change(release): Update release script and check it in CI (#7128)

* Activate production features on docs.rs

* Make version requirements more flexible to work around unpublished versions

* Remove a redundant feature requirement that causes publishing issues

* fix release auto-replacement format

* cargo release replace --verbose --execute --package zebrad

* Add a missing 1.0.1 changelog entry

* Fix incorrect commands in the release checklist

* Check the crates.io release script in CI, to avoid release failures

* Fix release date in changelog

* Fix workflow typo

* Add --no-confirm to the workflow

* Fix outdated version in release check command

* After the release, add a "remove do-not-merge" step

* Set git identity before committing

* Don't overwrite tweaked versions on upgrade

* cargo release version doesn't support --dependent-version

* Update the same commands in the release checklist

* Commit to git after each change

* And in the checklist

* Add cargo release config

* In CI, allow any branch and provide a fake previous tag name

* Remove redundant `cargo release commit`

* Use a simpler release version process

* Start simplifying the release dry run in CI

* Fix a cargo dependency lint

* just skip the failing crates for now

* Fix the release checklist to match CI

* Use the latest versions of all Zebra dependencies

.github/PULL_REQUEST_TEMPLATE/release-checklist.md

@@ -55,6 +55,7 @@ fastmod --fixed-strings '1.58' '1.65'
 - [ ] Create a release PR by adding `&template=release-checklist.md` to the comparing url ([Example](https://github.com/ZcashFoundation/zebra/compare/bump-v1.0.0?expand=1&template=release-checklist.md)).
 - [ ] Freeze the [`batched` queue](https://dashboard.mergify.com/github/ZcashFoundation/repo/zebra/queues) using Mergify.
 - [ ] Mark all the release PRs as `Critical` priority, so they go in the `urgent` Mergify queue.
+- [ ] Mark all non-release PRs with `do-not-merge`, because Mergify checks approved PRs against every commit, even when a queue is frozen.
 
 
 # Update Versions and End of Support
@@ -76,19 +77,24 @@ Zebra's Rust API doesn't have any support or stability guarantees, so we keep al
 
 <details>
 
-<summary>If you're publishing crates for the first time:</summary>
+<summary>If you're publishing crates for the first time, click this triangle for extra steps</summary>
 
 - [ ] Install `cargo-release`: `cargo install cargo-release`
 - [ ] Make sure you are  an owner of the crate or [a member of the Zebra crates.io `owners` group on GitHub](https://github.com/orgs/ZcashFoundation/teams/owners)
 
 </details>
 
-- [ ] Update crate versions and do a release dry-run
-    - [ ] `cargo clean` (optional)
-    - [ ] `cargo release version --verbose --execute --workspace --exclude zebrad beta`
-    - [ ] `cargo release version --verbose --execute --package zebrad [ major | minor | patch ]`
-    - [ ] `cargo release publish --verbose --dry-run --workspace`
-- [ ] Commit the version changes to your release PR branch using `git`: `cargo release commit --verbose --execute --workspace`
+Check that the release will work:
+- [ ] Update crate versions, commit the changes to the release branch, and do a release dry-run:
+
+```sh
+cargo release version --verbose --execute --allow-branch '*' --workspace --exclude zebrad beta
+cargo release version --verbose --execute --allow-branch '*' --package zebrad patch # [ major | minor | patch ]
+cargo release replace --verbose --execute --allow-branch '*' --package zebrad
+cargo release commit --verbose --execute --allow-branch '*'
+```
+
+Crate publishing is [automatically checked in CI](https://github.com/ZcashFoundation/zebra/actions/workflows/release-crates-io.yml) using "dry run" mode.
 
 ## Update End of Support
 
@@ -131,7 +137,6 @@ The end of support height is calculated from the current blockchain height:
 ## Test the Pre-Release
 
 - [ ] Wait until the [Docker binaries have been built on `main`](https://github.com/ZcashFoundation/zebra/actions/workflows/continous-integration-docker.yml), and the quick tests have passed.
-      (You can ignore the full sync and `lightwalletd` tests, because they take about a day to run.)
 - [ ] Wait until the [pre-release deployment machines have successfully launched](https://github.com/ZcashFoundation/zebra/actions/workflows/continous-delivery.yml)
 
 ## Publish Release
@@ -144,12 +149,13 @@ The end of support height is calculated from the current blockchain height:
 - [ ] Run `cargo clean` in the zebra repo (optional)
 - [ ] Publish the crates to crates.io: `cargo release publish --verbose --workspace --execute`
 - [ ] Check that Zebra can be installed from `crates.io`:
-      `cargo install --locked --force --version 1.0.0 zebrad && ~/.cargo/bin/zebrad`
+      `cargo install --locked --force --version 1.minor.patch zebrad && ~/.cargo/bin/zebrad`
       and put the output in a comment on the PR.
 
 ## Publish Docker Images
 - [ ] Wait for the [the Docker images to be published successfully](https://github.com/ZcashFoundation/zebra/actions/workflows/release-binaries.yml).
 - [ ] Un-freeze the [`batched` queue](https://dashboard.mergify.com/github/ZcashFoundation/repo/zebra/queues) using Mergify.
+- [ ] Remove `do-not-merge` from the PRs you added it to
 
 ## Release Failures
 

.github/workflows/release-crates-io.patch.yml

@@ -0,0 +1,28 @@
+name: Release crates
+
+on:
+  # Only patch the Release PR test job
+  pull_request:
+    paths-ignore:
+      # code and tests
+      - '**/*.rs'
+      # hard-coded checkpoints (and proptest regressions, which are not actually needed)
+      - '**/*.txt'
+      # dependencies
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      # configuration files
+      - '.cargo/config.toml'
+      - '**/clippy.toml'
+      # READMEs, which are shown on the crate page
+      - '**/README.md'
+      # workflow definitions
+      - '.github/workflows/release-crates.io.yml'
+
+
+jobs:
+  check-release:
+    name: Check crate release dry run
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No check required"'

.github/workflows/release-crates-io.yml

@@ -0,0 +1,125 @@
+# This workflow checks that Zebra's crates.io release script works.
+#
+# We use a separate action, because the changed files are different to a Continuous Deployment
+# or Docker release.
+#
+# This workflow is triggered when:
+# - A PR that changes Rust files, a README, or this workflow is opened or updated
+# - A change is pushed to the main branch
+#
+# TODO:
+# If we decide to automate crates.io releases, we can also publish crates using this workflow, when:
+# - A release is published
+# - A pre-release is changed to a release
+
+name: Release crates
+
+# Ensures that only one workflow task will run at a time. Previous releases, if
+# already in process, won't get cancelled. Instead, we let the first release complete,
+# then queue the latest pending workflow, cancelling any workflows in between.
+#
+# Since the different event types do very different things (test vs release),
+# we can run different event types concurrently.
+#
+# For pull requests, we only run the tests from this workflow, and don't do any releases.
+# So an in-progress pull request gets cancelled, just like other tests.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+
+on:
+# disabled for now
+#  release:
+#    types:
+#      - released
+
+  # Only runs the release tests, doesn't release any crates.
+  #
+  # We test all changes on the main branch, just in case the PR paths are too strict.
+  push:
+    branches:
+      - main
+
+  pull_request:
+    paths:
+      # code and tests
+      - '**/*.rs'
+      # hard-coded checkpoints (and proptest regressions, which are not actually needed)
+      - '**/*.txt'
+      # dependencies
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      # configuration files
+      - '.cargo/config.toml'
+      - '**/clippy.toml'
+      # READMEs, which are shown on the crate page
+      - '**/README.md'
+      # workflow definitions
+      - '.github/workflows/release-crates.io.yml'
+
+
+jobs:
+  # Test that Zebra can be released to crates.io using `cargo`.
+  # This checks that Zebra's dependencies and release configs are correct.
+  check-release:
+    name: Check crate release dry run
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    steps:
+      - uses: r7kamura/rust-problem-matchers@v1.3.0
+
+      - name: Checkout git repository
+        uses: actions/checkout@v3.5.3
+        with:
+          persist-credentials: false
+
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4
+        with:
+          short-length: 7
+
+      # Setup Rust with stable toolchain and minimal profile
+      - name: Setup Rust
+        run: |
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=minimal
+
+      - name: Install cargo-release
+        uses: baptiste0928/cargo-install@v2.1.0
+        with:
+          crate: cargo-release
+
+      # Make sure Zebra can be released!
+      #
+      # These steps should be kept up to date with the release checklist.
+      #
+      # TODO: move these steps into a script which is run in the release checklist and CI
+      - name: Crate release dry run
+        run: |
+          set -ex
+          git config --global user.email "release-tests-no-reply@zfnd.org"
+          git config --global user.name "Automated Release Test"
+          # This script must be the same as:
+          # https://github.com/ZcashFoundation/zebra/blob/main/.github/PULL_REQUEST_TEMPLATE/release-checklist.md#update-crate-versions
+          # with an extra `--no-confirm` argument for non-interactive testing.
+          cargo release version --verbose --execute --no-confirm --allow-branch '*' --workspace --exclude zebrad beta
+          cargo release version --verbose --execute --no-confirm --allow-branch '*' --package zebrad patch
+          cargo release replace --verbose --execute --no-confirm --allow-branch '*' --package zebrad
+          cargo release commit --verbose --execute --no-confirm --allow-branch '*'
+          # Check the release will work using a dry run
+          #
+          # Workaround unpublished dependency version errors by skipping those crates:
+          # https://github.com/crate-ci/cargo-release/issues/691
+          #
+          # TODO: check all crates after fixing these errors
+          cargo release publish --verbose --dry-run --allow-branch '*' --workspace --exclude zebra-consensus --exclude zebra-utils --exclude zebrad
+
+
+  # TODO: actually do the release here
+  #release-crates:
+  #  name: Release Zebra Crates
+  #  needs: [ check-release ]
+  #  runs-on: ubuntu-latest
+  #  timeout-minutes: 30
+  #  if: ${{ !cancelled() && !failure() && github.event_name == 'release' }}
+  #  steps:

CHANGELOG.md

@@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org).
 
 
-## [Zebra 1.0.1](https://github.com/ZcashFoundation/zebra/releases/tag/v1.0.1) - 2023-06-29
+## [Zebra 1.0.1](https://github.com/ZcashFoundation/zebra/releases/tag/v1.0.1) - 2023-07-03
 
 Zebra's first patch release fixes multiple peer connection security issues and panics. It also significantly reduces Zebra's CPU usage. We recommend that all users upgrade to Zebra 1.0.1 or later.
 
@@ -42,6 +42,7 @@ These platforms are no longer supported by the Zebra team:
 - Close new peer connections from the same IP and port, rather than replacing the older connection ([#6980](https://github.com/ZcashFoundation/zebra/pull/6980))
 - Reduce inbound service overloads and add a timeout ([#6950](https://github.com/ZcashFoundation/zebra/pull/6950))
 - Stop panicking when handling inbound connection handshakes ([#6984](https://github.com/ZcashFoundation/zebra/pull/6984))
+- Stop panicking on shutdown in the syncer and network ([#7104](https://github.com/ZcashFoundation/zebra/pull/7104))
 
 ### Added
 

book/src/user/docker.md

@@ -17,7 +17,7 @@ docker run --detach zfnd/zebra:latest
 ### Build it locally
 
 ```shell
-git clone --depth 1 --branch v1.0.0 https://github.com/ZcashFoundation/zebra.git
+git clone --depth 1 --branch v1.0.1 https://github.com/ZcashFoundation/zebra.git
 docker build --file docker/Dockerfile --target runtime --tag zebra:local .
 docker run --detach zebra:local
 ```

book/src/user/install.md

@@ -20,7 +20,7 @@ To compile Zebra directly from GitHub, or from a GitHub release source archive:
 ```sh
 git clone https://github.com/ZcashFoundation/zebra.git
 cd zebra
-git checkout v1.0.0
+git checkout v1.0.1
 ```
 
 3. Build and Run `zebrad`
@@ -33,7 +33,7 @@ target/release/zebrad start
 ### Compiling from git using cargo install
 
 ```sh
-cargo install --git https://github.com/ZcashFoundation/zebra --tag v1.0.0 zebrad
+cargo install --git https://github.com/ZcashFoundation/zebra --tag v1.0.1 zebrad
 ```
 
 ### Compiling on ARM

release.toml

@@ -0,0 +1,20 @@
+# Only allow releases from the main branch
+allow-branch = [ 'main' ]
+
+# TODO:
+# configure all zebra-* crates with a shared version,
+# and all tower-* crates with a different one:
+# https://github.com/crate-ci/cargo-release/blob/master/docs/reference.md#config-fields
+#shared-version = "TODO named groups"
+
+# Verify releases with release features
+#
+# TODO: add this feature to all crates
+#enable-features = [ 'default-release-binaries' ]
+
+# Don't do a git push or tag
+push = false
+tag = false
+
+# Owners for new crates
+owners = [ 'dconnolly', 'teor2345', 'zcashfoundation/owners' ]

zebra-state/Cargo.toml

@@ -55,7 +55,7 @@ metrics = "0.21.1"
 mset = "0.1.1"
 regex = "1.8.4"
 rlimit = "0.9.1"
-rocksdb = { version = "0.21.0", default_features = false, features = ["lz4"] }
+rocksdb = { version = "0.21.0", default-features = false, features = ["lz4"] }
 semver = "1.0.17"
 serde = { version = "1.0.166", features = ["serde_derive"] }
 tempfile = "3.5.0"

zebrad/Cargo.toml

@@ -30,9 +30,24 @@ default-run = "zebrad"
 # `cargo release` settings
 [package.metadata.release]
 pre-release-replacements = [
-  {file="../book/src/user/install.md", search="git checkout [a-z0-9\\.-]+", replace="git checkout {{version}}"},
-  {file="../book/src/user/install.md", search="--tag [a-z0-9\\.-]+", replace="--tag {{version}}"},
-  {file="../book/src/user/docker.md", search="--branch [a-z0-9\\.-]+", replace="--branch {{version}}"},
+  {file="../book/src/user/install.md", search="git checkout [a-z0-9\\.-]+", replace="git checkout v{{version}}"},
+  {file="../book/src/user/install.md", search="--tag [a-z0-9\\.-]+", replace="--tag v{{version}}"},
+  {file="../book/src/user/docker.md", search="--branch [a-z0-9\\.-]+", replace="--branch v{{version}}"},
+]
+
+[package.metadata.docs.rs]
+
+# Publish Zebra's supported production and developer features on docs.rs.
+# (Except for the log level features, because there are a lot of them.)
+#
+# <https://docs.rs/about/metadata>
+features = [
+    "default-release-binaries",
+    "filter-reload",
+    "flamegraph",
+    "journald",
+    "prometheus",
+    "sentry",
 ]
 
 [features]
@@ -55,7 +70,6 @@ getblocktemplate-rpcs = [
 
 elasticsearch = [
     "zebra-state/elasticsearch",
-    "zebra-chain/elasticsearch",
 ]
 
 sentry = ["dep:sentry"]
@@ -134,6 +148,7 @@ zebra-network = { path = "../zebra-network", version = "1.0.0-beta.27" }
 zebra-node-services = { path = "../zebra-node-services", version = "1.0.0-beta.27" }
 zebra-rpc = { path = "../zebra-rpc", version = "1.0.0-beta.27" }
 zebra-state = { path = "../zebra-state", version = "1.0.0-beta.27" }
+
 # Required for crates.io publishing, but it's only used in tests
 zebra-utils = { path = "../zebra-utils", version = "1.0.0-beta.27", optional = true }
 
@@ -153,7 +168,7 @@ tokio = { version = "1.29.1", features = ["time", "rt-multi-thread", "macros", "
 tower = { version = "0.4.13", features = ["hedge", "limit"] }
 pin-project = "1.1.0"
 
-color-eyre = { version = "0.6.2", default_features = false, features = ["issue-url"] }
+color-eyre = { version = "0.6.2", default-features = false, features = ["issue-url"] }
 # This is a transitive dependency via color-eyre.
 # Enable a feature that makes tinyvec compile much faster.
 tinyvec = { version = "1.6.0", features = ["rustc_1_55"] }