1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
# 2021 Annual Report: SIG Release
## Current initiatives
### 1. What work did the SIG do this year that should be highlighted?
#### Release Engineering
After finalizing the rewrite of the release process from bash into golang,
the release engineering team has been focusing its efforts on two main
areas:
1. Improving the release automation on two fronts:
1. Adding new features, tests and checks to the release process which
were missing from the original anago (binary verification, CVE
disclosure, building from custom branches and repositories).
1. Consolidating the codebases of new repositories which SIG Release
brought under its responsibility. The range of new repositories we
are consolidating go from critical projects (like the image promoter)
to less important repositories (like downloadkubernetes.com)
1. Hardening the Kubernetes Supply Chain via key efforts:
1. SBOM Generation
1. SLSA 3 compliance
1. Artifact signing
#### Release Team
### 2. What initiatives are you working on that aren't being tracked in KEPs?
The most important change currently under development not tracked in a KEP is
the new automated branch forward. Tests are currently underway and we aim to
have automated forward of the release branch during code freeze by the 1.25 cycle.
[A recent announcement sent to the dev mailing list](https://groups.google.com/a/kubernetes.io/g/dev/c/qbHPJjUF3s8)
has more details about the plan.
### 3. KEP work in 2021 (1.x, 1.y, 1.z):
<!--
In future, this will be generated from kubernetes/enhancements kep.yaml files
1. with SIG as owning-sig or in participating-sigs
2. listing 1.x, 1.y, or 1.z in milestones or in latest-milestone
-->
- Alpha
- [KEP-2853 - Kubernetes repository branch rename](https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/2853-k-core-branch-rename/README.md) - $milestone.stable
- [KEP-3027 - SLSA Level 3 Compliance in the Kubernetes Release Process](https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/3027-slsa-compliance/README.md) - $milestone.stable
- [KEP-3031: Signing release artifacts](https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/3031-signing-release-artifacts/README.mdhttps://git.k8s.io/community/$link/README.md) - $milestone.beta
- [$kep-number - $title](https://git.k8s.io/community/$link/README.md) - $milestone.beta
## Project health
1. What areas and/or subprojects does your group need the most help with?
Any areas with 2 or fewer OWNERs? (link to more details)
All of the following areas are reviewed by the Release Engineering
subproject, but we could always use more help here:
- [kubernetes-sigs/bom](https://github.com/kubernetes-sigs/bom/blob/main/OWNERS)
- [kubernetes-sigs/downloadkubernetes](https://github.com/kubernetes-sigs/downloadkubernetes/blob/master/OWNERS)
- [kubernetes-sigs/mdtoc](https://github.com/kubernetes-sigs/mdtoc/blob/master/OWNERS)
- [kubernetes-sigs/release-notes](https://github.com/kubernetes-sigs/release-notes/blob/master/OWNERS)
- [kubernetes-sigs/zeitgeist](https://github.com/kubernetes-sigs/zeitgeist/blob/master/OWNERS)
- [kubernetes/repo-infra](https://github.com/kubernetes/repo-infra/blob/master/OWNERS)
2. What metrics/community health stats does your group care about and/or measure?
Some data tracking efforts that SIG Release performs include monitoring release team applications,
release manager activities and code commits to ensure timely release cuts in our repos.
3. Does your [CONTRIBUTING.md] help **new** contributors engage with your group specifically by pointing
to activities or programs that provide useful context or allow easy participation?
- The `CONTRIBUTING.md` was recently revamped and includes a Getting Started section with links to mentoring opportunities.
4. If your group has special training, requirements for reviewers/approvers, or processes beyond the general [contributor guide],
does your [CONTRIBUTING.md] document those to help **existing** contributors grow throughout the [contributor ladder]?
- [Release Team](https://github.com/kubernetes/sig-release/tree/master/release-team)
- [Release Engineering](https://github.com/kubernetes/sig-release/tree/master/release-engineering)
5. Does the group have contributors from multiple companies/affiliations?
- Yes, over the past two years, we've had contributors from the following companies (non-exhaustive, gathered from [here](https://k8s.devstats.cncf.io/d/55/company-prs-in-repository-groups?orgId=1&var-period_name=Last%202%20years&var-repogroups=SIG%20Release&var-repos=All&var-companies=All&var-countries=All)):
- Red Hat
- Cisco
- Chainguard
- Mattermost
- Apple
- SUSE
- VMware
- Upbound
- Google
- Jetstack
- Kubermatic
- IBM
- HashiCorp
- SAP
- HSBC
- Huawei
- Intel
- Autodesk
6. Are there ways end users/companies can contribute that they currently are not?
If one of those ways is more full time support, what would they work on and why?
- We've been considering offering internships to help us round the rough edges
in some repositories such as the Kuebrnetes SBOM Tool.
## Membership
Accurate of 2022-02-14.
Stats are primarily pulled from kubernetes/release, the primary repository for
Release Engineering tooling/work, which serves as a reasonable representation
of reviewers/approvers across SIG Release repositories.
- Primary Slack channel member count: 2458
- Primary mailing list member count: 501
- Primary meeting attendee count (estimated, if needed): 20
- Primary meeting participant count (estimated, if needed): 10
- Unique reviewers for SIG-owned packages (from kubernetes/release): 24
- Unique approvers for SIG-owned packages (from kubernetes/release): 7
Include any other ways you measure group membership
## Subprojects
Retired in 2021:
- [Licensing](https://git.k8s.io/community/sig-release#licensing)
Continuing:
- [Release Engineering](https://git.k8s.io/community/sig-release#release-engineering)
- [Release Team](https://git.k8s.io/community/sig-release#release-team)
## Working groups
New in 2021:
- [WG Reliability](https://git.k8s.io/community/wg-reliability/) ([2021 report](https://git.k8s.io/community/wg-reliability/annual-report-2021.md))
Retired in 2021:
WG K8s Infra was converted into [SIG K8s Infra](https://git.k8s.io/community/sig-k8s-infra) in 2021.
Continuing:
- [WG Reliability](https://git.k8s.io/community/wg-reliability/) ([2021 report](https://git.k8s.io/community/wg-reliability/annual-report-2021.md))
## Operational
Operational tasks in [sig-governance.md]:
- [x] [README.md] reviewed for accuracy and updated if needed
- [x] [CONTRIBUTING.md] reviewed for accuracy and updated if needed
(or created if missing and your contributor steps and experience are different or more
in-depth than the documentation listed in the general [contributor guide] and [devel] folder.)
- [x] Subprojects list and linked OWNERS files in [sigs.yaml] reviewed for accuracy and updated if needed
- [x] SIG leaders (chairs, tech leads, and subproject owners) in [sigs.yaml] are accurate and active, and updated if needed
- [x] Meeting notes and recordings for 2021 are linked from [README.md] and updated/uploaded if needed
- [x] Did you have community-wide updates in 2021 (e.g. community meetings, kubecon, or kubernetes-dev@ emails)? Links to email, slides, or recordings:
- [Hardening the Kubernetes Software Supply Chain Through Better Transparency](https://www.youtube.com/watch?v=W6hUXv66rRc) KubeCon + CloudNativeCon NA 2021
[CONTRIBUTING.md]: https://git.k8s.io/community/sig-release/CONTRIBUTING.md
[contributor ladder]: https://git.k8s.io/community/community-membership.md
[sig-governance.md]: https://git.k8s.io/community/committee-steering/governance/sig-governance.md
[README.md]: https://git.k8s.io/community/sig-release/README.md
[sigs.yaml]: https://git.k8s.io/community/sigs.yaml
[contributor guide]: https://git.k8s.io/community/contributors/guide/README.md
[devel]: https://git.k8s.io/community/contributors/devel/README.md
<!-- BEGIN CUSTOM CONTENT -->
<!-- END CUSTOM CONTENT -->
|
