This document is based on the discussion: new method for contributed project releases and versions. It is a work-in-progress summary of various discussions. Project owners will edit this document in place. Others may leave comments which will be deleted after they are incorporated into the document.
Project Title: Versioning and release process for contributed projects
Project Owners: dww, killes, merlinofchaos
Updated: Fri Jun 30 14:41:11 2006
Note: The scope of this effort encompasses anything that lives in the CVS /contributions/* directory and is also released to the public (such as modules and themes).
Problem
Standardizing and, ideally, automating the versioning/release process for contributed projects.
Proposed solution/workflow
- Code Completed - Project owner finishes and thoroughly tests his new release.
- CVS Tag - Project owner tags his project. Contributed projects will adhere to standard CVS tagging convention for each release. The precise format of this version number is still under debate. The first version of a 4.7 contrib module will likely be one of: modulename-4.7-1.0 or modulename-4.7.x-1.0. Jeff Robbins has suggested making a web interface for this portion of the process. A module author would only have to log in and indicate that his code is ready to be tagged/released.
-
Release Creation - "Add Release Tool" (ART) - This will be a web page [TBD: built into project module?] that will allow contrib authors to publish tagged releases of their projects. Author will specify the following:
- Version - ie, mymodule_4.7.x-1.0
- Release notes - In addition to any CHANGELOG or RELEASE files included with the code, authors will be required to provide notes via ART to explain what has changed in the latest release.
- ART may also include a static value (configurable by project owner) which represents the CVS tag from which nightly builds should be generated.
- Security related - boolean value indicating whether the release is critical and/or security related.
- Additional dependencies - any new dependencies (TBD: is this necessary?)
- Recommended - boolean (TBD: if this is not a recommended bug/security fix, why is it even a release and not just part of the next version?)
- Release Approval - After a Project Owner submits his new release via ART, the information is stored in the DB ({project_releases}). Via ART admin interface (TBD), the "ART admin" will be responsible for reviewing potential releases and approving them for final release. (TBD: is this step even needed? IMHO, a project owner is the only one who should be responsible for deciding if a given set of code changes is worthy of a new release. who, exactly, is supposed to review all the requests for point releases from the hundreds of contributed projects on drupal.org? i'm sure killes wouldn't want to do that, and neither would i... -dww)
-
Release Packaging - "cron job" (TBD) periodically queries the {project_releases} table for entries that don't have the "tarball-built" bit set
- Generate Downloadable Package - Tarball (.tgz) generated.
- Update DB - Updates {project_releases} to set the "tarball made" bit.
- Release Notification - In addition to the module being made available for download, other actions may take place when a release is created. These may include mailing list notifications or updates to 'latest versions' lists. This will be the last component of the process and may be outside the scope of this initial effort.
- Download Pages Update - The various project download pages query {project_releases} table for matching pid (project id) that has the "tarball" bit set, and displays those.
- Version Listenings - Current versions for all supported Drupal releases plus development builds are listed on the front page. Additionally, older releases can be listed from a 'view older releases' link. [edited by merlinofchaos]
Add your comments
Please specify the number of the item you're commenting on. Your comment will be deleted after it has been addressed. Keep it simple and brief. To discuss this in detail or become involved, contact one of the project owners.
Comments
why i proposed a "update recommended" bit for releases
re: #3 Release Creation, subpoint 6 -- the "recommended" bool...
if this is not a recommended bug/security fix, why is it even a release and not just part of the next version?
here are a few examples:
i can see all sorts of reasons a maintainer might want to make a new release yet not believe that every user of their module should immediately upgrade. however, in addition to security updates (addressed via subpoint #4), i can see the need to flag releases that fix critical/serious bugs where the project maintainer recommends all users upgrade ASAP.
that's the idea, at least. :)
-derek
thoughts on web interface for tagging project releases
on the 1 hand, that might help project maintainers who aren't familiar with CVS to get this step right. however, the downsides are that:
overall, i'm definitely opposed. furthermore, this proposal belongs in a separate discussion. if/when enough people care about this to work on it, it can and should be done after everything else is working. there's definitely no need to work on this before everything else is done. :)
thanks,
-derek