Skip to content

Latest commit

 

History

History
59 lines (45 loc) · 3.34 KB

RELEASING.md

File metadata and controls

59 lines (45 loc) · 3.34 KB
Raw

Releasing OWASP Dependency-Track

This document describes the process of releasing a new version of Dependency-Track via GitHub Actions.

Pre-Release Checklist

  • Ensure that there is no dependency on SNAPSHOT versions of libraries and frameworks
  • In case the release includes database schema changes or upgrades, ensure that they work with all supported databases
    • Embedded H2
    • Microsoft SQL Server
    • MySQL
    • PostgreSQL
  • Ensure that a changelog entry for the release exists and is complete
  • Bump the version field in docs/_config.yml to the new version
  • When API server and frontend shall be released together
    • Release the frontend first
    • Bump to the frontend.version property in pom.xml according to the new version

Releasing

Release a new major or minor version

  1. Ensure the current state in master is ready to be released
  2. Head over to the Actions tab in GitHub
  3. Select the Release CI entry in the Workflows section
  4. The following UI element will have a button to trigger the workflow. Once clicked, the Use workflow from dialog will appear:

Create a release from master

  1. Ensure that master is selected in the branch dropdown
  2. OPTIONAL. If the version you intend to release differs from the version in the branch you can overwrite it by specifying it in the input variable designated for it
  3. Finally, once all inputs are checked press the Run Workflow button

Release a new bugfix version

  1. Ensure the current state in the release branch is ready to be released
  2. Head over to the Actions tab in GitHub
  3. Select the Release CI entry in the Workflows section
  4. The following UI element will have a button to trigger the workflow. Once clicked, the Use workflow from dialog will appear:

Create a release from a release branch

  1. Ensure that a release branch (e.g. 4.5.x) is selected in the branch dropdown
  2. OPTIONAL. If the version you intend to release differs from the version in the branch you can overwrite it by specifying it in the input variable designated for it
  3. Finally, once all inputs are checked press the Run Workflow button

Post-Release Checklist

  • Collect hashes of all release artifacts (e.g. via checksums.txt attached to GitHub Releases)
    • API server: dependency-track-apiserver.jar, dependency-track-bundled.jar
    • frontend: frontend-dist.zip
  • Collect links for all SBOMs generated during the release (they're attached to GitHub Releases)
  • Create a branch from the latest release branch (e.g. 4.6.x)
    • Update the release changelog with the collected hashes and SBOMs
    • Create PR back into the release branch and get it merged
  • Change the deployment branch for GitHub Pages to the new release branch
  • Update Dependency-Track Version options in issue templates