Checklist

Build

1. Bump MockBot to Bot Framework SDK release 4.14.0
   • https://www.npmjs.com/package/botbuilder/v/4.14.0
2. ~Bump botframework-directlinejs to 0.14.1~
   • No newer version
3. Bump to 4.14.0
   • Update CHANGELOG.md to mark specific changes in 4.14.0
   • Run npm version --no-git-tag-version 4.14.0
   • Merged into master, the PR number is #3984
   • Commit is af70aaa
   • Do not merge any other unrelated changes after this PR. Any other PR merged, will need to be re-tested
4. Run daily pipeline manually, set “generate release version number” to true
   • (This will not push to NPM or CDN)
   • Pipeline name is BotFramework-WebChat-daily
   • The build number is 257964 and commit is af70aaa
5. Wait for WebChat-release-testing pipeline to complete
   • Pipeline name is Push-Release-Testing-to-GitHub-Pages
   • The release ID is 2751
6. Add manual tests to WebChat-release-testing as needed

Test

The test should run against the build artifacts from Azure Pipelines.

1. Manual testing on major browsers using webchat-release-testing
   • Before starting testing, update all the browser version to latest
   • Chrome 91.0.4472.124
   • Edge 91.0.864.64
   • Firefox 89.0.2
   • IE11 (IE Mode under Windows 11 22000.51)
   • macOS Safari 14.1.1 (16611.2.7.1.4)
   • iOS Safari 14.6
   • Android Chrome 91.0.4472.120
2. Test specific fixes related to 4.14.0 and previous releases
   • Using a new engine to strip Markdown (PR #3917)

Release

1. Verify on WebChat-release-testing
2. Make sure you are on master ~or qfe~ branch, run git status to check
3. git pull
4. Verify /package.json, /package-lock.json, and CHANGELOG.md has a version of 4.14.0
5. git log
   • Verify the latest commit is af70aaa
6. git tag v4.14.0
7. git push -u upstream v4.14.0
   • You do not need to kick off a build again, use the previous build
8. Create a new GitHub release, copy entries from CHANGELOG.md
   • Subresource Integrity can be generated by
     • From CDN: curl -H 'Accept-Encoding: gzip' https://cdn.botframework.com/botframework-webchat/4.14.0/webchat.js | gunzip - | openssl dgst -sha384 -binary | openssl base64 -A
     • From local: cat webchat.js | openssl dgst -sha384 -binary | openssl base64 -A
   • Attach assets including 3 JS files, stats.json and 5 tarballs
     • You can copy the artifacts from webchat-release-testing/drops
     • Tarballs download from npmjs

       curl -L -o botframework-directlinespeech-sdk-4.14.0.tgz https://registry.npmjs.org/botframework-directlinespeech-sdk/-/botframework-directlinespeech-sdk-4.14.0.tgz
       curl -L -o botframework-webchat-4.14.0.tgz https://registry.npmjs.org/botframework-webchat/-/botframework-webchat-4.14.0.tgz
       curl -L -o botframework-webchat-core-4.14.0.tgz https://registry.npmjs.org/botframework-webchat-core/-/botframework-webchat-core-4.14.0.tgz
       curl -L -o botframework-webchat-api-4.14.0.tgz https://registry.npmjs.org/botframework-webchat-api/-/botframework-webchat-api-4.14.0.tgz
       curl -L -o botframework-webchat-component-4.14.0.tgz https://registry.npmjs.org/botframework-webchat-component/-/botframework-webchat-component-4.14.0.tgz
       

9. Kick off release to NPM
   • Release name is [[PROD]]Push-WebChat-to-npmjs
   • The build number is 257964 release number is 33 and commit is af70aaa
   • Verify package content then click Resume
   • Retain the build indefinitely
10. Kick off release to CDN (CDN CUTOFF TIME IS 2PM PST)
    1. Prepare the email for approval
    • Release name is [[PROD]]Push-WebChat-to-Prod-CDN-with-approval
    • The build number is 257964, release number is 39 and commit is af70aaa
    • Script build number is 131156 (this is fixed)
    1. Send reminder email to approvers
    • Retain the build indefinitely

Post-release verification - complete within 30mins / 1hr of the release

• Test using webchat-release-testing
  1. Clone https://github.com/corinagum/WebChat-release-testing/
  2. 01.create-react-app
     1. Nuke 01.create-react-app/node_modules
     2. npm install
     3. npm install botframework-webchat@4.14.0 (just install the bundle package)
     4. npm run build
  3. Others
     • Using script tags from https://github.com/microsoft/BotFramework-WebChat/releases/tag/v4.14.0, with subresource integrity

       <script
          crossorigin="anonymous"
          integrity="sha384-"
          src="https://cdn.botframework.com/botframework-webchat/latest/webchat-es5.js"
       ></script>
       

  4. npx serve (at repo root)
  5. Go to http://localhost:5000/ to test, including IE11

Notification to interested parties

• Update partner page on Adaptive Cards doc
  • https://docs.microsoft.com/en-us/adaptive-cards/resources/partners
  • PR at https://github.com/MicrosoftDocs/AdaptiveCards/pull/405
• Notify related parties for the following fixes
  • SDK team
  • Omnichannel
  • Pooja
• Update root README.md with feature notes – Note: PR will be combined with post-release checklist PR
• Update https://github.com/microsoft/BotFramework-sdk/issues/6334

Post-release checklist

These are chores that we should do before starting the cycle to reduce ripple effects if we do it in mid-cycle.

Tips:

• Clean your repo before start
• Remove node_modules from all folder
  • git clean -fdx
• Never delete package-lock.json
• If you mess it up, tableflip and redo
• In component/package.json
  • Remove reference to botframework-webchat-core by hand-modifying package.json
  • Then, npm install (symlinks will be broken afterward)
  • Then, add those references back by hand-modifying package.json
  • This also applies for other packages with similar dependencies/symlinks
  • To build afterward, do tableflip to rebuild those symlinks

Applies to all releases

This list should be copied to versions in the future.

• ~If on QFE branch, make sure CHANGELOG.md and version number bump is cherry-picked to master~
  • ~git checkout master~
  • ~git cherry-pick XXX (the commitish for bumping version number and CHANGELOG.md)~
• Correct the date for 4.14.0 in CHANGELOG.md
  • There could be last minute fixes that could push the planned date later than the one in CHANGELOG.md
• Bump package.json to 4.14.1-0
  • Run npm version prepatch --no-git-tag-version
• Update servicingPlan.json
  • Add deprecation notes for previous versions
  • Subresource integrity hash from https://github.com/microsoft/BotFramework-WebChat/releases/tag/v4.14.0
• Update all samples to use 4.14.0
  • Some samples are pointing to GitHub Releases because the sample need new features from daily build
  • Search “https://github.com/microsoft/BotFramework-WebChat/releases/download/”
    • And replace with “https://cdn.botframework.com/botframework-webchat/latest/”
• Clean up unnecessary branch on official repo

The PR is https://github.com/microsoft/BotFramework-WebChat/pull/XXX

Applies to major/minor releases

Bump all dependencies to latest version

On each package.json under root and /packages/:

• All NPM packages (@babel/*, jest, lerna, typescript, webpack, etc) in PR #XXX
  • Don’t bump the following packages
    • react, react-dom, redux, redux-saga, @types/react
    • sanitize-html
      • When bumping sanitize-html, make sure bundle/postinstall scripts continue to works as we only transpile a single index.js file and assume the sanitize-html package will keep it that way
    • serve
      • Because newer version could be buggy on Windows
    • rxjs@5 on playground
    • webpack@4
      • Starting from version 5, they dropped Node.js polyfills for browsers
      • Keep the following dependencies because their latest version requires webpack@5
        • html-webpack-plugin@4
        • source-map-loader
    • microsoft-cognitiveservices-speech-sdk
      • We will bump it in a separate PR
    • adaptivecards
      • We will bump it in a separate PR
    • expect@25 under test/harness
      • The newer version requires Node.js (graceful-fs)
• Run npm audit fix to make sure everything is fixed
• Test under IE11 to make sure all dependencies are working
• List steps to verify bumping microsoft-cognitiveservices-speech-sdk

Obstacles to bump npm

As of writing, npm@7.19.1 (bundled by node@16) has issue on running postinstall script.

Also, microsoft-cognitiveservices-speech-sdk@1.17.0 is peer-depends on @angular/common, which npm@7 will automatically install missing peer dependencies. Track the issue here.

We need at least both issues to be fixed before we can jump to npm@7.

Bump Docker image

The Docker image can be found at root docker-compose.yml and Dockerfile*.

• Docker container for headless Chrome (#XXX)
  • They recently moved from 3.14.159-xxx tag scheme to a more sensible 87.0 tag scheme
  • Tags can be found at https://hub.docker.com/r/selenium/node-chrome/tags
  • Preferably in separate PR because screenshots change can be large occasionally
  • Run tests locally, as the screenshots can be slightly different