It appears as though we need an easier (ideally non-manual) strategy for building the relevant Docker images for the integration between Tendermint and KMS. This strategy needs to take into account the fact that Tendermint and KMS releases happen independently.

So the process right now is as follows:

1. From the Tendermint side, when either Tendermint or KMS versions change:
   1. Build the tm-signer-harness Docker image using make docker-image
   2. Push the tendermint/tm-signer-harness image to Docker Hub (see here)
2. From the KMS side, when either Tendermint or KMS versions change:
   1. Build the KMS build image using, for example, docker build -t tendermint/kms:build-2019-06-05-v0 --build-arg TENDERMINT_VERSION=v0.31.7 .
   2. Push the tendermint/kms:build-YYYY-mm-dd-vX image to Docker Hub (see here)
   3. Update the CircleCI configuration to use the new KMS image.

How would we go about automating as much of this process as possible? I can see 1.i, 1.ii, 2.i and 2.ii being automated relatively easily, but the last step in 2.iii will most likely continue to be a manual step (and rightly so, probably).

When would be an appropriate time to do such releases? When new tags are pushed?

My personal preference for Rust testing (not sure how it fits into this workflow) is to test on the minimum supported Rust version (i.e. for KMS), along with the latest stable version. For #259, that'd be 1.35.0 (which, as it were, happens to also be the latest stable).

When would be an appropriate time to do such releases? When new tags are pushed?

Ideally it'd be close to the Rust stable release cadence, which is every 6 weeks.

Definitely makes sense. Is there some way we can get CircleCI to be triggered by a Rust stable release?

I think if you can set up some sort of timer to go off every 6 weeks, that should be fairly close.