You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bval.apache.org by co...@apache.org on 2012/02/23 22:18:00 UTC
[CONF] Apache BVal > Release Process
Space: Apache BVal (https://cwiki.apache.org/confluence/display/BeanValidation)
Page: Release Process (https://cwiki.apache.org/confluence/display/BeanValidation/Release+Process)
Edited by Matt Benson:
---------------------------------------------------------------------
We'll be using the Apache Nexus repository (repository.apache.org) for releasing SNAPSHOT and release artifacts. More details on releasing artifacts and using Nexus can be found on the Maven website at - [http://maven.apache.org/developers/release/apache-release.html]
h3. Release Steps
# Environment setup for releasing artifacts (same for SNAPSHOTs and releases) -
## Increase the default Java heap available to Maven (required for Java SE 6)
{code:none}
export MAVEN_OPTS="-Xmx1024m -XX:MaxPermSize=256m"
{code}
## Use the latest Sun 1.6.0 JDK
## Use Maven 2.2.1 or later (2.2.1 is required for release signing fixes)
## Make sure the [Release Setup] steps have been performed.
# Prepare the source for release:
## Cleanup JIRA so the Fix Version in issues resolved since the last release includes this release version correctly. Also, transition any Resolved issues to the Closed state.
## Update the text files in a working copy of the project root -
### Update the CHANGES.txt based on the Text release reports from JIRA.
### Review and update README.txt if needed.
### Commit any changes back to svn -
{code:none}
$ svn commit -m "updating files for release"
{code}
## Stage any Roadmap or Release landing pages on the wiki.
## Use "mvn rat:check" to verify the source has the required headers before trying to release.
## Perform a full build and deploy the SNAPSHOT artifacts
{code:none}
$ mvn clean deploy -Papache-release
{code}
## Run the [JSR303 TCK] to verify the latest code passes.
## Inspect the files in your local target directories to ensure:
### All jars and zips include: LICENSE, NOTICE, DISCLAIMER files
### The NOTICE files cover all third-party included files (like XSD schemas)
### The LICENSE files include any third-party licenses (none at this time)
### All jars/zips/poms have .asc (PGP signature) and md5 files
# For new major releases (like 1.0.0 to 1.1.0)
## Create a sub-branch from which to make the release. Releasing from a branch will allow any cosmetic changes that need to be made for the release to be approved to be done without preventing other more disruptive advances in the trunk from potentially causing problems with the release. It also provides a future maintenance branch (like 1.0.x.) A branch can be made by running: \\
{code:none}
$ mvn release:branch -DbranchName=1.0.x
{code}
# Checkout a clean copy of the trunk/branch to release using command line svn.
## Do not use Eclipse to do the checkout. The extra dot (.) files created by Eclipse throws off the rat:check processing. \\
{code:none}
$ svn checkout https://svn.apache.org/repos/asf/bval/trunk/ 1.0-rc1/
{code}
# Do a dry run of the release:prepare step.
## The dry run will not commit any changes back to SVN and gives you the opportunity to verify that the release process will complete as expected. You will be prompted for the following information :
### Release version - take the default - (default 1.0)
### SCM release tag - *DO NOT TAKE THE DEFAULT - (default bval-1.0): : 1.0
### New development version - take the default - (default 1.0.1-SNAPSHOT)
### _optional_ if you have not specified a GPG passphrase in settings.xml you will be prompted for it.
{code:none}
$ mvn -Papache-release release:prepare -DdryRun=true
<snip>
[INFO] Working directory: /Users/drwoods/bval/1.0-rc1
[INFO] Checking dependencies and plugins for snapshots ...
What is the release version for "Apache BVal :: bval-parent (Parent POM)"? (org.apache.bval:bval-parent) 1.0: :
What is SCM release tag or label for "Apache BVal :: bval-parent (Parent POM)"? (org.apache.bval:bval-parent) bval-parent-1.0: : 1.0
What is the new development version for "Apache BVal :: bval-parent (Parent POM)"? (org.apache.bval:bval-parent) 1.0.1-SNAPSHOT: :
[INFO] Transforming 'Apache BVal :: bval-parent (Parent POM)'...
<snip>
{code}
{note}
If you cancel a release:prepare before it updates the pom.xml versions, then use the *release:clean* goal to just remove the extra files that were created.
{note}
# Verify that the release process completed as expected
## The release plugin will create pom.xml.tag files which contain the changes that would have been committed to SVN. The only differences between pom.xml.tag and it's corresponding pom.xml file should be the version number.
