Document control
Procedure reviews
The following table is updated after every review of this procedure.
Table of contents
Overview
The procedure describes the process to add a new product, or a new release of an existing product to the UMD repositories.
Definitions
Please refer to the EGI Glossary for the definitions of the terms used in this procedure.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
Entities involved in the procedure
- Product team: The developer, or the team of developers, who is responsible for maintaining a software and producing the new releases.
- Release manager: The representative of the Software provisioning (UMD) team
- Beta testers
Requirements
The prerequisites are:
- The product team releasing the software has already provided the information to fill the product ID Card as described in the links below:
- Development teams should follow Instructions for Technology Providers
Triggers
Steps for the validation of individual product releases
Note: The whole process should not last longer than 2 months without providing any information to the product team about delays through the GGUS ticket.
Step# | Responsible | Action | Notes | |
---|---|---|---|---|
1.1 | Product team | Writes an email to URT or Submits a GGUS ticket for the "EGI Software provisioning support" support unit with the following information
| ||
1.2 | Release manager | Modifies the product metadata (JSON file). Product release is injected in the EGI SW provisioning infrastructure. | This action must be completed within 5 working days after step 1. | |
1.3 | Software provisioning team | Software validation
| This action must start within one month after step 2 is completed.
This action must be completed in one week.
| |
1.4 | Release manager Beta testers | Staged rollout
| ||
1.5 | Release manager | Candidate Release preparation
| In case of rejection of a release, the GGUS ticket is updated and Product Team informed. | |
1.6 | Release manager | Product release
|
Steps for the release of UMD updates
Notes: Details of steps for preparing a new UMD release.
When a new release is ready, the UMD team should create a Change Request ticket to inform EGI Operations about the upcoming release; when the request is approved, then the new release can be announced.
Step# | Responsible | Action | Notes | |
---|---|---|---|---|
2.1 | Release manager | Prepare new releases making sure all documentation is properly filled. | New products that pass both the verification and stage rollout steps are ready to be deployed into production, The products that pass those steps are added to the release branch of the dev instance: https://repository.egi.eu/software/umd/ UMD release metadata will be published in the UMD Repository and must cover the following sections:
| |
2.2 | Release manager | Check for security vulnerabilities affecting existing products | Use the Vulnerabilities Dashboard, and contact SVG (Software Vulnerability Group) about any advisories on any pending security vulnerabilities that require cross-linking
| |
2.3 | Software provisioning team | Produce release candidate | Push from dev instance to candidate (repo_sync) | |
2.4 | Software provisioning team | Submit a Change Request (CR) to the Jira CHM to propose the new release with a list of all products | ||
2.5 | EGI Operations | approve/reject new release (Move ticket) | verify the list of products included and the related release notes | |
2.6 | Software provisioning team | Test release candidate | The release candidate is automatically tested for installability and dependency problems.
| |
2.7 | Software provisioning team | Deploy release into production and change the ticket status accordingly | Post-release actions perform some housekeeping in the UMD release management area, including:
| |
2.8 | EGI Operations | Broadcast the UMD/CMD release announcement to the relevant stakeholders |
Emergency release
Definition of emergency release
An emergency release is the process of releasing one product, or a set of product, with the targeted goal of solve a specific problem that affects the EGI infrastructure. To qualify the problem for an emergency release the problem should be classified in at least one of the following categories:
- Major incident
- Critical security vulnerability
Steps for emergency release
Step# | Responsible | Action | Notes | |
---|---|---|---|---|
3.1 | Product team | Submits a GGUS ticket for the "EGI Software provisioning support" support unit with the following information:
| ||
3.2 | As requested | Follow the steps of the Steps for the validation of individual product releases from step 1.2
| ||
3.3 | As requested | Follow the Steps for the release of a UMD update | All the steps should be properly executed | |
3.4 | EGI Operations | Communicate to the relevant stakeholders the availability of the new product(s) release | Depending on the nature of the problem solved, and on the urgency, the release manager will contact the EGI Security Vulnerability Group, or produce a broadcast to invite service managers to upgrade to the new version. |