logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

how-to-fuck-up-releases.md (4543B)

    

  1. ---
  2. date: 2019-10-12
  3. title: How to fuck up software releases
  4. layout: post
  5. tags: [practices]
  6. ---
  8. I manage releases for a bunch of free & open-source software. Just about every
  9. time I ship a release, I find a novel way to fuck it up. Enough of these
  10. fuck-ups have accumulated now that I wanted to share some of my mistakes and how
  11. I (try to) prevent them from happening twice.
  13. At first, I did everything manually. This is fine enough for stuff with simple
  14. release processes - stuff that basically amounts to tagging a commit, pushing
  15. it, and calling it a day. But even this gets tedious, and I'd often make a
  16. mistake when picking the correct version number. So, I wrote a small script:
  17. [semver](https://git.sr.ht/~sircmpwn/dotfiles/tree/master/bin/semver). `semver
  18. patch` bumps the patch version, `semver minor` bumps the minor version, and
  19. `semver major` bumps the major version, based on semantic versioning. I got into
  20. the habit of using this script instead of making the tags manually. The next
  21. fuckup soon presented itself: when preparing the
  22. [shortlog](https://git-scm.com/docs/git-shortlog), I would often feed it the
  23. wrong commits, and the changelog would be messed up. So, I updated the script to
  24. run the appropriate shortlog command and pre-populate the annotated tag with it,
  25. launching the editor to adjust the changelog as necessary.
  27. Soon I wanted to apply this script to other projects, but not all of them used
  28. semantic versioning. I updated it to work for projects which just use
  29. `major.minor` versions as well. However, another problem arose: some projects
  30. have the version number specified in the Makefile or meson.build. I would
  31. frequently fuck this up in many creative ways: forgetting it entirely; updating
  32. it but not committing it; updating it and committing it, but tagging the wrong
  33. commit; etc. [wlroots](https://github.com/swaywm/wlroots) in particular was
  34. difficult because I also had to update the soversion, which had special
  35. requirements. To address these issues, I added a custom `.git/_incr_version`
  36. script which can add additional logic on a per-repo basis, and updated semver to
  37. call this script if present.[^1]
  39. Eventually, I went on vacation and shipped a release while I was there. The
  40. `_incr_version` script I had put into `.git` on my home workstation wasn't
  41. checked into version control and didn't come with me on vacation, leading to yet
  42. another fucked up release. I moved it from `.git/_incr_version` to
  43. `contrib/_incr_version`. I made the mistake, however, of leaving the old path in
  44. as a fallback, which meant that I never noticed that *another* project's script
  45. was still in `.git` until I went on another vacation and fucked up another
  46. release. Add a warning which detects if the script is at the old path...
  48. Some of my projects don't use semantic versioning at all, but still have all of
  49. these other gotchas, so I added an option to just override the automatic version
  50. increment with a user-specified override. For a while, this worked well. But,
  51. inevitably, no matter how much I scripted away my mistakes I would always find a
  52. new and novel way of screwing up. The next one came when I shipped a release
  53. while on an Alpine Linux machine, which ships Busybox instead of GNU tools.
  54. Turns out Busybox gzip produces output which does not match the GNU output,
  55. which means the tarballs I signed locally differed from the ones generated by
  56. Github. Update the signing script to save the tarball to disk (previously,
  57. it lived in a pipe) and upload these alongside the releases...[^2]
  59. Surely, there are no additional ways to fuck it up at this point. I must have
  60. every base covered, right? Wrong. Dead wrong. On the very next release I
  61. shipped, I mistakenly did everything from a feature branch, and shipped
  62. experimental, incomplete code in a stable release. Update the script to warn if
  63. the master branch isn't checked out... Then, of course, another fuckup: I tagged
  64. a release without pulling first, and when I pushed, git happily rejected my
  65. branch and accepted the tag - shipping an outdated commit as the release. Update
  66. the script to `git pull` first...
  68. I am doomed to creatively outsmart my tools in releases. If you'd like to save
  69. yourself from some of the mistakes I've made, you can [find my semver script
  70. here](https://git.sr.ht/~sircmpwn/dotfiles/tree/master/bin/semver).
  72. [^1]: Each of these `_incr_version` scripts proved to have many bugs of their own, of course.
  73. [^2]: Eli Schwartz of Arch Linux also sent a patch to Busybox which made their gzip implementation consistent with GNU's.