Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-10712

OSSM 3.0.5 & 3.1.2 (At ReleaseCandidate): Prepare release resources and CVEs

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • Sail Operator

      Steps:

      1. Prepare draft pull request for Release of each OSSM/Kiali version to https://gitlab.cee.redhat.com/istio/konflux/ossm and  https://gitlab.cee.redhat.com/istio/konflux/kiali repos (to the default branch) 
        • Create new folder under `releases` folder with release version (you can copy-passed from previous version)
        • Update versions, author and release type
          • release type ==  (RHSA, RHBA, and RHEA)
            • if at least 1 CVE exists => RHSA
        • When the release candidate is available, update the Snapshot info (keep snapshot information up to date and sync with test matrix document during the release process in case more release candidates exist)
      2. Add release notes there and fixed JIRA tickets (not for FBC `Release` resources)
        1. You can use Jira filter for a specific version (do not include internal/qe JIRAs there), e.g. 3.0.3 https://issues.redhat.com/projects/OSSM/versions/12462269 
        2. Add each JIRA to .spec.data.releaseNotes.issues 
      1. Add info about CVEs there (not for FBC `Release` resources)
        1. The fixed CVEs Jira tickets can be found in the CVE Tracker or when you list all issues with the specific target/fix version. ( that CVE issues JIRAs are created by prodsec team)
        2. Add severity to .spec.data.releaseNotes.severity (If more CVEs, use the higher one)
        3. Add info that release contains CVE(s) in .spec.data.releaseNotes.topic
        4. For each CVE:
          1. Add CVE number to .spec.data.releaseNotes.cves
          2. Add Jira number to .spec.data.releaseNotes.issues
          3. Add CVE reference under .spec.data.releaseNotes.references (see previous releases as an example)
          4. Add CVE info to the description under Security Fix (es)
            1. example of release with CVEs: https://gitlab.cee.redhat.com/istio/konflux/ossm/-/blob/3.0.2/releases/release-3.0.2/production/ossm-3.0.2-prod.yaml?ref_type=tags 
      2. Ask DOC team about the review of release notes PRs ( do not merge the PR, it will be merged during pushing to production proces )
        1. they have dedicated subtask (`Review advisory on Konflux`) for that in `(At ReleaseCandidate): [DOC] Release Notes, Known Issues and Bug Fixes ` task

      Examples of PRs from 3.1.2 release

              mkralik@redhat.com Matej Kralik
              mabramov@redhat.com Mikhail Abramov
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: