repo release process

This is the process for creating a new release of repo, as well as all the related topics and flows.


There is no specific schedule for when releases are made. Usually it‘s more along the lines of “enough minor changes have been merged”, or "there’s a known issue the maintainers know should get fixed". If you find a fix has been merged for an issue important to you, but hasn't been released after a week or so, feel free to contact us to request a new release.

Release Freezes

We try to observe a regular schedule for when not to release. If something goes wrong, staff need to be active in order to respond quickly & effectively. We also don't want to disrupt non-Google organizations if possible.

We generally follow the rules:

Launcher script

The main repo script serves as a standalone program and is often referred to as the “launcher script”. This makes it easy to copy around and install as you don't have to install any other files from the git repo.

Whenever major changes are made to the launcher script, you should increment the VERSION variable in the launcher itself. At runtime, repo will check this to see if it needs to be updated (and notify the user automatically).

Key management

Every release has a git tag that is signed with a key that repo recognizes. Those keys are hardcoded inside of the repo launcher itself -- look for the KEYRING_VERSION and MAINTAINER_KEYS settings.

Adding new keys to the repo launcher will allow tags to be recognized by new keys, but only people using that updated version will be able to. Since the majority of users will be using an official launcher version, their version will simply ignore any new signed tags.

If you want to add new keys, it's best to register them long ahead of time, and then wait for that updated launcher to make its way out to everyone. Even then, there will be a long tail of users with outdated launchers, so be prepared for people asking questions.

Registering a new key

The process of actually adding a new key is quite simple.

  1. Add the public half of the key to MAINTAINER_KEYS.
  2. Increment KEYRING_VERSION so repo knows it needs to update.
  3. Wait a long time after that version is in a release (~months) before trying to create a new release using those new keys.

Self update algorithm

When creating a new repo checkout with repo init, there are a few options that control how repo finds updates:

  • --repo-url: This tells repo where to clone the full repo project itself. It defaults to the official project (REPO_URL in the launcher script).
  • --repo-rev: This tells repo which branch to use for the full project. It defaults to the stable branch (REPO_REV in the launcher script).

Whenever repo sync is run, repo will check to see if an update is available. It fetches the latest repo-rev from the repo-url. Then it verifies that the latest commit in the branch has a valid signed tag using git tag -v (which uses gpg). If the tag is valid, then repo will update its internal checkout to it.

If the latest commit doesn't have a signed tag, repo will fall back to the most recent tag it can find (via git describe). If that tag is valid, then repo will warn and use that commit instead.

If that tag cannot be verified, it gives up and forces the user to resolve.

Branch management

All development happens on the main branch and should generally be stable.

Since the repo launcher defaults to tracking the stable branch, it is not normally updated until a new release is available. If something goes wrong with a new release, an older release can be force pushed and clients will automatically downgrade.

The maint branch is used to track the previous major release of repo. It is not normally meant to be used by people as stable should be good enough. Once a new major release is pushed to the stable branch, then the previous major release can be pushed to maint. For example, when stable moves from v1.10.x to v1.11.x, then the maint branch will be updated from v1.9.x to v1.10.x.

We don‘t have parallel release branches/series. Typically all tags are made against the main branch and then pushed to the stable branch to make it available to the rest of the world. Since repo doesn’t typically see a lot of changes, this tends to be OK.

Creating a new release

When you want to create a new release, you‘ll need to select a good version and create a signed tag using a key registered in repo itself. Typically we just tag the latest version of the main branch. The tag could be pushed now, but it won’t be used by clients normally (since the default repo-rev setting is stable). This would allow some early testing on systems who explicitly select main.

Creating a signed tag

Lets assume your keys live in a dedicated directory, e.g. ~/.gnupg/repo/.

If you need access to the official keys, check out the internal documentation at go/repo-release. Note that only official maintainers of repo will have access as it describes internal processes for accessing the restricted keys.
# Set the gpg key directory.
$ export GNUPGHOME=~/.gnupg/repo/

# Verify the listed key is “Repo Maintainer”.
$ gpg -K

# Pick whatever branch or commit you want to tag.
$ r=main

# Pick the new version.
$ t=1.12.10

# Create the signed tag.
$ git tag -s v$t -u "Repo Maintainer <>" -m "repo $t" $r

# Verify the signed tag.
$ git show v$t

Push the new release

Once you're ready to make the release available to everyone, push it to the stable branch.

Make sure you never push the tag itself to the stable branch! Only push the commit -- notice the use of $t and $r below.

$ git push v$t
$ git push $r:stable

If something goes horribly wrong, you can force push the previous version to the stable branch and people should automatically recover. Again, make sure you never push the tag itself!

$ oldrev="whatever-old-commit"
$ git push $oldrev:stable --force

Announce the release

Once you do push a new release to stable, make sure to announce it on the group. Here is an example announcement.

You can create a short changelog using the command:

# If you haven't pushed to the stable branch yet, you can use origin/stable.
# If you have pushed, change origin/stable to the previous release tag.
$ git log --format="%h (%aN) %s" --no-merges origin/stable..$r

Project References

Here's a table showing the relationship of major tools, their EOL dates, and their status in Ubuntu & Debian. Those distros tend to be good indicators of how long we need to support things.

Things in bold indicate stuff to take note of, but does not guarantee that we still support them. Things in italics are things we used to care about but probably don't anymore.

DateEOLGitPythonUbuntu / DebianGitPython
Oct 2008Oct 20132.6.010.04 Lucid - 10.10 Maverick / Squeeze
Dec 2008Feb 20093.0.0
Feb 2009Mar 2012Debian 5 Lenny1.
Jun 2009Jun 20163.1.010.04 Lucid - 10.10 Maverick / Squeeze
Feb 2010Oct 20121.7.010.04 Lucid - 12.04 Precise - 12.10 Quantal
Apr 2010Apr 201510.04 Lucid1. 3.1.2
Jul 2010Dec 20192.7.011.04 Natty -
Oct 201010.10 Maverick1. 3.1.3
Feb 2011Feb 2016Debian 6 Squeeze1. 3.1.3
Apr 201111.04 Natty1. 3.2.0
Oct 2011Feb 20163.2.011.04 Natty - 12.10 Quantal
Oct 201111.10 Ocelot1. 3.2.2
Apr 2012Apr 201912.04 Precise1. 3.2.3
Sep 2012Sep 20173.3.013.04 Raring - 13.10 Saucy
Oct 2012Dec 20141.8.013.04 Raring - 13.10 Saucy
Oct 201212.10 Quantal1. 3.2.3
Apr 201313.04 Raring1. 3.3.1
May 2013May 2018Debian 7 Wheezy1. 3.2.3
Oct 201313.10 Saucy1. 3.3.2
Feb 2014Dec 20141.9.014.04 Trusty
Mar 2014Mar 20193.4.014.04 Trusty - 15.10 Wily / Jessie
Apr 2014Apr 202214.04 Trusty1. 3.4.0
May 2014Dec 20142.0.0
Aug 2014Dec 20142.1.014.10 Utopic - 15.04 Vivid / Jessie
Oct 201414.10 Utopic2. 3.4.2
Nov 2014Sep 20152.2.0
Feb 2015Sep 20152.3.0
Apr 2015May 20172.4.0
Apr 2015Jun 2020Debian 8 Jessie2. 3.4.2
Apr 201515.04 Vivid2. 3.4.3
Jul 2015May 20172.5.015.10 Wily
Sep 2015May 20172.6.0
Sep 2015Sep 20203.5.016.04 Xenial - 17.04 Zesty / Stretch
Oct 201515.10 Wily2. 3.4.3
Jan 2016Jul 20172.7.016.04 Xenial
Mar 2016Jul 20172.8.0
Apr 2016Apr 202416.04 Xenial2. 3.5.1
Jun 2016Jul 20172.9.016.10 Yakkety
Sep 2016Sep 20172.10.0
Oct 201616.10 Yakkety2. 3.5.1
Nov 2016Sep 20172.11.017.04 Zesty / Stretch
Dec 2016Dec 20213.6.017.10 Artful - 18.04 Bionic - 18.10 Cosmic
Feb 2017Sep 20172.12.0
Apr 201717.04 Zesty2. 3.5.3
May 2017May 20182.13.0
Jun 2017Jun 2022Debian 9 Stretch2. 3.5.3
Aug 2017Dec 20192.14.017.10 Artful
Oct 2017Dec 20192.15.0
Oct 201717.10 Artful2. 3.6.3
Jan 2018Dec 20192.16.0
Apr 2018Dec 20192.17.018.04 Bionic
Apr 2018Apr 202818.04 Bionic2. 3.6.5
Jun 2018Dec 20192.18.0
Jun 2018Jun 20233.7.019.04 Disco - 20.04 Focal / Buster
Sep 2018Dec 20192.19.018.10 Cosmic
Oct 201818.10 Cosmic2. 3.6.6
Dec 2018Dec 20192.20.019.04 Disco / Buster
Feb 2019Dec 20192.21.0
Apr 201919.04 Disco2. 3.7.3
Jun 20192.22.0
Jul 2019Jul 2024Debian 10 Buster2. 3.7.3
Aug 20192.23.0
Oct 2019Oct 20243.8.0
Oct 201919.10 Eoan2. 3.7.5
Nov 20192.24.0
Jan 20202.25.020.04 Focal
Apr 2020Apr 203020.04 Focal2. 3.7.5