Mattermost Handbook
Need help?How to spend company moneyHow to update the HandbookRelease overview
0.2.1
0.2.1
  • Mattermost Handbook
  • Company
    • About Mattermost
      • List of terms
      • Business model
      • Mindsets
    • "How to" guides for staff
      • How to set up a 1-1 channel
      • How to update the handbook
      • How to manage Handbook notifications
      • How to change mobile device
        • How to handle a lost mobile device
      • How to do a mini-retrospective
      • How to autolink keywords in Mattermost
  • Operations
    • Company operations
      • Areas of Responsibility
      • Mattermost Leadership Team (MLT)
        • MLT cadence
      • Company measures
        • Metrics definitions
        • FY23 goals board
        • MLT metrics
      • Company cadence
      • Company policies
        • Community response policy
        • Security policy
      • Company processes
        • Issue/solution process
        • Company agreements
        • Publishing
          • Public web properties
          • Publishing guidelines
            • Brand and visual design guidelines
            • Voice, tone, and writing style guidelines
              • Contribute to documentation
            • Confidentiality guidelines
          • Post-publication quality control process
      • Handbook processes and policies
        • Handbook onboarding
      • Fiscal year planning
    • Research and Development
      • Organization
        • Tech Writing
        • Data engineering
        • Delivery
        • Cloud Platform
        • Site Reliability Engineering
        • GRC
        • Product Security
        • Security Operations
      • Processes
        • Feature Labels
      • Product
        • Product planning
          • Product philosophy and principles
          • Prioritization process
          • Release planning process
          • Roadmap views
          • Release plan
          • Launch plan
          • Feature requests
        • Development process
          • Mobile feature guidelines
          • Deprecation policy
          • Mattermost software requirements process
          • Jira ticket lifecycle
          • Creating new Jira bug tickets
            • Priority levels for tickets
            • Jira fix versions
        • Release process
          • Release overview
          • Feature release process
          • Dot release process
          • Security release process
          • Mobile app release process
          • Desktop app release process
          • Release tips
          • Release scorecard definitions
        • How-to guides for Product
          • How to use productboard
          • How to record a roadmap video
          • How to update integrations directory
          • How to write a feature release announcement
        • Product Management team handbook
          • Product Management Areas of Ownership
          • Product Manager onboarding
          • Product Manager levels
          • Professional development
        • Product Design team handbook
          • Product Design levels
        • Technical Writing team handbook
          • Work with us
          • User interface text guidelines
          • Documentation style guide
          • Our terminology
          • Guidelines for PMs and developers
          • Guidelines for community contributions
          • Technical Writer levels
          • Docathon 2021
            • Getting started with contributing
        • Growth
          • A/B testing methodology
          • PQL definition
        • Analytics
          • Product Analyst Engineer levels
          • Looker
            • Dashboards
            • Explores
          • Telemetry
        • Developer relations
        • Product team hangouts
      • Engineering
        • Infrastructure engineering
          • Cloud infrastructure cost KPIs
          • Cloud data export process
          • Cloud churn process
          • Reliability Manifesto
          • Production Readiness Review
          • Infrastructure Library
        • Integrations team processes
        • Plugin release process
        • Data Engineering
        • Sustained Engineering
          • On call
        • How to go to a conference
        • Public speaking
        • Core contributor expanded access policy
      • Quality Assurance
        • QA workflow
        • QA testing tips and tools
        • Rainforest process
    • Messaging and Math
      • How-to guides for M&M
        • How to create release announcements
        • How to create screenshots and GIFs
        • How to write Mattermost case studies
        • How to write guest blog posts for Mattermost apps and services
        • How to write Mattermost recipes
        • How to compose tweets
        • How to create a split test for web page
        • How to run meetups
        • How to run executive dinners
      • Checklists for M&M
        • Blog post checklist
        • Bio checklist
      • Mattermost websites
      • Demand generation reporting
      • M&M Asana guidelines
      • Content marketing
        • How to use the editorial calendar
        • Content development and distribution
        • Video content guidelines
        • How to contribute content
    • Sales
      • Deal Desk
      • Partner programs
      • Lead management
    • Deployment Engineering
      • Overview
      • Workflows
      • Frequently Asked Questions
      • Playbook for MME Sev 1 Outages
      • Status Update Template
    • Program Management
    • Customer Success
      • Customer Support
    • Legal
      • Contracts
      • Ironclad Basics
        • Company-Wide Workflows
        • Sales Contracts and Workflows
        • Signing a Contract and Contract Repository
    • Finance
      • Budget
      • How to use Airbase
        • Access Airbase
        • Navigate Airbase
        • How to submit a purchase request
        • How to submit a reimbursement request
        • How to review a reimbursement request
        • Vendor portal guide
        • Frequently asked questions
      • Onboarding
        • Vendor onboarding
        • ROW staff onboarding
      • Staff member expenses
        • How to spend company money
        • How to spend company money: Internships
        • Corporate credit card policy
        • How to access Airbase
        • Gifting policy
        • How to book airfare and travel
        • How to reimburse the company
        • How to convert currencies
        • How to get paid
      • Arrange a Bounty Program
      • Naming files and agreements
      • Risk management
        • Mattermost U.S. consulting agreements
      • Operations playbook
    • Security
      • Policies
      • Privacy
        • Data deletion requests
        • Data subject access requests
      • Product Security
        • Product Vulnerability Process
        • Working on security-sensitive pull requests
        • Secure Software Development guide
      • Security Operations
        • User guides
    • Workplace
      • PeopleOps
        • HR cadences
        • HR systems
        • HR Processes
        • Working at Mattermost
          • Onboarding
            • Things everyone must know
            • Staff onboarding
            • Engineer onboarding timeline and expectations
            • Manager onboarding
            • Frequently asked questions
          • Learning and development
          • Mattermost communication best practices
          • Paid time off
            • Out of office email example
          • Travel
            • Business travel insurance
          • Leaves of absence
            • Pregnancy leave
            • Baby bonding parental leave
            • Jury duty
          • Workplace program
          • Relocation
          • Total rewards
        • Performance reviews
          • Formal review process
          • New staff performance review
          • Informal review process
        • Transfers and promotions
        • Offboarding instructions for managers
        • People compliance
      • People policies
      • Groups
        • Staff Resource Groups
      • Approvals and iteration
      • IT
        • IT helpdesk
        • Hardware and software purchases
        • Hardware buy back policy
        • Software systems
  • Contributors
    • Contributors
      • Equity, diversity, and inclusion
      • How to contribute to Mattermost
        • Community Content program
        • Documentation contributions
        • Help Wanted tickets
        • Localization
        • Contribution events
      • Mattermost community
      • Contributor kindness
      • Community systems
      • Guidelines and playbooks
        • Social engagement guidelines
        • Contribution guidelines and code of conduct
        • Mattermost Community playbook
        • How to run a Hackathon
        • Hacktoberfest event organizer guide for Mattermost
    • MatterCon
      • Staff information privacy management
      • Mattermost events code of conduct
      • MatterCon2021
    • Join us
      • Ice-breakers
      • Help Wanted tickets
      • Localization
      • Mattermost GitHub sponsorship
      • Things candidates should know
      • Staff recruiting
      • Recruiting cadences
        • Product Manager hiring process
      • Exec recruiting
        • EA logistics
  • Help and support
    • Contact us
Powered by GitBook
On this page
  • Overview
  • Goals
  • Scope
  • Plugin release flows
  • Considerations when bumping and releasing a plugin version
  • Create release issue
  • Create version bump PR
  • Tag/cut a version of a plugin for release
  • Bundle a plugin release version to a Mattermost server release
  • Publish a plugin release version to the Plugin Marketplace
  • Release to community.mattermost.com
  • Security upgrade process
  • Updating npm dependencies CLI
  • Updating security alerts through CLI
  • Updating security alerts through GitHub

Was this helpful?

Edit on Git
Export as PDF
  1. Operations
  2. Research and Development
  3. Engineering

Plugin release process

50% DRAFT

PreviousIntegrations team processesNextData Engineering

Last updated 4 years ago

Was this helpful?

WIP: Migrating links and content from: .

Overview

The release process for modifying plugin versions and plugin version dependencies currently requires a developer to perform several non-automated tasks. Bumping, tagging, releasing, publishing, and bundling (preloading) versions are not necessarily complicated, but a formal set of steps is required and should be followed. This document describes those processes in detail and will be used to help standardize and automate these flows in the future.

Goals

  1. Define the steps required to bump, tag, release, publish, and bundle plugin versions.

  2. Through defining specific tasks during the process we will be able to define protocols and identify areas for automation improvements.

Scope

This document covers the current steps required to perform the following tasks:

  1. Bump the current version of an existing plugin.

  2. Tag a version of a plugin for release.

  3. Bundle a plugin version to a Mattermost server release.

  4. Publish a bumped plugin version to the Plugin Marketplace.

  5. Publish a new plugin to the Plugin Marketplace.

  6. Release to community.mattermost.com.

The Future Enhancements section of this document describes additional suggestions for automating some of these tasks.

Plugin release flows

Considerations when bumping and releasing a plugin version

  • Compare commits from last bump/tagged release.

  • Documentation changes aren’t necessarily vital.

    • Documentation through bundled releases aren’t viewable through the app and users will be looking at the latest master commit in the GitHub repo.

  • The PR for the version bump (in the plugin repo) does not mean that is the last commit to get tagged. This step only bumps the version. The tagging step actually determines the commit that is tagged with the release tag.

Create release issue

  • Create an issue on the corresponding repository to track the whole release process.

    • Title: Release vX.Y.Z

  • Assign yourself to the issue.

  • Add Type/Task label.

  • Once every code change for the release has been merged, move the issue to Release in Review and open a version bump PR.

Create version bump PR

  • Feature or patch bumping determined by commits being added from previous release tag.

  • Look through existing Issues and PRs and make sure the Milestone label is added for items to be included with release.

    • If security issues exist, submit PR and merge before bumping version.

  • Run pluginops release inside a local copy of the repository.

  • Follow the steps of the tool.

  • Once the local changes are done, follow the link to open a PR.

  • Add any further reasoning or description for version bump (if necessary).

  • Add 2 Developers and 1 QA for review.

  • You might also add a PM review to verify the release from a PM perspective.

Tag/cut a version of a plugin for release

After the PR for bumping the version of a plugin has been merged, you can now tag the version for release.

Cut the release using the following as an example. Note this is a slash command for use inside Mattermost:

/mb cutplugin --tag v1.2.0 --repo mattermost-plugin-todo

Matterbuild will respond with message upon success. Now view the release link and update the commit messages. This is a subjective task where determine if a commit is a feature of enhancement. Edit the release messages and arrange accordingly.

Only close the release issue if the release shouldn't go into the Marketplace. Otherwise keep it open until the release is available in the Marketplace and move it to Submitted to Marketplace.

The next steps are to add the plugin to the Plugin Marketplace. The instructions are included in the return message upon a successful cutplugin command.

Bundle a plugin release version to a Mattermost server release

Plugins that are released with Mattermost are called bundled plugins. These plugins are included with the software and need only to be configured.

  • git pull the latest master branch on mattermost-server

  • Create a new branch so you can modify the plugin versions

    • git checkout -b bundle-plugins-v5.20

    • Use branch naming convention bundle-plugins-vX.XX

  • Edit Makefile

    • Locate # Plugins Packages comment

    • Modify plugin release versions

  • Create PR against master branch with following:

    • Title: Update bundled plugins for vX.XX

    • Summary: List of updated plugins

      • Ideally includes from version > to version for each plugin

Publish a plugin release version to the Plugin Marketplace

The steps to have a plugin version added the Plugin Marketplace are included with the success of an /mb cutplugin slash command.

Release to community.mattermost.com

Then close the release issue.

Security upgrade process

(TODO: Automate checking all released plugins through CLI, cron, or GH webhook event) (TODO: User must be repo admin to see and resolve automated security issue) (TODO: Need method to hook to tell us when security issue is found) (TODO: PR for security updates should be discrete) (TODO: investigate npm ls)

Security alerts are displayed when viewing a GitHub repo and are resolved via the automated dependabot tool

Updating npm dependencies CLI

  • git checkout latest master

  • git checkout -b bump-dependency-versions

  • cd webapp/

    • npm-check -E -u to view the changes interactively

      npm-check -E -y to update without interactive

  • git add package-lock.json package-lock.json

  • git commit -m "Update dependencies"

  • git push --set-upstream origin bump-dependency-versions

  • Create PR

    • Title: Update Dependencies (Will automatically get set)

    • Summary: Update dependencies

Updating security alerts through CLI

  • git checkout latest master

  • git checkout -b npm-audit-fix

  • cd webapp/

  • npm audit - will return list of security issues

  • npm audit fix - updates package-lock.json dependencies

  • git add package-lock.json

  • git commit -m "Update dependencies"

  • git push --set-upstream origin npm-audit-fix

  • Create PR

    • Title: Update Dependencies (Will automatically get set)

    • Summary: : ->

Updating security alerts through GitHub

GitHub displays security alerts when viewing a GitHub repo.

View all alerts by clicking on the View security alerts button.

Clicking on a specific security alert will open the details alert and provide a Create automated security update button. Click the button to have dependabot begin generating an automated security update.

Summary: Add every outstanding PR or issue as a .

Add that issue to the in Code Changes Needed.

Verify no existing security issues (using ).

Install/Update .

Prerequesite: In order to cut releases using matterbuild slash commands, you need to add your name and userID on the Community server to AllowedUsers and ReleaseUsers in .

CI runs can be viewed at . If CI jobs complete successfully, a new release will automatically be produced and viewable under the Releases tab in the plugin repo.

Once the Plugin Marketplace PR is merged, request an update on the plugin in the ~community-configuration[] channel.

https://github.com/jfrerich/plugin-release-process/blob/master/README.md
task list item
Plugin Releases board
pluginops
config.json
circleci.com/gh/mattermost
https://community.mattermost.com/core/channels/community-configuration
Updating Security Alerts Through CLI
Security Notification
Security Alerts
Security Alert Details
Generating automated security update