WIP: maintenance workflow documentation #262
Conversation
…gorise change types
…aims of maintainers and contributors
Ocramius
added
Build
Co-Authored-By: Ocramius <ocramius@gmail.com>
Co-Authored-By: Ocramius <ocramius@gmail.com>
|
@jwage can you please talk about this workflow with @doctrine/team-mongodb-odm? I think ORM and ODM are quite different right now, but if we build an automation, we should unify the workflows. @SenseException I marked it as WIP because it is incomplete, but I don't remember what's missing. Can you check it again, please? |
|
We'll discuss this at the next ODM hangout. |
|
I think the biggest difference is that ODM's version description is usually linking to CHANGELOG.md which contains description of what changed (and we usually craft it manually). And I personally use github to tag a new release instead of console :) |
Good one! What do we do about
We need signed tags for our releases, especially with the size of our audience. This isn't feasible via Github UI... |
|
So in ODM we always write an entry in CHANGELOG before tagging new release, they usually look like this - list there not always contains all PRs merged, because some are not worthy mentioning (i.e. docs). Sometimes we put more info to the changelog, that usually happens for a minor release (like this one). Bugfix release notes follow this scheme (copy-paste-fix links):
I can change my ways, no problem 👍 |
I don't want to impede your work, hence my strong focus on automation in this documentation. At some point, I'd like to remove humans from the release process in this organisation. |
That was about signing tags and not using github UI ;) FWIW I think maintaing changelog is better as it's easily grep-able. |
| Each of the following steps are documented for humans to perform them | ||
| manually, but maintainers and contributors are highly encouraged to try | ||
| and automate them away into tooling that is commonly available across | ||
| the organisation projects, as well as the community at large. |
There was a problem hiding this comment.
We also talked about automating PR merges, after passed builds and approvals (and i.e. no blocking label).
Ideally we should also guard automatic merges by Roave/BackwardCompatibilityCheck that would block auto-merge (ideally as a separate CI integration, not part of the Travis build directly).
There was a problem hiding this comment.
Yeah, Roave BC is a bit too strict, but we can add our (laxer) rules to CI. Also, I need to make it faster before it is introduced.
| ------------------------------------------------ | ||
|
|
||
| The primary role of a maintainer, besides being also a contributor, | ||
| is to sort incoming proposals by their category: |
There was a problem hiding this comment.
As part of this standardization, we SHOULD sync labels across all repositories and also their colors (at least all listed below). Currently it's random.
| or **MINOR** release (depending on team internal agreement). | ||
| Consumers should not rely on ``master`` unless they are prepared | ||
| to adapt their codebase at every potentially breaking change. | ||
| * ``MAJOR.MINOR.x`` - always to be considered the next planned |
There was a problem hiding this comment.
Considering that we currently mostly use MAJOR.MINOR, what is the motivation to use MAJOR.MINOR.x?
There was a problem hiding this comment.
ORM, DBAL and common started using MAJOR.MINOR with 2.2, while the rest either doesn't have enough branches for it to be called a model or are using MAJOR.MINOR.x.
There was a problem hiding this comment.
Fwiw either branch name format works with the website.
|
|
||
| Then it is possible to tag a release. | ||
|
|
||
| Please note that tags *MUST* be signed. Unsigned releases will be |
There was a problem hiding this comment.
| Please note that tags *MUST* be signed. Unsigned releases will be | |
| Please note that tags **MUST** be GPG-signed by either the maintainer's or Doctrine's GPG key. | |
| Unsigned releases will be |
As discussed, as part of automating releases. we may introduce a Doctrine GPG key that will be signed by all maintainers and internally used to create tags.
There was a problem hiding this comment.
I don't like the anonymity of a shared GPG key - anyone could sign a malicious tag and hide between the shared identity. I'd advocate against that and suggest we keep signing with individual keys.
There was a problem hiding this comment.
Wouldn't be anonymous: it would require trust from the doctrine maintainers
There was a problem hiding this comment.
Looking at one tag, would I be able to tell which maintainer signed the tag?
There was a problem hiding this comment.
No, it would be done by tooling, not by a person
There was a problem hiding this comment.
Even if it's done by tooling, as long as it's triggered by a human (./bin/doctrine release a.b.c) it should be signed by that human. Otherwise, there's no significant advantage to signing with the GitHub key, except that we're maintaining our own key for the sake of it.
There was a problem hiding this comment.
Key K is signed as trusted by maintainer A, B, C. Subkey K1 is deployed to a (safe) environment, where the automation takes over tagging and releasing when things are triggered. There won't be a ./bin/doctrine release a.b.c: the aim is to remove it, and completely automate releases as merges happen. Yes, that would be a lot of releases :)
There was a problem hiding this comment.
I don't think that's feasible at all at the current time, hence my opposition to this. Let's take things one at a time. If we ever get to the point where we want to do a release on every merge, we can bring this up again. Until that point, let's leave the original suggestion in: people sign tags with their GPG key instead of relying on GitHubs default key.
There was a problem hiding this comment.
instead of relying on GitHubs default key.
Yeah, this should never be done anyway 👍
Co-Authored-By: Ocramius <ocramius@gmail.com>
Co-Authored-By: Ocramius <ocramius@gmail.com>
Co-Authored-By: Ocramius <ocramius@gmail.com>
|
I think this should also work well for changes in the documentation. |
I don't mind if the commits overlap or not, but they should probably be in the same patch. I don't think it has to do with the maintenance workflow though: we can put it in issue/PR templates, maybe? |
| @@ -31,7 +39,7 @@ locally: | |||
|
|
|||
| .. code-block:: console | |||
|
|
|||
| $ git clone git@github.com:username/doctrine2.git doctrine2-orm | |||
| $ git clone git@github.com:<username>/doctrine2.git doctrine2-orm | |||
There was a problem hiding this comment.
This requires an update due to doctrine/orm#7552.
| @@ -59,16 +67,167 @@ Optionally, add any additional contributor/maintainer forks, e.g.: | |||
|
|
|||
| $ git remote add romanb git://github.com/romanb/doctrine2.git | |||
There was a problem hiding this comment.
This could be reworded to <username> for consistency with the change in git clone ....
|
Gosh, I need to do some research about it, I forget :P |
|
Folks, I can't get to work on this further in the next weeks: is anybody in @doctrine/team-documentation willing to finish this up? |
|
@Ocramius I can take the ball. |
… maintainer workflow Co-Authored-By: Ocramius <ocramius@gmail.com>
|
@jwage thanks! |
| Whilst it is possible to automate some of these decisions, humans | ||
| are still better at categorising these changes due to the amount of | ||
| nuances that are involved in the software development process. | ||
|
|
||
| Branching Model |
There was a problem hiding this comment.
This section needs an update after the decision at the EUFOSSA hackathon. See https://github.com/doctrine/automatic-releases#todos for the process.
This is a stub of the release process that I was slowly putting into words.
As discussed with @carusogabriel and @Majkl578 while at PHP Central Europe, we need to get this automated, and removed from the documentation once that's done (as in: documentation just references the release tool)
TODO: