Docs/releases: Update release checklist document

Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I9a79cf92620755e19266faaf593dc2657acdb16f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68500
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>

Documentation/releases/checklist.md

@@ -4,56 +4,73 @@
 
 # coreboot Release Process
 
-This document describes our release process and all prerequisites to implement
+This document describes our release process and all prerequisites to
-it successfully.
+implement it successfully.
+
 
 ## Purpose of coreboot releases
-Our releases aren't primarily a vehicle for code that is stable across all
+Our releases aren't primarily a vehicle for code that is stable across
-boards: The logistics of testing the more than 100 boards that are spread out
+all boards: The logistics of testing the more than 100 boards that are
-all continents (except Antarctica, probably) on a given tree state are
+spread out all continents (except Antarctica, probably) on a given tree
-prohibitive for project of our size.
+state are prohibitive for project of our size.
 
-Instead, the releases are regular breakpoints that serve multiple purposes:
+Instead, the releases are regular breakpoints that serve multiple
-They support cooperation between multiple groups (corporations or otherwise)
+purposes: They support cooperation between multiple groups (corporations
-in that it's easier to keep source trees synchronized based on a limited set
+or otherwise) in that it's easier to keep source trees synchronized
-of commits. They allow a quick assessment of the age of any given build or
+based on a limited set of commits. They allow a quick assessment of the
-source tree based on its git version (4.8-1234 was merged into master a few
+age of any given build or source tree based on its git version (4.8-1234
-months after 4.8, which came out in April 2018. 4.0-21718's age is harder to
+was merged into master a few months after 4.8, which came out in April
-guess).
+of 2018. 4.0-21718's age is harder to guess).
 
-And finally we use releases to as points in time where we remove old code:
+And finally we use releases to as points in time where we remove old
-Once we decide that a certain part of coreboot gets in the way of future
+code: Once we decide that a certain part of coreboot gets in the way of
-development, we announce on the next release that we intend to remove that
+future development, we announce on the next release that we intend to
-part - and everything that depends on it - after the following release.
+remove that part - and everything that depends on it - after the
-So removing feature FOO will be announced in release X for release
+following release. So removing feature FOO will be announced in release
-X+1. The first commit after X+1 is fair game for such removal.
+X for release X+1. The first commit after X+1 is fair game for such
+removal.
 
-Together with our 6 months release horizon, this provides time to plan
+Together with our 3 months release horizon, this provides time to plan
 any migrations necessary to keep older boards in the tree by bringing
 them up to current standards.
 
+## coreboot release team
+To avoid issues of blocking the release on a single person, a release
+team has been formed. Please see the `COREBOOT RELEASES` section of the
+MAINTAINERS file for the current members.
+
+These individuals work together to make sure releases are done on time,
+follow the steps of this document, and update the release processes and
+scripts.
+
+
 ## Needed credentials & authorizations
+
+### coreboot admins only
 * Website access is required to post the release files to the website.
-* IRC admin access is required to update the topic.
+
+### All release team members
+* IRC topic access is required to update the topic.
 * Git access rights are needed to post the tag.
 * Blog post access is needed to do the blog post.
 * A PGP key is required to sign the release tarballs and git tag.
 
-This set of required credentials implies that releases can only be done
+Most of the steps in the release process can be done by anyone on the
-by a coreboot admin.
+release team. Only adding the files to the website needs to be done
+by a coreboot administrator.
 
 ## When to release
-Releases are done roughly on a 6-month schedule, ideally around end
+Releases are done roughly on a 3-month schedule. If a release is
-of April and end of October (can be a bit earlier or delay into May
+delayed, the next release will still be 3 months after the last release.
-or November).
 
-We initially followed a 3 month release schedule, but we found that to
-be more frequent than was needed, so we scaled it back to twice a year.
 
 ## Checklist
+
 ### ~2 weeks prior to release
 - [ ] Announce upcoming release to mailing list, ask people to test and
       to update release notes.
+- [ ] Start marking patches that should to go into the release with a
+      tag "coreboot_release_X.yy"
 
 ### ~1 week prior to release
 - [ ] Send reminder email to mailing list, ask for people to test,
@@ -66,28 +83,53 @@ be more frequent than was needed, so we scaled it back to twice a year.
 - [ ] Finalize release notes as much as possible
 - [ ] Prepare release notes template for following release
 - [ ] Update `Documentation/releases/index.md`
+- [ ] Check which branches need to be released. Any branch with changes
+      should get a new release. Announce these branch releases and
+      prepare release notes.
+
+### Day before release
+- [ ] Make sure patches with tags for the release are merged.
+- [ ] Announce to IRC that the release will be tomorrow and ask for
+      testing.
 - [ ] Run `util/vboot_list/vboot_list.sh` script to update the list of
       boards supported by vboot.
 
 ### Day of release
-- [ ] Select a commit ID to base the release upon, announce to IRC,
+- [ ] Review the full documentation about doing the release below.
-      ask for testing.
+- [ ] Select a commit ID to base the release upon.
 - [ ] Test the commit selected for release.
-- [ ] Submit release notes
+- [ ] Submit last pre-release release notes.
-- [ ] Create new release notes doc template for the next version.
+- [ ] Run the release script.
-- [ ] Fill in the release date, remove "Upcoming release" and other filler
-      from the current release notes.
-- [ ] Run release script.
 - [ ] Test the release from the actual release tarballs.
-- [ ] Push signed Tag to repo.
+- [ ] Push signed Tag to repo. *This is the actual release step.*
+      Once this patch is pushed, the release itself has been done.
+      everything after this step is packaging and delivering the
+      release.
+
 - [ ] Announce that the release tag is done on IRC.
-- [ ] Upload release files to web server.
-- [ ] Also extract the release notes and place them on the web server.
-- [ ] Upload crossgcc sources to web server.
-- [ ] Update download page to point to files, push to repo.
-- [ ] Write and publish blog post with release notes.
 - [ ] Update the topic in the IRC channel that the release is done.
-- [ ] Announce the release to the mailing list.
+
+- [ ] Do the final release notes - Fill in the release date, remove
+      "Upcoming release" and other filler from the current release
+      notes.
+- [ ] ADMIN: Upload release files to web server.
+- [ ] ADMIN: Upload the final release notes to the web server.
+- [ ] ADMIN: Upload crossgcc sources to web server.
+- [ ] Create coreboot-sdk and coreboot-jenkins-node docker images
+      based on the release ID and push them to dockerhub. These
+      can be used as release builders.
+
+### Week following the release
+- [ ] Update download page to point to files, push to repo.
+- [ ] Write and publish blog post with release final notes. Branch
+      releases notes should be included in the same post.
+- [ ] Remove code that was announced it was going to be removed.
+- [ ] Update `Documentation/releases/boards_supported_on_branches.md`
+
+### Creating a branch
+- [ ] Branches are named 4.xx_branch to differentiate from the tags.
+      Instructions on creating branches are listed below.
+
 
 ## Pre-Release tasks
 Announce the upcoming release to the mailing list release 2 weeks ahead
@@ -102,29 +144,30 @@ People should be encouraged to provide additions to the release notes.
 
 The final release notes will reside in coreboot's Documentation/releases
 directory, so asking for additions to that through the regular Gerrit
-process works as well. Note that git requires lots of conflict resolution
+process works as well. Note that git requires lots of conflict
-on heavily edited text files though.
+resolution on heavily edited text files though.
 
 Frequently, we will want to wait until particular things are in the
-release.  Once those are in, you can select the commit ID that you want
+release. Once those are in, you can select the commit ID that you want
-to use for your release.  For the 4.6 release, we waited until we had
+to use for your release. For the 4.6 release, we waited until we had
 time to do the release, then pulled in a few patches that we wanted
-to have in the release.  The release was based on the final of those
+to have in the release. The release was based on the final of those
 patches to be pulled in.
 
 When a release candidate has been selected, announce the commit ID to
 the #coreboot IRC channel, and request that it get some testing, just
 to make sure that everything is sane.
 
+
 ## Generate the release
 After the commit for the release has been selected and verified, run the
-release script - util/release/build-release.  This will download a new
+release script - util/release/build-release. This will download a new
 tree, checkout the commit that you specified, download the submodules,
 create a tag, then generate and sign the tarballs.
 
-Be prepared to type in your PGP key’s passphrase.
+**Be prepared to type in your PGP key’s passphrase.**
 
-````
+```text
 usage: util/release/build-release <version> [commit id] [username] [gpg key id]
 Tags a new coreboot version and creates a tar archive
 
@@ -132,37 +175,41 @@ version:    New version name to tag the tree with
 commit id:  check out this commit-id after cloning the coreboot tree
 username:   clone the tree using ssh://USERNAME - defaults to https://
 gpg key id: used to tag the version, and generate a gpg signature
-````
+```
 
-After running the script, you should have a new directory for the release,
+After running the script, you should have a new directory for the
-along with 4 files - 2 tarballs, and 2 signature files.
+release, along with 4 files: 2 tarballs, and 2 signature files.
 
-````
+```text
 drwxr-xr-x   9 martin martin      4096 Apr 30 19:57 coreboot-4.6
 -rw-r--r--   1 martin martin  29156788 Apr 30 19:58 coreboot-4.6.tar.xz
 -rw-r--r--   1 martin martin       836 Apr 30 19:58 coreboot-4.6.tar.xz.sig
 -rw-r--r--   1 martin martin   5902076 Apr 30 19:58 coreboot-blobs-4.6.tar.xz
 -rw-r--r--   1 martin martin       836 Apr 30 19:58 coreboot-blobs-4.6.tar.xz.sig
-````
+```
 
 Here’s the command that was used to generate the 4.6 release:
-````
+```bash
-% util/release/build-release 4.6 db508565 Gaumless 3E4F7DF7
+util/release/build-release 4.6 db508565 Gaumless 3E4F7DF7
-````
+```
+
 
 ## Test the release from the tarballs
 * Run “make what-jenkins-does” and verify that everything is building.
 * Build and test qemu
-  ````
+```bash
-  cp configs/config.emulation_qemu_x86_i440fx .config; make olddefconfig; make
+cp configs/config.emulation_qemu_x86_i440fx .config
-  qemu-system-x86_64 -bios build/coreboot.rom -serial stdio
+make olddefconfig
-  ````
+make
+qemu-system-x86_64 -bios build/coreboot.rom -serial stdio
+```
 * Build and test any other platforms you can.
-* Compare the directory from the tarballs to the coreboot repo to make sure nothing went wrong.
+* Compare the directory from the tarballs to the coreboot repo to make
+  sure nothing went wrong.
 * Push the tag to git
 
 A good tag will look like this:
-````
+````text
 % git show 4.6
 tag 4.6
 Tagger: Martin Roth <martinroth@google.com>
@@ -183,33 +230,44 @@ commit db508565d2483394b709654c57533e55eebace51 (HEAD, tag: 4.6, origin/master,
 ...
 ````
 
-When you used the script to generate the release, a signed tag was generated in the
+When you used the script to generate the release, a signed tag was
-tree that was downloaded. From the coreboot-X.Y tree, just run: `git push origin X.Y`.
+generated in the tree that was downloaded. From the coreboot-X.Y tree,
-In case you pushed the wrong tag already, you have to force push the new one.
+just run: `git push origin X.Y`. In case you pushed the wrong tag
+already, you have to force push the new one.
 
 You will need write access for tags to the coreboot git repo to do this.
 
+
 ## After the release is tagged in git
 Announce that the release has been tagged - this lets people know that
-they should update their trees to grab the new tag.  Until they do this,
+they should update their trees to grab the new tag. Until they do this,
 the version number in build.h will still be based on the previous tag.
 
 Copy the tarballs and .sig files generated by the script to
 the coreboot server, and put them in the release directory at
 `/srv/docker/www.coreboot.org-staticfiles/releases/`
 
-````
+````bash
-% sha256sum -b coreboot-*.tar.xz > sha256suma.txt # Update the sha256sum file
+# Update the sha256sum file
-% diff sha256sum.txt sha256suma.txt # make sure that the two new files are present (and that nothing else has changed)
+sha256sum -b coreboot-*.tar.xz > sha256suma.txt
-% mv sha256suma.txt sha256sum.txt
+
+# make sure the two new files are present (and nothing else has changed)
+diff sha256sum.txt sha256suma.txt
+
+mv sha256suma.txt sha256sum.txt
 ````
 
 People can now see the release tarballs on the website at
 <https://www.coreboot.org/releases/>
 
-The downloads page is the official place to download the releases from, and it needs to be updated with links to the new release tarballs and .sig files. It can be found at <https://review.coreboot.org/cgit/homepage.git/tree/downloads.html>
+The downloads page is the official place to download the releases from,
+and it needs to be updated with links to the new release tarballs and
+.sig files. It can be found at:
+<https://review.coreboot.org/cgit/homepage.git/tree/downloads.html>
+
+Here is an example commit to change it:
+<https://review.coreboot.org/c/homepage/+/19515>
 
-Here is an example commit to change it: <https://review.coreboot.org/c/homepage/+/19515>
 
 ## Upload crossgcc sources
 Sometimes the source files for older revisions of
@@ -219,24 +277,32 @@ sources used by the crossgcc scripts that are part of coreboot releases.
 
 Run
 
-````
+````bash
-% util/crossgcc/buildgcc -u
+util/crossgcc/buildgcc -u
 ````
 
 This will output the set of URLs that the script uses to download the
 sources. Download them yourself and copy them into the crossgcc-sources
 directory on the server.
 
+
 ## After the release is complete
-Post the release notes on <https://blogs.coreboot.org>
+Post the final release notes on <https://blogs.coreboot.org>
+
 
 ## Making a branch
 At times we will need to create a branch, generally for patch fixes.
-When making a branch, do NOT name it the same as the release tag: X.Y - this creates trouble when trying to check it out, as git can’t tell whether you want the tag or the branch.
+When making a branch, do NOT name it the same as the release tag: X.Y -
-Instead, name it X.Y\_branch: `git checkout 4.8; git checkout -b 4.8_branch; git push origin 4.8_branch`
+this creates trouble when trying to check it out, as git can’t tell
+whether you want the tag or the branch. Instead, name it X.Y\_branch:
+```bash
+git checkout 4.8
+git checkout -b 4.8_branch
+git push origin 4.8_branch
+```
 
 You can then cherry-pick changes and push them up to the branch:
-````
+````bash
 git cherry-pick c6d134988c856d0025153fb885045d995bc8c397
 git push origin HEAD:refs/for/4.8_branch
 ````