Release: 5.3.1

[jemrobinson]

✅ Checklist

Refer to the Deployment section of our documentation when completing these steps.

• Consult the data-safe-haven/VERSIONING.md guide and determine the version number of the new release. Record it in the title of this issue
• Create a release branch called e.g. release-v0.0.1
  • If this is a hotfix release then this branch should be based off latest
  • In all other cases it should be based off develop
• Draft a changelog for the release similar to our previous releases

For patch releases only

• Confirm that the resource to which the patch applies can be successfully deployed

For minor releases and above

• Deploy an SHM from this branch and save a transcript of the deployment logs
• Deploy a tier 2 SRE from this branch and save the transcript of the deployment logs
• Deploy a tier 3 SRE from this branch and save the transcript of the deployment logs
• Complete the Security evaluation checklist from the deployment documentation

For major releases only

• Confirm that a third party has carried out a full penetration test evaluating:
  1. external attack surface
  2. ability to exfiltrate data from the system
  3. ability to transfer data between SREs
  4. ability to escalate privileges on the SRD.

Update documentation

• Update supported versions in SECURITY.md
• Update pen test results in VERSIONING.md

Making the release

• Merge release branch into latest
• Create a tag of the form v0.0.1 pointing to the most recent commit on latest (the merge that you just made)
• Publish your draft GitHub release using this tag
• Ensure docs for the latest version are built and deployed on ReadTheDocs
• Push a build to PyPI
• Announce release on communications channels
• Create a PR from latest into develop to ensure that release-specific changes are not lost

🌳 Deployment problems