QA and Release version 0.7.0

[almet]

Pre-release

Before making a release, all of these should be complete:

• Copy the entirety of these instructions onto a new issue and call it QA and Release version <VERSION>
• Add new Linux platforms and remove obsolete ones
• Bump the Python dependencies using poetry lock
• Check for official PySide6 versions
• Update version in pyproject.toml
• Update share/version.txt
• Update the "Version" field in install/linux/dangerzone.spec
• Update screenshot in README.md, if necessary
• CHANGELOG.md should be updated to include a list of all major changes since the last release
• Create a PGP-signed git tag for the version, e.g., for dangerzone v0.1.0:

QA

• Make sure that the tip of the main branch passes the CI tests.
• Make sure that the Apple account has a valid application password and has
  agreed to the latest Apple terms (see macOS release
  section).
• Create a test build in Windows and make sure it works:
  • Check if the suggested Python version is still supported.
  • Create a new development environment with Poetry.
  • Build the container image and ensure the development environment uses
    the new image.
  • Run the Dangerzone tests.
  • Build and run the Dangerzone .exe
  • Test some QA scenarios (see Scenarios below).
• Create a test build in macOS (Intel CPU) and make sure it works:
  • Check if the suggested Python version is still supported.
  • Create a new development environment with Poetry.
  • Build the container image and ensure the development environment uses
    the new image.
  • Run the Dangerzone tests.
  • Create and run an app bundle.
  • Test some QA scenarios (see Scenarios below).
• Create a test build in macOS (M1/2 CPU) and make sure it works:
  • Check if the suggested Python version is still supported.
  • Create a new development environment with Poetry.
  • Build the container image and ensure the development environment uses
    the new image.
  • Run the Dangerzone tests.
  • Create and run an app bundle.
  • Test some QA scenarios (see Scenarios below).
• Create a test build in the most recent Ubuntu LTS platform (Ubuntu 24.04
  as of writing this) and make sure it works:
  • Create a new development environment with Poetry.
  • Build the container image and ensure the development environment uses
    the new image.
  • Run the Dangerzone tests.
  • Create a .deb package and install it system-wide.
  • Test some QA scenarios (see Scenarios below).
• Create a test build in the most recent Fedora platform (Fedora 40 as of
  writing this) and make sure it works:
  • Create a new development environment with Poetry.
  • Build the container image and ensure the development environment uses
    the new image.
  • Run the Dangerzone tests.
  • Create an .rpm package and install it system-wide.
  • Test some QA scenarios (see Scenarios).
• Create a test build in the most recent Qubes Fedora template (Fedora 39 as
  of writing this) and make sure it works:
  • Create a new development environment with Poetry.
  • Run the Dangerzone tests.
  • Create a Qubes .rpm package and install it system-wide.
  • Ensure that the Dangerzone application appears in the "Applications"
    tab.
  • Test some QA scenarios (see Scenarios below) and make sure
    they spawn disposable qubes.

Release

macOS Release

• Verify and install the latest supported Python version from python.org
• Verify and checkout the git tag for this release
• Run poetry install
• Run poetry run ./install/macos/build-app.py; this will make dist/Dangerzone.app
• Run poetry run ./install/macos/build-app.py --only-codesign; this will make dist/Dangerzone.dmg
• Notarize it: xcrun notarytool submit --apple-id "<email>" --keychain-profile "dz-notarytool-release-key" dist/Dangerzone.dmg
• Wait for it to get approved, check status with: xcrun notarytool info <REQUEST_UUID> --apple-id "<email>" --keychain-profile "dz-notarytool-release-key"
• After it's approved, staple the ticket: xcrun stapler staple dist/Dangerzone.dmg
• Rename Dangerzone.dmg to Dangerzone-$VERSION.dmg.

Windows Release

Releasing and Signing

• Verify and checkout the git tag for this release
• Run poetry install
• Copy the container image into the VM
• Run poetry run .\install\windows\build-app.bat
• When you're done you will have dist\Dangerzone.msi
• Rename Dangerzone.msi to Dangerzone-$VERSION.msi.

Linux release

Debian/Ubuntu

For each supported debian and ubuntu version:

• Build the latest container
• Create a .deb file
• Publish the .deb under ./deb_dist to the
  freedomofpress/apt-tools-prod
  repo, by sending a PR. Follow the instructions in that repo on how to do so.

Fedora

For each supported fedora version:

• Build the latest container
• Create a .rpm file
• Publish the .deb under ./deb_dist to the
  freedomofpress/yum-tools-prod
  repo, by sending a PR. Follow the instructions in that repo on how to do so.

Qubes

• Create a .rpm for Qubes

and similarly publish it to the freedomofpress/yum-tools-prod
repo.

Publishing the Release

To publish the release:

• Create an archive of the Dangerzone source in tar.gz format
• Run container scan on the produced container images (some time may have passed since the artifacts were built)
• Collect the assets in a single directory, calculate their SHA-256 hashes, and sign them.
• Create a new draft release on GitHub and upload the macOS and Windows installers.
• Upload the container.tar.gz i686 image that was created in the previous step
• Upload the detached signatures (.asc) and checksum file.
• Update the Dangerzone website to link to the new installers and signatures
• Update the brew cask release of Dangerzone with a PR like this one
• Update version and download links in README.md

Post-release

• Toot release announcement on our mastodon account @dangerzone@fosstodon.org
• Extend the check_repos.yml CI test for the newly added platforms

[apyrgio]

Woo hoo, we have a 0.7.0 release issue! I see that you copy-pasted everything, but I think it's better if we just copy the checklists. See the previous release issues as well on what we keep.