Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[HIGH] Bump to 4.15.6-0 and update servicing plan #4524

Merged
merged 2 commits into from
Nov 28, 2022

Conversation

compulim
Copy link
Contributor

@compulim compulim commented Nov 17, 2022

Checklist

Build

  1. Bump MockBot to Bot Framework SDK release 4.15.5 (not needed for patch release)
  2. Bump botframework-directlinejs to x.y.z (no newer version)
  3. Bump to 4.15.5
    • Update CHANGELOG.md to mark specific changes in 4.15.5
    • Run npm version --no-git-tag-version 4.15.5
    • Merged into main, the PR number is Bump to 4.15.5 with audit-fix minimatch #4521
    • Commit is df55e01
    • Do not merge any other unrelated changes after this PR. Any other PR merged, will need to be re-tested
  4. Run daily pipeline manually, set "generate release version number" to true
    • (This will not push to NPM or CDN)
    • Pipeline name is BotFramework-WebChat-daily
    • The build number is 329656 and commit is df55e01
  5. Wait for WebChat-release-testing pipeline to complete
    • Pipeline name is Push-Release-Testing-to-GitHub-Pages
    • The release ID is 436
  6. Check component governance and make sure there are no high/critical related to code under /packages/ folder
    • There could be some for projects under /samples/ folder, as they are pointing to previous version of Web Chat
  7. Add manual tests to WebChat-release-testing as needed

Test

The test should run against the build artifacts from Azure Pipelines.

  1. Manual testing on major browsers using webchat-release-testing
    • Before starting testing, update all the browser version to latest
    • Chrome 107.0.5304.107
    • Edge 109.0.1503.0
    • Firefox 106.0.5
    • IE11 (Windows 11 22H2 22623.891)
    • macOS Safari 16.0 (17614.1.25.9.10)
    • iOS Safari 16.1
    • iPadOS Safari 16.1 (20B82)
    • Android Chrome 107.0.5304.105
  2. Test specific fixes related to 4.15.5 and previous releases

Release

  1. Make sure you are on main or qfe branch, run git status to check
  2. git pull
  3. Verify /package.json, /package-lock.json, and CHANGELOG.md has a version of 4.15.5
  4. git log
    • Verify the latest commit is df55e01
  5. git tag v4.15.5
  6. git push -u upstream v4.15.5
    • You do not need to kick off a build again, use the previous build
  7. Create a new GitHub release, copy entries from CHANGELOG.md
    • Subresource Integrity can be generated by
      • From local: for file in $(ls *.js); do echo $file $(cat $file | openssl dgst -sha384 -binary | openssl base64 -A); done
      • From CDN: curl -H 'Accept-Encoding: gzip' https://cdn.botframework.com/botframework-webchat/4.15.5/webchat.js | gunzip - | openssl dgst -sha384 -binary | openssl base64 -A
    • Attach assets including 3 JS files, stats.json and 5 tarballs
      • You can copy the artifacts from webchat-release-testing/drops
      • Tarballs download from npmjs
        curl -LO https://registry.npmjs.org/botframework-directlinespeech-sdk/-/botframework-directlinespeech-sdk-4.15.5.tgz
        curl -LO https://registry.npmjs.org/botframework-webchat/-/botframework-webchat-4.15.5.tgz
        curl -LO https://registry.npmjs.org/botframework-webchat-core/-/botframework-webchat-core-4.15.5.tgz
        curl -LO https://registry.npmjs.org/botframework-webchat-api/-/botframework-webchat-api-4.15.5.tgz
        curl -LO https://registry.npmjs.org/botframework-webchat-component/-/botframework-webchat-component-4.15.5.tgz
        
  8. Kick off release to NPM
    • Release name is [[PROD]]Push-WebChat-to-npmjs
    • The build number is 329656 release number is 43 and commit is df55e01
    • Verify package content then click Resume
    • Retain the release indefinitely
  9. Kick off release to CDN (cutoff at 2PM PST, Mon-Thu only)
    1. Prepare the message for approval
      • If there are any breaking changes, explain in the email if it will affect any customers
      • Release name is [[PROD]]Push-WebChat-to-Prod-CDN-with-approval
      • The build number is 329656, release number is 47 and commit is df55e01
      • Script build number is 320590 (this is fixed)
    2. Send message to approvers
    3. Retain the build indefinitely

Post-release verification - complete within 30 minutes after release to NPM

  • Test using webchat-release-testing
    1. Clone https://github.com/corinagum/WebChat-release-testing/
    2. 01.create-react-app
      1. Nuke 01.create-react-app/node_modules
      2. npm install
      3. npm install botframework-webchat@4.15.5 (just install the bundle package)
      4. npm run build
    3. Others
      • Using script tags from https://github.com/microsoft/BotFramework-WebChat/releases/tag/v4.15.5, with subresource integrity
        <script
          crossorigin="anonymous"
          integrity="sha384-yZ3Ugoikjn2nnqUATWlZR3e2PfDz/fopbI/J77anxs6pnoauHENVS3hObWSAOxmr"
          src="https://cdn.botframework.com/botframework-webchat/4.15.5/webchat.js"
        ></script>
        
