aboutsummaryrefslogtreecommitdiffstats
path: root/docs/doing-a-release.rst
blob: 0087ec59e38984c6a98182ab3fca2fe121e5bdb8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
Doing a release
===============

Doing a release of ``cryptography`` requires a few steps.

Verifying and upgrading OpenSSL version
---------------------------------------

The release process uses a static build for Windows and OS X wheels. Check that
the Windows and OS X Jenkins builders have the latest version of OpenSSL
installed before performing the release. If they do not:

Upgrading Windows
~~~~~~~~~~~~~~~~~

Run the ``openssl-release`` Jenkins job, then copy the resulting artifacts to
the Windows builders and unzip them in the root of the file system.

Upgrading OS X
~~~~~~~~~~~~~~

``brew update`` and then ``brew upgrade openssl --universal --build-bottle`` to
build a universal library (32-bit and 64-bit) compatible with all Intel Macs.
This can be confirmed by using
``lipo -info /usr/local/opt/openssl/lib/libssl.dylib`` to see the available
architectures.

Bumping the version number
--------------------------

The next step in doing a release is bumping the version number in the
software.

* Update the version number in ``src/cryptography/__about__.py``.
* Update the version number in ``vectors/cryptography_vectors/__about__.py``.
* Set the release date in the :doc:`/changelog`.
* Do a commit indicating this.
* Send a pull request with this.
* Wait for it to be merged.

Performing the release
----------------------

The commit that merged the version number bump is now the official release
commit for this release. You will need to have ``gpg`` installed and a ``gpg``
key in order to do a release. Once this has happened:

* Run ``invoke release {version}``.

The release should now be available on PyPI and a tag should be available in
the repository.

Verifying the release
---------------------

You should verify that ``pip install cryptography`` works correctly:

.. code-block:: pycon

    >>> import cryptography
    >>> cryptography.__version__
    '...'
    >>> import cryptography_vectors
>>> cryptography_vectors.__version__
        '...'

Verify that this is the version you just released.

For the Windows wheels check the builds for the ``cryptography-wheel-builder``
job and verify that the final output for each build shows it loaded and linked
the expected OpenSSL version.

Post-release tasks
------------------

* Update the version number to the next major (e.g. ``0.5.dev1``) in
  ``cryptography/__about__.py`` and
  ``vectors/cryptography_vectors/__about__.py``.
* Add new :doc:`/changelog` entry with next version and note that it is under
  active development
* Send a pull request with these items
* Check for any outstanding code undergoing a deprecation cycle by looking in
  ``cryptography.utils`` for ``DeprecatedIn**`` definitions. If any exist open
  a ticket to increment them for the next release.
* Send an email to the `mailing list`_ and `python-announce`_ announcing the
  release.

.. _`mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _`python-announce`: https://mail.python.org/mailman/listinfo/python-announce-list