Release Build Checklist - my-swift-lab/firefox-ios GitHub Wiki

In BuddyBuild, for an ITC build:

• Set schemes to Firefox / Firefox Beta
• enable: build for archive
• disable: only run tests
• optional: disable tests
• In Deployments tab, deploy the current branch to Apple

Git and source changes

• Create new vXX.x branch
• Update version number using update_version.sh
• Update Client/Info.plist MozWhatsNewTopic
• Update buddybuild_prebuild.sh uses of SENTRY_DSN_BETA_XXX (Why? We should stop this step)

Sentry

• Create new product, like firefox-ios-200 for v20.0
• Grab the private DSN URL from that product, add it to BuddyBuild env for SENTRY_DSN_BETA_XXX

App Store Connect

• Ensure release is set to use a 7-day rollout
• Copy translations from SUMO what's new for a given version.

Jira PI Request

Example ticket

Security Advisories

Setup

• git clone https://github.com/mozilla/foundation-security-advisories-private.git
• git clone https://github.com/tomrittervg/secadv.git
• cd secadv && cp apikey-example.py apikey.py
• Go to https://bugzilla.mozilla.org/userprefs.cgi?tab=apikey and create an API key. Paste it in apikey.py

Checking for Advisories

Make sure that the security bugs have an updated tracking flag with the correct version number

• cd ../secadv
• ./ios_advisories (version) -- (I needed to do /Users/garv/Library/Python/2.7/bin/pip install requests first)

missing advisory.txt

• create this file following https://wiki.mozilla.org/Security/Firefox/Security_Bug_Life_Cycle/Security_Advisories#Write_the_advisories
• attach it to the bug
• ask in #release-coordination for a CVE number @dveditz @tritter I need a CVE for https://bugzilla.mozilla.org/show_bug.cgi?id=xxx

Generate Advisory

• cd foundation-security-advisories-private
• pip install -r requirements.txt -- (/Users/garv/Library/Python/2.7/bin/pip in my case)

Generate the new advisory:

• ls announce/2020 (and note the last file present there)
• cd ../secadv
• ./ios_advisories (version) > ../foundation-security-advisories-private/announce/2020/mfsa2020-<xx>.yml Hopefully there are no errors. If it has errors and you need help, contact [sec-team].

Double check the file:

• less ../foundation-security-advisories-private/announce/2020/mfsa2020-<xx>.yml
• update the date in the file (labelled with 'FIXME'), or else check_advisories.py will fail
• Confirm it makes sense and adheres to the norms (https://wiki.mozilla.org/Security/Firefox/Security_Bug_Life_Cycle/Security_Advisories#Review_it_yourself)
• cd ../foundation-security-advisories-private
• ./check_advisories.py --all

Add and commit the file:

• git add announce/2020/mfsa-<xx>.yml
• git commit -m “Advisories for iOS Release Foo”
• git push origin

Await Apple approval of App

Publish Advisory

When Apple has approved the app, and you are ready to release it to users, go to #release-coordination on Slack Link to your specific commit in foundation-security-advisories-private and ask for the advisory to be made public. Tag @tritter @dveditz for visibility