        <script
          crossorigin="anonymous"
          integrity="sha384-t278QukjDZq/zQN4GdMwm+wPjb3glhiqydECL5o9le9PfgGwgACfwkARzlGj6GeI"
          src="https://cdn.botframework.com/botframework-webchat/4.15.5/webchat-es5.js"
        ></script>
        
        <script
          crossorigin="anonymous"
          integrity="sha384-L/K5c9oKPS2+VbgxTOXnHL/fQQg9G+agAc1eB3I3t/+XnXdGHOqs8kMB9ViQTSMQ"
          src="https://cdn.botframework.com/botframework-webchat/4.15.5/webchat-minimal.js"
        ></script>
    4. npx serve (at repo root)
    5. Go to http://localhost:5000/ to test, including IE11

Notification to interested parties


Post-release checklist

These are chores that we should do before starting the cycle to reduce ripple effects if we do it in mid-cycle.

Tips:

  • Clean your repo before start
  • Remove node_modules from all folder
    • git clean -fdx
  • Never delete package-lock.json
  • If you mess it up, tableflip and redo
  • In component/package.json
    • Remove reference to botframework-webchat-core by hand-modifying package.json
    • Then, npm install (symlinks will be broken afterward)
    • Then, add those references back by hand-modifying package.json
    • This also applies for other packages with similar dependencies/symlinks
    • To build afterward, do tableflip to rebuild those symlinks

Applies to all releases

This list should be copied to versions in the future.

Applies to major/minor releases

Bump all dependencies to latest version

In PR #4423, we are bumping most dependencies to latest version.

After bumping, if a package broke compatibility, we should investigate:

  • Upgrade our code to use the latest package if possible, otherwise;
  • Add it to package.json/skipBump to prevent bumping deliberately:
    • Skipping bump incur unpredictable technical debts, say, security issue found in the unsupported version, causing us slow to react
    • Plausible reasons (non-exhaustive):
      • Package is not ES5;
      • Package is ESM and requires the whole dependency chain to be upgraded, however, it is technically impossible (unrelated to cost).
  • Run npm run bump
  • Run npm audit fix to make sure everything is fixed
  • Test under IE11 to make sure all dependencies are working
  • List steps to verify bumping microsoft-cognitiveservices-speech-sdk

Update CI/CD pipeline to use latest images

Some pipelines are still using windows-2016 image which will be deprecated soon, we need to update them.

Bump Docker image

The Docker image can be found at root docker-compose.yml and Dockerfile*.

  • Docker container for headless Chrome (#XXX)
    • They recently moved from 3.14.159-xxx tag scheme to a more sensible 87.0 tag scheme
    • Tags can be found at https://hub.docker.com/r/selenium/node-chrome/tags
    • Preferably in separate PR because screenshots change can be large occasionally
    • Run tests locally, as the screenshots can be slightly different
    • Also consider bumping to Edge-based images

@rodrigorodriguez
Copy link

Include this update, please:

warning "botframework-webchat > web-speech-cognitive-services@7.1.2" has incorrect peer dependency "microsoft-cognitiveservices-speech-sdk@~1.17.0".
warning "botframework-webchat > microsoft-cognitiveservices-speech-sdk > asn1.js-rfc2560@5.0.1" has unmet peer dependency "asn1.js@^5.0.0".
warning "botframework-webchat > botframework-webchat-component > @emotion/css > @emotion/babel-plugin@11.10.5" has unmet peer dependency "@babel/core@^7.0.0".
warning "botframework-webchat > botframework-webchat-component > @emotion/css > @emotion/babel-plugin > @babel/plugin-syntax-jsx@7.18.6" has unmet peer dependency "@babel/core@^7.0.0-0".

@compulim
Copy link
Contributor Author

Include this update, please:

warning "botframework-webchat > web-speech-cognitive-services@7.1.2" has incorrect peer dependency "microsoft-cognitiveservices-speech-sdk@~1.17.0". warning "botframework-webchat > microsoft-cognitiveservices-speech-sdk > asn1.js-rfc2560@5.0.1" has unmet peer dependency "asn1.js@^5.0.0". warning "botframework-webchat > botframework-webchat-component > @emotion/css > @emotion/babel-plugin@11.10.5" has unmet peer dependency "@babel/core@^7.0.0". warning "botframework-webchat > botframework-webchat-component > @emotion/css > @emotion/babel-plugin > @babel/plugin-syntax-jsx@7.18.6" has unmet peer dependency "@babel/core@^7.0.0-0".

I am creating a new bug to track this, #4530.

@compulim compulim merged commit 3ac3fca into microsoft:main Nov 28, 2022
@compulim compulim deleted the bump-4.15.6-0 branch November 28, 2022 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants