[Release n.n] Release Checklist

Product Manager (PM)

Core Product Manager for release

product discord channel

Release Manager

Primary tech resource for release

devs-internal channel

FIP Developer

Developer responsible for coding change

devs-internal channel

QA

QA or developer responsible for coding change

devs-internal channel

BPs

Block Producers

Telegram Mainnet and Testnet

FIO Developer Community

Broader FIO community of developers

Dev Hub

Account Management

Foundation group responsible for partner communication

partner-success channel

Marketing

Foundation group responsible for broad communication

marketing channel

Release planning

Update Master Release Schedule

Update master release schedule with all release info

Create project wiki

Create a project wiki created for release under Releases This will be used to store all relevant release documents. Example.

Release stories and subtasks

Create and epic, stories, and subtasks for release. There should be a story for:

• Release N.N/M.M Project Management

• Release N.N/M.M QA

• Release N.N/M.M Release Management

Subtasks should be created for each item in this checklist.

Release kickoff meeting

Set up a kickoff meeting with team to review release

Release plan

Create rollout/release plan for this effort (added actions, removed actions, table migrations, order dependent detailed instructions on how to roll out these changes successfully. include all necessary MSIGs). This should include detailed instructions on how to verify that the rollout was performed successfully.

Once complete, review the rollout plan and verification with architecture and QA/Integration teams.

Release script template: [Release n.n] Release Script

Master release plan: Master Release Plan

See example: [fio 3.3 fio.contracts 2.7] Release script

Security

Security - Code audit

A security focused audit of contract modifications should be strongly considered for any new actions, or any modifications to actions that involve changes in authorizations, or error logic. Code audits can be performed by core team members, or they can be performed by third parties specializing in EOSIO security issues.

Findings for security audits are sensitive and may be published to the public after careful consideration of the consequences of publishing this material. Once vulnerabilities have been adequately addressed all findings and remediations should be posted to the wiki for the project in question. Provide a set of links to completed items, or provide a point of contact for your project if items are in work.

Security documentation: https://fioprotocol.atlassian.net/wiki/spaces/FO/pages/141262894

Vulnerability testing

The feature may benefit from security focused stress testing. This testing may be performed by core team members, or by contracted parties hired for the project. The testing might take an EOSIO specific focus, with the addition of penetration, fuzz, gaming the system, and other vulnerability testing is strongly advised.

This is still TBD on how to do this on a regular basis.

Bug bounties

Some features may benefit from placing a bounty on the contract modifications. Your feature should consider offering a reward if any community member is able to discover security flaws, or vulnerabilities in new features. These bounties may be long lived, and they may require the use of private test instances of the fio test net to provide hackers ample opportunity to “break the chain”.

This is still TBD on how to execute

LocalNet

Local - Release rollout testing

Validate release script, updated by developers for each feature, detailing all addaction, createfee, and new and existing contract updates

Perform local (single machine) test to validate release script

See: https://developers.fioprotocol.io/docs/developers/devnet#local-testing

LocalNet - Performance and Scaling

Verify performance and scalability tests run on LocalNet (and results added to Dev Spec)

Identify performance and scalability tests to run on DevNet

DevNet

DevNet Setup

Environment: https://fioprotocol.atlassian.net/wiki/spaces/FO/pages/114131133

Repo: https://github.com/dapixio/fio-devnet

Testing Overview: https://dev.fio.net/docs/devnet-testing

MultiSig Process: https://dev.fio.net/docs/multisig

Create msig: actions capturing release items for injest into mSig tool.

DevNet - Contract Testing

Baseline Smoke test using fio.devtools/fio.test framework

See: DevNet Contract Test

This step sets the baseline for future DevNet tests

• Clone release baseline

• Run local 3 node setup via fio.devtools start.sh

• Run npm test with smoketest target

  • Include mSig test to run mSig propose, approve and execution.

DevNet - Fork testing

Complete fork testing per DevNet Fork Test. May include baseline smoke test per above

This task has two flavors:

• Chain upgrade via build of current release version, build of future release version and upgrade of nodes via fio-devnet scripts, followed by smoketest

• Chain upgrade via build of current release version and execution of release script items, addaction, createfee, new account (w/priv and ram limit update) and set contract

Use of fio-devnet scripts one can verify update of 3 or 6 BPs at a time against the remaining BPs as blocks are processed

Direct execution of release script items, especially setcontract, is helpful to see BPs block production continues normally.

DevNet - Regression testing

Full fio.test regression tests completed and run cleanly on Devnet

DevNet - mSig Release rollout testing

Validate release using mSigs. See FIO mSig Adminer. Note that this is the FIO mSig Admin tool (fork of cryptolions tool). See https://dev.fio.net/docs/devnet-testing for test and validation info.

This is TestNet simulaton test where the release script items are rolled up into multiSigs and executed on the DevNet chain. This step will exercise mSig propose, mSig 2/3 + 1 approvals, as well as the mSig execution step.

Example mSig review and validation;

• ./clio -u <DevNet API Node> multisig review <Proposer> <Proposal Name>

DevNet - Contract Testing

Same as above, but performed on msig version of Devnet

DevNet - Regression testing

DevNet - Performance/Scalability testing

Perform DevNet performance and scalability tests

Performance and Scalability testing is a responsibility of the Developer and QA, however, it may be necessary to identify release level performance and scaling requirements

SDK Pre Release

Changes to Typescript SDK may be necessary for each release of the FIO protocol. SDK changes should go through a QA process. The release manager must integrate the SDK changes required for a release, then perform acceptance tests on these changes.

SDK pre-release - release story

Create story (if not already done) to track SDK Release

SDK pre-release - dev complete

Confirm that SDK development is complete for all features in release

SDK pre-release - release candidate

Create release/n.n.x branch (where n=contract release number)

Create pre-release (Release Candidate - FIO Typescript SDK vx.x.x-rc1)

Testnet Setup

Testnet setup - fio.test pre-release

• Create release/n.n.x_m.m.x branch (where n=contract release number and m=chain release number)

• Confirm that the package.json references the new kiosk_typescript branch

Testnet setup - SDK Update fio.test to point to SDK release branch

Update fio.test package.json file to point to the SDK pre-release.

Testnet setup - fio.devtools pre-release

Create release/n.n.x_m.m.x branch (where n=contract release number and m=chain release number)

Testnet setup - fio.contracts pre-release

• Create release/n.n.x branch (where n=contract release number)

• Create pre-release (Testnet Release Candidate - FIO Contracts vx.x.x-rc1)

• Update release notes

• Create PR for hashes on fio.mainnet > releases-testnet.md

Testnet setup - fio pre-release

• Create release/m.m.x branch (where m=chain release number)

• Create pre-release (Testnet Release Candidate - FIO vx.x.x-rc1)

• Update release notes

• Replay test by BP (needs to be defined and documented

• Track chain upgrade of BPs

Testnet Release

Testnet release - Facilitate the creation and proposal of Release mSigs

• The proposer has to be an active BP.

• BP to create msig to set addaction and createfee for new actions

• BP to create mSig for new account

• BP to create msigs for updated and new contracts (note that multiple mSigs are created for set contract)

• Required approvers

  • Use top 30 BPs on Testnet

• Review msigs using clio multisig review and table query

  • Check permissions

  • Record the msig propose content

• BP to post msigs to Testnet channel

• Coordinate rollout with BPs via Telegram TestNet channel

Use of FIO Block Producer, i.e. nyvrxkxhiyql, and TestNet node, 52.35.164.8:8888, is recommended for proposal.

Testnet release - BP mSig Approval

BP TestNet community

• Monitor and coordinate with active BPs via Telegram TestNet channel

Testnet release - BP mSig Execution

BP TestNet community

• Monitor and coordinate msig execution

• Before execution

  • Confirm that there are at least 16 approving BPs which are in the top 21

• After execution

  • Check next block for errors

Use of FIO Block Producer, i.e. nyvrxkxhiyql, and TestNet node, 52.35.164.8:8888, is recommended for execution.

Recommend mSig execution one at a time to properly validate. mSig execution frequency every 5 minutes recommended for chain block production.

Testnet release - Release validation

• Confirm ABIs deployed correctly (using ./clio get abi)

• Confirm createfee added fees with correct endpoint and type

• Confirm addaction added correct actions with correct contracts

• Confirm contract hashes using fio.devtools wasm/hash tool

• Check blocks by calling api (via Postname or curl) with

  <DevNet API Node>/v1/chain/get_block with json body of '{"block_num_or_id": "<Trx Block Nbr"}'. Check following blocks as well as multisig commands are deferred transactions.

Testnet release - Smoketest

Update fio.test smoketest with new actions and getters and run against Testnet

Testnet release - Manual Feature validation

Perform manual validation for all actions and getters listed in the Master Release Plan.

Also work with developer to do any release validation testing noted in the Deployment and Rollout guides.

Testnet release - Foundation Testnet API Node*

Update FIO Testnet API node

See: https://developers.fioprotocol.io/docs/chain/node-build

Testnet release - Communication

• Socialize changes with all BPs on Testnet and the community and marketing

Mainnet Setup

Mainnet setup - Mainnet prep

• Create upgrade checklist of BPs and integration partners

• Work with account management to coordinate Mainnet rollout plan with the BP, wallet, and exchange community, watch over the execution and help to ensure rollout is completed in full.

• Socialize release changes with all BPs and the community and marketing

Mainnet setup - fio.test

• Merge release/n.n.x_m.m.x branch to master, create vn.n.n_m.m.m tag

• Run test tag against new release

Mainnet setup - fio.devtools

• Merge release/n.n.x_m.m.x branch to master, create vn.n.n_m.m.m tag

• Update base contracts to current mainnet contracts

• Update readme to show new version changes on fio

• Merge to master and cut a new tag/release

Mainnet setup - fio.contract

• Merge release/n.n.x branch to master, create vn.n.n tag

• Move pre-release to release (Release - FIO Contracts vx.x.x)

• Create PR for hashes on fio.mainnet

• Encourage BPs to vote on new endpoint fee

• msig fio.contracts release

• Perform the rollout verification and report findings

• Post msig links to main FIO Telegram channel so member can track progress

Mainnet setup - fio

• Merge release/m.m.x branch to master, create vm.m.m tag

• Move pre-release to release (Release - FIO vx.x.x), creating the GitHub Release with new functionality, fixes, etc. documented.

• Build the FIO repo (use -P option) and Generate .deb and .tgz build files using fio.package

• Upload .deb and .tgz build files to;

• FIO Releases page for this release

• AWS > S3 > fioprotocol > Mainnet

• Update the FIO.docker repo (package release links in dockerfile) and create pull request notifying Todd of the new release artifacts

• BP mainnet node upgrade checklist is complete (BP spreadsheet, or create one in Jira)

Mainnet Release

Mainnet release - addaction and createfee msigs

• msig to set addaction and createfee for new actions

• Encourage BPs to vote on new endpoint fee

Example:

createfee '{"end_point":"transfer_tokens_fio_add","type":"1","suf_amount":"958695652"}'

addaction '{"action":"trnsloctoks","contract":"fio.token","actor":"eosio"}'

Mainnet release - Contract msigs

• BP to create msigs for updated and new contracts

• Review msigs

• BP to post msigs to Mainnet

Mainnet release - Release validation

• Confirm hashes of mainnet

• Confirm versions of mainnet nodes (chain)

• Confirm ABIs deployed correctly (using ./clio get abi)

• Confirm createfee added fees with correct endpoint and type

• Confirm addaction added correct actions with correct contracts

Mainnet release - - Manual QA validation

Perform manual validation for all actions and getters listed in the Master Release Plan.

Also work with developer to do any release validation testing noted in the Deployment and Rollout guides.

Post-deployment

Post-deployment - Mainnet validation - fio chain

• Confirm versions of mainnet nodes (chain)

• Create tracking spreadsheet

• Confirm BP upgrade: https://health.fioprotocol.io

Post-deployment - Update FIO Hosted API Nodes

• Upgrade Registration site API nodes (2 load balanced nodes)

• Notify Todd to upgrade Analytics API node (single State History node)

Post-deployment - Update FIP status

Move FIP status to Final and include release links; update master README index

Post-deployment - Update Devhub

• Update BP Fee setting page with new endpoints, fees, and ratios and encourage BPs to vote on new endpoints

• Update FIO Fees and Bundled Transactions page with new actions

• Add new actions and endpoints to API

• Update RAM, CPU, and NET limits with RAM limits

• Update Integration Guide with any new actions or changes to existing actions

• Ensure correct error conditions in API are correct and match FIP. Include any new errors and remove old errors.

Post-deployment - Update fiosdk_typescript-examples

Add examples for new actions to fiosdk_typescript-examples repo

Not required

Post-deployment - Partner upgrades

• Create upgrade blog post and send to Account Management team to manage upgrades

• Work with Account Management to coordinate Mainnet rollout plan with the BP, wallet, and exchange community, watch over the execution and help to ensure rollout is completed in full.

SDK Production Release

Typescript SDK Release

Tracks the release of the latest SDK to production.

• Code review all changes

• System test SDK release tag version against latest production releases (master branches) of fio, fio.contracts, fio.devtools, fio.test (If updates to test are needed, confirm fixes are put into the fio.test release/vn.n.n release branch and the develop branch (i.e., merge fixes from release branch))

• Merge develop to master and create production release tag from master

• Typescript: Publish new SDK release on NPM (see: https://github.com/fioprotocol/fiosdk_typescript#publishing-to-node-package-manager-npm)

• Work with Account Management to socialize the release to integration partners