blob: 0087ec59e38984c6a98182ab3fca2fe121e5bdb8 [file] [log] [blame]
Doing a release
Doing a release of ``cryptography`` requires a few steps.
Verifying and upgrading OpenSSL version
The release process uses a static build for Windows and OS X wheels. Check that
the Windows and OS X Jenkins builders have the latest version of OpenSSL
installed before performing the release. If they do not:
Upgrading Windows
Run the ``openssl-release`` Jenkins job, then copy the resulting artifacts to
the Windows builders and unzip them in the root of the file system.
Upgrading OS X
``brew update`` and then ``brew upgrade openssl --universal --build-bottle`` to
build a universal library (32-bit and 64-bit) compatible with all Intel Macs.
This can be confirmed by using
``lipo -info /usr/local/opt/openssl/lib/libssl.dylib`` to see the available
Bumping the version number
The next step in doing a release is bumping the version number in the
* Update the version number in ``src/cryptography/``.
* Update the version number in ``vectors/cryptography_vectors/``.
* Set the release date in the :doc:`/changelog`.
* Do a commit indicating this.
* Send a pull request with this.
* Wait for it to be merged.
Performing the release
The commit that merged the version number bump is now the official release
commit for this release. You will need to have ``gpg`` installed and a ``gpg``
key in order to do a release. Once this has happened:
* Run ``invoke release {version}``.
The release should now be available on PyPI and a tag should be available in
the repository.
Verifying the release
You should verify that ``pip install cryptography`` works correctly:
.. code-block:: pycon
>>> import cryptography
>>> cryptography.__version__
>>> import cryptography_vectors
>>> cryptography_vectors.__version__
Verify that this is the version you just released.
For the Windows wheels check the builds for the ``cryptography-wheel-builder``
job and verify that the final output for each build shows it loaded and linked
the expected OpenSSL version.
Post-release tasks
* Update the version number to the next major (e.g. ``0.5.dev1``) in
``cryptography/`` and
* Add new :doc:`/changelog` entry with next version and note that it is under
active development
* Send a pull request with these items
* Check for any outstanding code undergoing a deprecation cycle by looking in
``cryptography.utils`` for ``DeprecatedIn**`` definitions. If any exist open
a ticket to increment them for the next release.
* Send an email to the `mailing list`_ and `python-announce`_ announcing the
.. _`mailing list`:
.. _`python-announce`: