|
| 1 | +# BioShell Operational Update Schedule & Maintenance Plan |
| 2 | + |
| 3 | +## 1. Background & Context |
| 4 | + |
| 5 | +This document defines the update cadence, automated tooling, roles, and review workflow that keeps BioShell images current, reproducible, and compatible across all supported infrastructures. |
| 6 | + |
| 7 | +## 2. Versioning |
| 8 | + |
| 9 | +BioShell follows [Semantic Versioning](https://semver.org/) (SemVer): `MAJOR.MINOR.PATCH` |
| 10 | + |
| 11 | +| Version increment | Trigger | Action | Example | |
| 12 | +|---|---|---|---| |
| 13 | +| MAJOR (`X.0.0`) | Breaking changes — users must change how they work | Manual | New base OS, dropping an infrastructure platform, restructured access model | |
| 14 | +| MINOR (`1.X.0`) | New features, backwards compatible | GitHub Action (~6 monthly), or manual for larger additions | New software bundle, new interface (RStudio), new platform supported, significant new dataset | |
| 15 | +| PATCH (`1.1.X`) | Bug fixes and small updates | Manual | Patched config, corrected dataset, minor documentation fix | |
| 16 | + |
| 17 | +The version number is defined by the `image_version` variable in [`build/openstack-bioshell.pkr.hcl`](../build/openstack-bioshell.pkr.hcl) and is tied to a specific VM image snapshot — not to documentation or policy changes alone. Notable changes are recorded in [CHANGELOG.md](../CHANGELOG.md). |
| 18 | + |
| 19 | +Pre-1.0.0, release-candidate labels (e.g. `1.0.0-rc1`) may be used to signal a build intended for validation ahead of a production release. The jump to `1.0.0` signals production readiness. |
| 20 | + |
| 21 | +## 3. Objectives of the Update Process |
| 22 | + |
| 23 | +- Maintain a predictable update cadence aligned with infrastructure maintenance windows. |
| 24 | +- Automate routine base-tool version bumps via GitHub Actions, reducing manual effort. |
| 25 | +- Ensure build reproducibility through modularised Ansible roles. |
| 26 | +- Guarantee image compatibility across Nectar, Nirin, and future cloud platforms. |
| 27 | +- Provide a consistent versioning and release workflow through GitHub. |
| 28 | +- Maintain automated checks to validate tool versions before release. |
| 29 | +- Facilitate timely cross-infrastructure review and approval. |
| 30 | + |
| 31 | +## 4. Update Frequency & Cadence |
| 32 | + |
| 33 | +Scheduled updates run twice a year (January and July), aligned to infrastructure maintenance windows, with patch releases as required outside that cycle. |
| 34 | + |
| 35 | +## 5. GitHub Actions Automation |
| 36 | + |
| 37 | +Routine base-tool version bumps are automated by the [`update-tool-versions`](../.github/workflows/update-tool-versions.yml) workflow. This removes the need for manual monitoring of upstream tool releases and ensures updates are reviewed through a consistent pull request workflow. |
| 38 | + |
| 39 | +| Element | Detail | |
| 40 | +|---|---| |
| 41 | +| Trigger | Scheduled cron job, `0 3 1 1,7 *` (03:00 UTC on 1 January and 1 July); also runnable on demand via `workflow_dispatch` | |
| 42 | +| Check | [`check-versions.py`](../.github/scripts/check-versions.py) compares the pinned versions in [`build/ansible/vars/tool-versions.yml`](../build/ansible/vars/tool-versions.yml) against upstream (GitHub releases, PyPI, apt, vendor endpoints) for Singularity, shpc, Go, Nextflow, nf-core, RStudio, Snakemake, and R | |
| 43 | +| Bump | If any tool version changed, [`bump-image-version.py`](../.github/scripts/bump-image-version.py) increments the MINOR version of `image_version` in `build/openstack-bioshell.pkr.hcl` | |
| 44 | +| Output | Opens a pull request with a summary table of the tool versions changed | |
| 45 | +| Review | PR reviewed | |
| 46 | +| Merge & tag | Product owner (or delegate) merges the approved PR and tags the new version in GitHub | |
| 47 | + |
| 48 | +Notes on what the workflow does **not** cover: |
| 49 | +- `java_version` is a major-LTS selector and is intentionally excluded from auto-bumping. |
| 50 | +- Manual or ad-hoc updates outside the cron cycle remain possible for urgent security patches — these follow the same PR-review-merge workflow, just triggered manually (`workflow_dispatch` or a direct PR) instead of waiting for the next cron run. |
| 51 | +- The workflow only bumps *pinned tool versions*. New software bundles, new platforms, or other MINOR/MAJOR changes are made by hand and versioned manually per the table in [Section 2](#2-versioning). |
| 52 | + |
| 53 | +## 6. Release Checklist |
| 54 | + |
| 55 | +When merging a version bump (automated or manual): |
| 56 | + |
| 57 | +1. Confirm the automated version-check PR (or manual change) has been reviewed by both platform collaborators. |
| 58 | +2. Build and smoke-test the image on at least one of Nectar or Nirin before merge, where practical. |
| 59 | +3. Merge the PR. |
| 60 | +4. Tag the release in GitHub matching `image_version` (e.g. `v1.1.0`). |
| 61 | +5. Add an entry to [CHANGELOG.md](../CHANGELOG.md) summarising the change. |
0 commit comments