prepare 0.17.0 release

[roypat]

Summary of the PR

Everything in the 0.17.0 milestone is done, and virtiofsd and firecracker would like to start using some of the stuff we added since 0.16.0, so let's do a release.

cc @bonzini @XanClic

Requirements

Before submitting your PR, please make sure you addressed the following
requirements:

• All commits in this PR have Signed-Off-By trailers (with
  git commit -s), and the commit message has max 60 characters for the
  summary and max 75 characters for each description line.
• All added/changed functionality has a corresponding unit/integration
  test.
• All added/changed public-facing functionality has entries in the "Upcoming
  Release" section of CHANGELOG.md (if no such section exists, please create one).
• Any newly added unsafe code is properly documented.

[roypat]

mh, just noticed that i forgot to actually give hanna github permissions, but I cant do it right now because github demands 2FA and my phone is installing an iOS update right now. sigh.

[stefano-garzarella]

mh, just noticed that i forgot to actually give hanna github permissions, but I cant do it right now because github demands 2FA and my phone is installing an iOS update right now. sigh.

I just invited @XanClic with the admin permissions

[roypat]

mh, just noticed that i forgot to actually give hanna github permissions, but I cant do it right now because github demands 2FA and my phone is installing an iOS update right now. sigh.

I just invited @XanClic with the admin permissions

thanks!

[XanClic]

I think the publish workflow could use a dedicated PR, but in any case it looks good to me. I don’t know much about github workflows, but cross-checking it with the documentation, it looks reasonable, and it’s also basically exactly https://crates.io/docs/trusted-publishing.

Just one question: What would a dedicated release environment mean? It’s honestly hard for me to understand the documentation on that, it’s just the “Optional: for enhanced security” making me ask “who wouldn’t want that”. It says an environment allows setting up additional “rules”, but could those rules then require reviews for pushing a v* tag / creating a relase on github? Or would it just be useful if we needed to put a secret there (which isn’t necessary)?

[roypat]

I think the publish workflow could use a dedicated PR, but in any case it looks good to me. I don’t know much about github workflows, but cross-checking it with the documentation, it looks reasonable, and it’s also basically exactly https://crates.io/docs/trusted-publishing.

Ah, heh, sorry, I should've put some more context on that. We're slowing moving to enable the trusted publishing on the rust-vmm crates and have kinda just been enabling it crate-by-crate whenever we happened to be doing releases recently. so the workflow file is pretty much copied from the ones we have in linux-loader, kvm-bindings and kvm-ioctls (or well, they're all auto-generated by this script that I need to finish up at some point: rust-vmm/rust-vmm-ci#189).

Just one question: What would a dedicated release environment mean? It’s honestly hard for me to understand the documentation on that, it’s just the “Optional: for enhanced security” making me ask “who wouldn’t want that”. It says an environment allows setting up additional “rules”, but could those rules then require reviews for pushing a v* tag / creating a relase on github? Or would it just be useful if we needed to put a secret there (which isn’t necessary)?

I admittedly don't really know what the environment thing entails. We haven't enabled it on any of the other crates where we set this up yet

[XanClic]

Got it, thanks!

[bonzini]

@roypat AIUI, to do the release someone needs to push the tag?

[roypat]

@roypat AIUI, to do the release someone needs to push the tag?

Ack, will do tomorrow evening!