Release 1.0.0-rc.9

[dconnolly]

Versioning

How to Increment Versions

Zebra follows semantic versioning. Semantic versions look like: MAJOR.MINOR.PATCH[-TAG.PRE-RELEASE]

The draft zebrad changelog will have an automatic version bump. This version is based on the labels on the PRs in the release.

Check that the automatic zebrad version increment matches the changes in the release:

If we're releasing a mainnet network upgrade, it is a major release:

1. Increment the major version of all the Zebra crates.
2. Increment the patch version of the tower crates.

If we're not releasing a mainnet network upgrade, check for features, major changes, deprecations, and removals. If this release has any, it is a minor release:

1. Increment the minor version of zebrad.
2. Increment the pre-release version of the other crates.
3. Increment the patch version of the tower crates.

Otherwise, it is a patch release:

1. Increment the patch version of zebrad.
2. Increment the pre-release version of the other crates.
3. Increment the patch version of the tower crates.

Zebra's Rust API is not stable or supported, so we keep all the crates on the same beta pre-release version.

Version Locations

Once you know which versions you want to increment, you can find them in the:

zebrad (rc):

• zebrad Cargo.toml
• README.md
• book/src/user/docker.md

crates (beta):

• zebra-* Cargo.tomls

tower (patch):

• tower-* Cargo.tomls

auto-generated:

• Cargo.lock: run cargo build after updating all the Cargo.tomls

Version Tooling

You can use fastmod to interactively find and replace versions.

For example, you can do something like:

fastmod --extensions rs,toml,md --fixed-strings '1.0.0-rc.0' '1.0.0-rc.1' zebrad README.md zebra-network/src/constants.rs book/src/user/docker.md
fastmod --extensions rs,toml,md --fixed-strings '1.0.0-beta.15' '1.0.0-beta.16' zebra-*
fastmod --extensions rs,toml,md --fixed-strings '0.2.30' '0.2.31' tower-batch tower-fallback
cargo build

If you use fastmod, don't update versions in CHANGELOG.md or zebra-dependencies-for-audit.md.

README

Update the README to:

• Remove any "Known Issues" that have been fixed
• Update the "Build and Run Instructions" with any new dependencies.
  Check for changes in the Dockerfile since the last tag: git diff <previous-release-tag> docker/Dockerfile.
• If Zebra has started using newer Rust language features or standard library APIs, update the known working Rust version in the README, book, and Cargo.tomls

You can use a command like:

      fastmod --fixed-strings '1.58' '1.65'

Checkpoints

For performance and security, we want to update the Zebra checkpoints in every release.
You can copy the latest checkpoints from CI by following the zebra-checkpoints README.

Missed Dependency Updates

Sometimes dependabot misses some dependency updates, or we accidentally turned them off.

Here's how we make sure we got everything:

• Run cargo update on the latest main branch, and keep the output
• If needed, update deny.toml
• Open a separate PR with the changes, and add the output of cargo update to that PR as a comment

Change Log

Important: Any merge into main deletes any edits to the draft changelog.
Once you are ready to tag a release, copy the draft changelog into CHANGELOG.md.

We use the Release Drafter workflow to automatically create a draft changelog. We follow the Keep a Changelog format.

To create the final change log:

• Copy the latest draft changelog into CHANGELOG.md (there can be multiple draft releases)
• Delete any trivial changes. Keep the list of those, to include in the PR
• Combine duplicate changes
• Edit change descriptions so they are consistent, and make sense to non-developers
• Check the category for each change
  • Prefer the "Fix" category if you're not sure

Change Categories

From "Keep a Changelog":

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

Release support constants

Needed for the end of support feature. Please update the following constants in this file:

• ESTIMATED_RELEASE_HEIGHT (required) - Replace with the estimated height you estimate the release will be tagged.
  

  
  - Find where the Zcash blockchain tip is now by using a Zcash explorer or other tool.
  - Consider there are aprox 1152 blocks per day (with the current Zcash 75 seconds spacing).
  - So for example if you think the release will be tagged somewhere in the next 3 days you can add 1152 * 3 to the current tip height and use that value here.
  

• EOS_PANIC_AFTER (optional) - Replace if you want the release to be valid for a different numbers of days into the future. The default here is 120 days.

Create the Release

Create the Release PR

After you have the version increments, the updated checkpoints, any missed dependency updates,
and the updated changelog:

• Make sure the PRs with the new checkpoint hashes and missed dependencies are already merged
• Push the version increments, the updated changelog and the release constants into a branch
  (for example: bump-v1.0.0-rc.0 - this needs to be different to the tag name)
• Create a release PR by adding &template=release-checklist.md to the comparing url (Example).
  • Add the list of deleted changelog entries as a comment to make reviewing easier.
• Freeze the batched queue using Mergify.
• Mark all the release PRs as Critical priority, so they go in the urgent Mergify queue.

Create the Release

• Once the PR has been merged, create a new release using the draft release as a base, by clicking the Edit icon in the draft release
• Set the tag name to the version tag,
  for example: v1.0.0-rc.0
• Set the release to target the main branch
• Set the release title to Zebra followed by the version tag,
  for example: Zebra 1.0.0-rc.0
• Replace the prepopulated draft changelog in the release description with the final changelog you created;
  starting just after the title ## [Zebra ... of the current version being released,
  and ending just before the title of the previous release.
• Mark the release as 'pre-release', until it has been built and tested
• Publish the pre-release to GitHub using "Publish Release"
• Delete all the draft releases from the list of releases

Binary Testing

• Wait until the Docker binaries have been built on main, and the quick tests have passed.
  (You can ignore the full sync and lightwalletd tests, because they take about a day to run.)
• Wait until the pre-release deployment machines have successfully launched
• Publish the release to GitHub by disabling 'pre-release', then clicking "Set as the latest release"
• Wait until the Docker images have been published
• Test the Docker image using docker run --tty --interactive zfnd/zebra:1.0.0-rc.<version>,
  and put the output in a comment on the PR
  
• Un-freeze the batched queue using Mergify.

Telling Zebra Users

• Post a summary of the important changes in the release in the #arborist and #communications Slack channels

If the release contains new features (major or minor), or high-priority bug fixes:

• Ask the team about doing a blog post

Release Failures

If building or running fails after tagging:

1. Fix the bug that caused the failure
2. Increment versions again, following these instructions from the start
3. Update the code and documentation with a new git tag
4. Update CHANGELOG.md with details about the fix
5. Tag a new release

[codecov]

Codecov Report

Merging #6821 (02e3573) into main (3820637) will increase coverage by 0.07%.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6821      +/-   ##
==========================================
+ Coverage   77.67%   77.75%   +0.07%     
==========================================
  Files         310      310              
  Lines       41418    41416       -2     
==========================================
+ Hits        32173    32203      +30     
+ Misses       9245     9213      -32     

[dconnolly]

• If Zebra has started using newer Rust language features or standard library APIs, update the known working Rust version in the README, book, and Cargo.tomls

Can we update the supported Rust version to 1.70? (The latest stable.)

We might be able to build with lower versions, but it seems like a good time to do an update.

Yeah I just re-ran cargo check with 1.68.0 but I'm fine with bumping as we approach stable

[dconnolly]

• If Zebra has started using newer Rust language features or standard library APIs, update the known working Rust version in the README, book, and Cargo.tomls

Can we update the supported Rust version to 1.70? (The latest stable.)
We might be able to build with lower versions, but it seems like a good time to do an update.

Yeah I just re-ran cargo check with 1.68.0 but I'm fine with bumping as we approach stable

Done in 2184089

[teor2345]

I think I was wrong about the rust-version

[dconnolly]

cargo update PR:
#6844

[dconnolly]

Original Release Drafter draft:

### Breaking Changes

This release has the following breaking changes:
- *TODO*: Check the `Removed` section for any breaking changes
- *TODO*: Add a short description of the user impact of each breaking change, and any actions users need to take
  
- fix(test): Refactor a network test function to be more robust ([#6724](https://github.com/ZcashFoundation/zebra/pull/6724))

### Security

- fix(log): Stop logging peer IP addresses, to protect user privacy ([#6662](https://github.com/ZcashFoundation/zebra/pull/6662))
- fix(log): Stop logging potentially sensitive user information from unmined transactions ([#6616](https://github.com/ZcashFoundation/zebra/pull/6616))
- fix(net): Rate-limit MetaAddrChange::Responded from peers ([#6738](https://github.com/ZcashFoundation/zebra/pull/6738))
- fix(network): Ignore out of order Address Book changes, unless they are concurrent ([#6717](https://github.com/ZcashFoundation/zebra/pull/6717))
- fix(security): Limit blocks and transactions sent in response to a single request  ([#6679](https://github.com/ZcashFoundation/zebra/pull/6679))
- fix(security): Rate-limit and size-limit peer transaction ID messages ([#6625](https://github.com/ZcashFoundation/zebra/pull/6625))
- fix(security): Stop panicking on state RPC or block requests with very large heights ([#6699](https://github.com/ZcashFoundation/zebra/pull/6699))

### Added

- change(log): Report compiler version and Zebra features when starting Zebra ([#6606](https://github.com/ZcashFoundation/zebra/pull/6606))
- docs(book): Update Zebra book summary to include supported platforms, platform tier policy, and versioning ([#6683](https://github.com/ZcashFoundation/zebra/pull/6683))
- docs(release-checklist): add cargo update steps to task list ([#6657](https://github.com/ZcashFoundation/zebra/pull/6657))
- fix(log): Limit RPC failure log length, add details to RPC failure logs ([#6754](https://github.com/ZcashFoundation/zebra/pull/6754))
- fix(log): Stop logging peer IP addresses, to protect user privacy ([#6662](https://github.com/ZcashFoundation/zebra/pull/6662))
- fix(tests): Add an integration test for error conversions from zebra-state to zebra-consensus ([#6665](https://github.com/ZcashFoundation/zebra/pull/6665))

### Changed

- build(deps): bump tj-actions/changed-files from 35.9.2 to 36.0.4 ([#6769](https://github.com/ZcashFoundation/zebra/pull/6769))
- change(ci): Turn CI errors into PR annotations for most CI jobs ([#6690](https://github.com/ZcashFoundation/zebra/pull/6690))
- change(doc): Fix TOC in `README.md` and simplify the "About" section ([#6766](https://github.com/ZcashFoundation/zebra/pull/6766))
- change(docs): Refactor the system requirements ([#6697](https://github.com/ZcashFoundation/zebra/pull/6697))
- change(docs): Update User Docs ([#6733](https://github.com/ZcashFoundation/zebra/pull/6733))
- change(log): Report compiler version and Zebra features when starting Zebra ([#6606](https://github.com/ZcashFoundation/zebra/pull/6606))
- fix(tests): Add an integration test for error conversions from zebra-state to zebra-consensus ([#6665](https://github.com/ZcashFoundation/zebra/pull/6665))

### Fixed

- build(deps): bump rocksdb from 0.20.1 to 0.21.0 ([#6640](https://github.com/ZcashFoundation/zebra/pull/6640))
- change(doc): Fix TOC in `README.md` and simplify the "About" section ([#6766](https://github.com/ZcashFoundation/zebra/pull/6766))
- change(docs): Update User Docs ([#6733](https://github.com/ZcashFoundation/zebra/pull/6733))
- cleanup: Delete unused zebra-cli and zebra-client crates ([#6726](https://github.com/ZcashFoundation/zebra/pull/6726))
- fix(ci): Give more time to the inbound service when queueing requests ([#6691](https://github.com/ZcashFoundation/zebra/pull/6691))
- fix(ci): Make job names in build-crates-individually.patch.yml consistent ([#6729](https://github.com/ZcashFoundation/zebra/pull/6729))
- fix(ci): Reduce number of sent transactions in tests ([#6736](https://github.com/ZcashFoundation/zebra/pull/6736))
- fix(ci): Use valid names for concurrency groups ([#6686](https://github.com/ZcashFoundation/zebra/pull/6686))
- fix(clippy): Resolve nightly clippy lints ([#6623](https://github.com/ZcashFoundation/zebra/pull/6623))
- fix(docs): Fix some inaccuracies in Docker docs ([#6723](https://github.com/ZcashFoundation/zebra/pull/6723))
- fix(log): Limit RPC failure log length, add details to RPC failure logs ([#6754](https://github.com/ZcashFoundation/zebra/pull/6754))
- fix(log): Stop logging peer IP addresses, to protect user privacy ([#6662](https://github.com/ZcashFoundation/zebra/pull/6662))
- fix(log): Stop logging potentially sensitive user information from unmined transactions ([#6616](https://github.com/ZcashFoundation/zebra/pull/6616))
- fix(net): Rate-limit MetaAddrChange::Responded from peers ([#6738](https://github.com/ZcashFoundation/zebra/pull/6738))
- fix(network): Ignore out of order Address Book changes, unless they are concurrent ([#6717](https://github.com/ZcashFoundation/zebra/pull/6717))
- fix(release): Allow inbound connections to Zebra running in Docker ([#6755](https://github.com/ZcashFoundation/zebra/pull/6755))
- fix(rpc): Use populated state in more RPC snapshot tests ([#6700](https://github.com/ZcashFoundation/zebra/pull/6700))
- fix(security): Limit blocks and transactions sent in response to a single request  ([#6679](https://github.com/ZcashFoundation/zebra/pull/6679))
- fix(security): Rate-limit and size-limit peer transaction ID messages ([#6625](https://github.com/ZcashFoundation/zebra/pull/6625))
- fix(security): Stop panicking on state RPC or block requests with very large heights ([#6699](https://github.com/ZcashFoundation/zebra/pull/6699))
- fix(test): Check for early exits in the end of support task test ([#6715](https://github.com/ZcashFoundation/zebra/pull/6715))
- fix(tests): Add an integration test for error conversions from zebra-state to zebra-consensus ([#6665](https://github.com/ZcashFoundation/zebra/pull/6665))

### Trivial *TODO:* put this in a PR comment, not the CHANGELOG

- Delete outdated `TODOs` refering to closed issues ([#6732](https://github.com/ZcashFoundation/zebra/pull/6732))
- build(deps): bump Swatinem/rust-cache from 2.2.1 to 2.3.0 ([#6684](https://github.com/ZcashFoundation/zebra/pull/6684))
- build(deps): bump Swatinem/rust-cache from 2.3.0 to 2.4.0 ([#6741](https://github.com/ZcashFoundation/zebra/pull/6741))
- build(deps): bump arduino/setup-protoc from 1.1.2 to 1.2.0 ([#6719](https://github.com/ZcashFoundation/zebra/pull/6719))
- build(deps): bump bitflags-serde-legacy from 0.1.0 to 0.1.1 ([#6721](https://github.com/ZcashFoundation/zebra/pull/6721))
- build(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 ([#6694](https://github.com/ZcashFoundation/zebra/pull/6694))
- build(deps): bump criterion from 0.4.0 to 0.5.0 ([#6757](https://github.com/ZcashFoundation/zebra/pull/6757))
- build(deps): bump criterion from 0.5.0 to 0.5.1 ([#6771](https://github.com/ZcashFoundation/zebra/pull/6771))
- build(deps): bump google-github-actions/setup-gcloud from 1.1.0 to 1.1.1 ([#6653](https://github.com/ZcashFoundation/zebra/pull/6653))
- build(deps): bump pin-project from 1.0.12 to 1.1.0 ([#6677](https://github.com/ZcashFoundation/zebra/pull/6677))
- build(deps): bump proptest from 1.1.0 to 1.2.0 ([#6758](https://github.com/ZcashFoundation/zebra/pull/6758))
- build(deps): bump regex from 1.8.1 to 1.8.2 ([#6748](https://github.com/ZcashFoundation/zebra/pull/6748))
- build(deps): bump regex from 1.8.2 to 1.8.3 ([#6770](https://github.com/ZcashFoundation/zebra/pull/6770))
- build(deps): bump reqwest from 0.11.17 to 0.11.18 ([#6707](https://github.com/ZcashFoundation/zebra/pull/6707))
- build(deps): bump rocksdb from 0.20.1 to 0.21.0 ([#6640](https://github.com/ZcashFoundation/zebra/pull/6640))
- build(deps): bump sentry from 0.31.0 to 0.31.1 ([#6734](https://github.com/ZcashFoundation/zebra/pull/6734))
- build(deps): bump sentry from 0.31.1 to 0.31.3 ([#6764](https://github.com/ZcashFoundation/zebra/pull/6764))
- build(deps): bump serde from 1.0.160 to 1.0.162 ([#6621](https://github.com/ZcashFoundation/zebra/pull/6621))
- build(deps): bump serde from 1.0.162 to 1.0.163 ([#6678](https://github.com/ZcashFoundation/zebra/pull/6678))
- build(deps): bump tj-actions/changed-files from 35.9.2 to 36.0.4 ([#6769](https://github.com/ZcashFoundation/zebra/pull/6769))
- build(deps): bump toml from 0.7.3 to 0.7.4 ([#6720](https://github.com/ZcashFoundation/zebra/pull/6720))
- build(deps): bump vergen from 8.1.3 to 8.2.0 ([#6742](https://github.com/ZcashFoundation/zebra/pull/6742))
- build(deps): bump vergen from 8.2.0 to 8.2.1 ([#6756](https://github.com/ZcashFoundation/zebra/pull/6756))
- change(ci): Turn CI errors into PR annotations for most CI jobs ([#6690](https://github.com/ZcashFoundation/zebra/pull/6690))
- change(doc): Fix TOC in `README.md` and simplify the "About" section ([#6766](https://github.com/ZcashFoundation/zebra/pull/6766))
- change(log): Report compiler version and Zebra features when starting Zebra ([#6606](https://github.com/ZcashFoundation/zebra/pull/6606))
- cleanup(docs): Remove outdated and complex information from the README ([#6728](https://github.com/ZcashFoundation/zebra/pull/6728))
- cleanup(gossip): Use a separate named constant for the gossip interval ([#6704](https://github.com/ZcashFoundation/zebra/pull/6704))
- cleanup(rust): Simplify code using closure capture in Rust 2021 edition ([#6737](https://github.com/ZcashFoundation/zebra/pull/6737))
- cleanup: Delete unused zebra-cli and zebra-client crates ([#6726](https://github.com/ZcashFoundation/zebra/pull/6726))
- docs(release-checklist): add cargo update steps to task list ([#6657](https://github.com/ZcashFoundation/zebra/pull/6657))
- fix(ci): Give more time to the inbound service when queueing requests ([#6691](https://github.com/ZcashFoundation/zebra/pull/6691))
- fix(ci): Make job names in build-crates-individually.patch.yml consistent ([#6729](https://github.com/ZcashFoundation/zebra/pull/6729))
- fix(ci): Use valid names for concurrency groups ([#6686](https://github.com/ZcashFoundation/zebra/pull/6686))
- fix(clippy): Resolve nightly clippy lints ([#6623](https://github.com/ZcashFoundation/zebra/pull/6623))
- fix(rpc): Use populated state in more RPC snapshot tests ([#6700](https://github.com/ZcashFoundation/zebra/pull/6700))
- fix(test): Check for early exits in the end of support task test ([#6715](https://github.com/ZcashFoundation/zebra/pull/6715))
- fix(tests): Add an integration test for error conversions from zebra-state to zebra-consensus ([#6665](https://github.com/ZcashFoundation/zebra/pull/6665))

[teor2345]

I think we missed a few PRs from the last week, was the draft changelog out of date?

[arya2]

This looks good.

[dconnolly]

docker release test good ✅

[teor2345]

• Publish the release to GitHub by disabling 'pre-release', then clicking "Set as the latest release"

Seems like we forgot this step? I just did it now.