Skip to content

Latest commit

 

History

History
101 lines (81 loc) · 6.32 KB

RELEASING.md

File metadata and controls

101 lines (81 loc) · 6.32 KB

Releasing

Main Release

Pre release

These tasks use checkboxes so that they can be copied into an issue.

Release Process

  • Run the workflow Prepare Release Main Version, to prepare the release. It creates a pull request updating the version;
  • Finish the following tasks in the pull request:
    • Release add-ons.
    • Update main add-ons declared in main-add-ons.yml:
      • Add new add-ons.
      • Remove add-ons no longer needed.
      • Update add-ons with the task mentioned in main-add-ons.yml.
    • Update SECURITY.md to mention the latest version.
    • Update the version of the snap and the source file in snapcraft.yaml.
  • Merge the pull request, to create the tag and the draft release (done by Release Main Version);
  • Create the macOS release on a Mac (requires hdiutil):
    • Check out the tag: e.g. git checkout tags/v2.12.0
    • Run ./gradlew :zap:distMac
    • Verify it locally
    • Upload it to the release and update the README with the hash
  • Verify the draft release.
  • Publish the release.
  • Regenerate and publish the Weekly and Live releases.
  • Update the Linux Repos

Once published the Handle Release workflow will trigger the update of the marketplace with the new release, it will also create a pull request preparing the next development iteration.

Localized Resources

The resources that require localization (e.g. Messages.properties, vulnerabilities.xml) are uploaded to the OWASP ZAP projects in Crowdin when the main release is released, if required (for pre-translation) the resources can be uploaded manually at any time by running the workflow Crowdin Upload Files.

The resulting localized resources are added/updated in the repository periodically (through a workflow in the zap-admin repository).

Post Release

  • Publish blog post
  • Update latest News file to point to blog / release notes?
  • Announce on
    • ZAP User and Dev groups
    • @zaproxy twitter account
    • OWASP Slack
  • Release client APIs
  • Update major projects using ZAP
  • Update 3rd Party Package Managers
  • Update bugcrowd scope

Weekly Release

The following steps should be followed to release the weekly:

  1. Run the workflow Release Weekly, to create the tag and the draft release;
  2. Verify the draft release;
  3. Publish the release.

Once published the Handle Release workflow will trigger the update of the marketplace with the new release.

Docker Images

The image owasp/zap2docker-live is automatically built from the default branch.

The images owasp/zap2docker-weekly, owasp/zap2docker-stable, and owasp/zap2docker-bare are automatically built after the corresponding release to the marketplace.
The images owasp/zap2docker-stable and owasp/zap2docker-bare are built at the same time.

They can still be manually built by running the corresponding workflow: