 # Verify that
 ## <code>_VERSION</code> definition was changed to have the <code>Beta</code> string removed
@@ Line 56: / Line 75: @@
 ===== Prepare repo for next version =====
-# Increment the version number (to 3.27 in this example) and set the beta flag again.
+# On the default branch, increment the version number (to 3.27 in this example) and set the beta flag again. (If you are on the default branch, the beta flag should already be set and only a version increment should happen.)
 ## <code>$ python automation/release/nss-release-helper.py set_beta</code>
 ## <code>$ python automation/release/nss-release-helper.py set_version_to_minor_release 3 27</code>
@@ Line 69: / Line 88: @@
 # Go to the NSS dir
 #: <code>$ cd /your/path/to/nss</code>
-# Let 4.12 be the required NSPR version
+# Make sure that the respective NSPR release archive file (for the version listed in automation/release/nspr-version.txt) is contained in your stage directory. (Download it, if you don't have it, from https://ftp.mozilla.org/pub/nspr/releases/) A copy of this NSPR release will be automatically included in the combined NSS release archived. It needs to be stored in <code>stage/v<NSPR version number>/src/</code>.
-# Make sure that the NSPR release archive file is contained in your stage directory. (Download it, if you don't have it.)
 # Run the following command to create two release archive files (<code>nss-3.26.tar.gz</code> and <code>nss-3.26-with-nspr-4.12.tar.gz</code>) and two files SHA1SUMS and SHA256SUMS in <code>/your/path/to/stage/NSS_3_26_RTM/src/</code>.
-#: <code>$ python automation/release/nss-release-helper.py create_nss_release_archive 3.26 NSS_3_26_RTM 4.12 ../stage</code>
+#: <code>$ python automation/release/nss-release-helper.py create_nss_release_archive 3.26 NSS_3_26_RTM ../stage</code>
 ===== Some additional check one may want to perform =====
@@ Line 85: / Line 103: @@
 # Remove the extracted directory, to ensure you won't upload the individual files.
-===== Upload release to public ftp/amazon s3. =====
+===== Upload release to public ftp/google cloud. =====
 When running the following command ensure that you use the directory name NSS_3_26_RTM twice, both in source and in destination.
   $ cd /your/path/to/stage
@@ Line 98: / Line 116: @@
 # Check that there's no NSS_3_26_RTM directory at https://ftp.mozilla.org/pub/security/nss/releases/.
-# Ensure you have aws command installed.
+# Ensure you have the gcloud command installed.
-# <span style="color:#FF0000"> more infos on aws</span>
+# (see also: https://cloud.google.com/sdk/docs/install )
 # Upload the release
-#: <code>$ aws s3 cp NSS_3_26_RTM s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/NSS_3_26_RTM --recursive</code>
+#: <syntaxhighlight>
-# Check https://ftp.mozilla.org/pub/security/nss/releases/ (can be delayed!)
+$ NSS_RELEASE=NSS_3_26_RTM \
+GCP_PROJECT=moz-fx-productdelivery-pr-38b5 \
+GCP_ENV=prod \
+gcloud --project $GCP_PROJECT --impersonate-service-account=nss-team-$GCP_ENV@$GCP_PROJECT.iam.gserviceaccount.com \
+storage cp --recursive --no-clobber $NSS_RELEASE gs://$GCP_PROJECT-productdelivery/pub/security/nss/releases/
+</syntaxhighlight>
+# Check https://ftp.mozilla.org/pub/security/nss/releases/ (the indexing of the new directory can be delayed but it can be accessed immediately through the url.)
 # Check upload:
-#: <code>$ aws s3 ls s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/</code>
+#: <code>$ gcloud storage ls gs://moz-fx-productdelivery-pr-38b5-productdelivery/pub/security/nss/releases/</code>
-#: <code>$ aws s3 ls s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/NSS_3_26_RTM/</code>
+#: <code>$ gcloud storage ls gs://moz-fx-productdelivery-pr-38b5-productdelivery/pub/security/nss/releases/NSS_3_26_RTM/</code>
-#: <code>$ aws s3 ls s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/NSS_3_26_RTM/src/</code>
+#: <code>$ gcloud storage ls gs://moz-fx-productdelivery-pr-38b5-productdelivery/pub/security/nss/releases/NSS_3_26_RTM/src/</code>
+===== Upgrading mozilla-central (automated) =====
+#: RelEng to Uplift the new RTM tag using the [https://github.com/mozilla/nss-tools/ nss-uplift scripts].
+#: Amend the uplift commit to set [https://hg.mozilla.org/mozilla-central/log/tip/old-configure.in old-configure.in] file in mozilla-central to point AM_PATH_NSS to the new minimum version of NSS
+Example:
+ PATH=$PATH:/path/to/xpcshell LD_LIBRARY_PATH=/path/to/xpcshell NOBUILD=: /path/to/nss-tools/nss-uplift-unified.sh NSS_X_YY_RTM
-===== Upgrading mozilla-central =====
+===== Upgrading mozilla-central (manual instructions) =====
+# If you already upgraded mozilla-central with the nss-uplift-unified.sh script, you can ignore these manual instructions.
 # Someone should approve the upgrade.
 # For the upgrade task, we have docs https://developer.mozilla.org/en/docs/Updating_NSPR_or_NSS_in_mozilla-central Go to a mozilla-inbound checkout and run the following.
@@ Line 117: / Line 149: @@
 with the command to be executed. The reason is, that the state of those dependency files might be different between branches (where we upgrade or remove newlines as necessary, to trigger full rebuilds). By using the upgrade script, this is handled automatically.
+===== Logistics =====
+# Update the [[NSS:Release Versions]] page.
+# Update the [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases MDN NSS Release page].
 [[Category:NSS]]