The announcement posted for release 1.17.6 see the email was send with the wrong SHAs which mismatch the SHAs we can find in the GitHub release
The issue was identified and post here: https://github.com/kubernetes/sig-release/issues/1093#issuecomment-631663608
the announcement email contains the correct SHAs to match the ones we can find in the GitHub release.
N/A
N/A
N/A
/priority critical-urgent
After an investigation, figured out the issue:
gs://kubernetes-release/archive/anago-v1.17.6/announcement.html I copied by mistake from gs://kubernetes-release-gcb/archive/anago-v1.17.6/announcement.html and that generate a mismatch in the SHAthe SHA for kubernetes.tar.gz in the wrong announcement is 5cd8f0e0bb3806f975c9209657463d87f01f014c783818a3d790d5c779cd02495719f1524dadeb6f4cdd5373fe695b4e5d7c63a51e0a0ed4c06de2350a8707a7
and the SHA in the correct one is 90b10c16aea412c39ea57f6ebb0f5cb74f939089ebad91cdc1a3c2d83890a88305b2e10e9cee4563258c718383be66ee9e90f06c6b07b8d6eb2d11a473ffd670
Apologies if that causes any problem.
@cpanato this seems like a very easy mistake to make and something we should help alleviate with tooling :) I know I personally do not use the release-notify tool and generally copy paste from the links as you do. I think the fix here is to make the notification tool a better experience such that folks running releases don't opt for copy / pasting instead of using it :+1:
Agreed that there's something to be desired in the current workflow.
I think different results are produced for release-notify if you use the --nomock flag.
Echoing @hasheddan, mistakes happen, so don't beat yourself up!
The concern here was the potential that the artifacts has had been tampered with, so I'm glad that's cleared up.
@cpanato -- Please send a follow-up email to the 1.17 announce email, linking this issue. Once that's done, you can close this out.
@kubernetes/release-engineering -- let's turn our attention to reviewing @saschagrunert's PR for krel announce, which should provide a better experience in the future: https://github.com/kubernetes/release/pull/1173
email sent out
/close
@cpanato: Closing this issue.
In response to this:
email sent out
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Does the kubernetes-release-gcb root really need to have a name that's so close to kubernetes-release?
"Next time I will try better" is not an actionable outcome, compared to making the mistake less likely to happen.
@jwatte -- I'm not sure that your feedback is especially helpful in a situation where someone made a mistake.
Here's what I've observed:
I would be curious to hear more about what you consider a more "actionable outcome".
w.r.t. GCS bucket names:
When you create a bucket, you permanently define its name, its geographic location, and the project it is part of.
ref: https://cloud.google.com/storage/docs/moving-buckets
We have limited control over the Google-owned GCS buckets that we currently use staging/releasing Kubernetes.
If you're interested in tracking the massive multi-team, multi-cycle work to move the release process to community-owned infra, you can subscribe to this issue: https://github.com/kubernetes/release/issues/911
Most helpful comment
@jwatte -- I'm not sure that your feedback is especially helpful in a situation where someone made a mistake.
Here's what I've observed:
I would be curious to hear more about what you consider a more "actionable outcome".
w.r.t. GCS bucket names:
ref: https://cloud.google.com/storage/docs/moving-buckets
We have limited control over the Google-owned GCS buckets that we currently use staging/releasing Kubernetes.
If you're interested in tracking the massive multi-team, multi-cycle work to move the release process to community-owned infra, you can subscribe to this issue: https://github.com/kubernetes/release/issues/911