## If other formatting changes have been made you should review the changes and then commit them -
{code:none}
$ svn commit -m "fixing formatting for release"
{code}
## Assuming the .tag files look OK you may proceed and do any other validation you feel necessary. The following list may be helpful
### Check release.properties and make sure that the scm properties have the right version. Sometimes the scm location can be the previous version not the next version.
### verify signatures [#Verifying release signatures]
### if you have access to the TCK, run it [JSR303 TCK]
## Once any failures or required updates have been committed to svn, rollback the release prepare files -
{code:none}
$ mvn -Papache-release release:rollback
{code}
# Prepare the release
## Run the "release:prepare" step for real this time. You'll be prompted for the same version information and optionally your GPG passphrase again.
{note}Different arguments and steps are required as there are problems with the maven-jar-plugin and maven-release-plugin when using the test-jar goal. See [http://jira.codehaus.org/browse/MJAR-68] and [http://jira.codehaus.org/browse/MRELEASE-285].
{note}
{code:none}
$ mvn release:prepare -Papache-release -DskipTests=true -DpreparationGoals="clean install"
{code}
# Backup (zip or tar) your local release candidate directory in case you need to rollback the release after the next step is performed.
{code:none}
cd ..
tar -czf 1.0-rc1.tar.gz 1.0-rc1/
cd 1.0-rc1
{code}
# Perform the release
## This step will create a maven staging repository and site for use in testing and voting. You will be prompted for your repository.apache.org and people.apache.org password several times if you have not added server profiles to your settings.xml. See [Release Setup] for more information.
{code:none}
$ mvn release:perform -Papache-release -Duser.name=<your_apache_uid>
{code}
{note} If your local OS userid doesn't match your Apache userid, then you'll have to also override the value provided by the OS to Maven for the site-deploy step to work. This is known to work for Linux, but not for Mac and unknown for Windows.
{note}
## The maven-release-plugin is configured with goals "deploy site site:deploy" and will deploy the site files to a staging-site directory on people.apache.org.
# Verify the release artifacts
## Verify the HTML links in staging-site/index.html are correct
## Verify the staged artifacts in the nexus repo
### https://repository.apache.org/index.html
### Enterprise --> Staging
### Staging tab --> Name column --> org.apache.bval
### Navigate through the artifact tree and make sure that all javadoc, sources, tests, jars, ... have .asc (GPG signature) and .md5 files. See [http://people.apache.org/~henkp/repo/faq.html] and [http://www.apache.org/dev/release-signing.html#openpgp-ascii-detach-sig]
## Close the nexus staging repo
### https://repository.apache.org/index.html
### Enterprise --> Staging
### Staging tab --> Name column --> org.apache.bval
### Right click on the open staging repo (org.apache.bval-XXX) and select Close.
# Put the release candidate up for a vote
## Create a VOTE email thread on bval-dev@ to record votes as replies, like -
{code:none}
To: bval-dev@
Subject: [VOTE] Apache BVal 1.0 Release Candidate
I've created a 1.0 release candidate, with the following artifacts up for a vote:
SVN source tag (r950702):
https://svn.apache.org/repos/asf/bval/tags/1.0/
Maven staging repo:
https://repository.apache.org/content/repositories/orgapachebval-020/
Source release:
https://repository.apache.org/content/repositories/orgapachebval-020/org/apache/bval/bval-parent/1.0/bval-parent-1.0-source-release.zip
Javadoc staging site:
http://people.apache.org/~mbenson/bval/1.0/staging-site/apidocs/
PGP release keys (signed using D018E6B1):
https://svn.apache.org/repos/asf/bval/KEYS
Vote will be open for 72 hours.
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
{code}
## Create a DISCUSS email thread on bval-dev@ for any vote questions, like -
{code:none}
To: bval-dev@
Subject: [DISCUSS] Apache BVal 1.0 Release Candidate
Discussion thread for vote on 1.0 release candidate, with SVN source tag (r999999).
For more information on the release process, checkout -
http://www.apache.org/dev/release.html
Some of the things to check before voting are:
- does "mvn apache-rat:check" pass on the source
- can you build the contents of source-release.zip and svn tag
- do all of the staged jars/zips contain the required LICENSE, NOTICE
and DISCLAIMER files
- are all of the staged jars signed and the signature verifiable
- is the signing key in the project's KEYS file and on a public server
- does the release pass the TCK
{code}
## Perform a review of the release and cast your vote. See the following for more details on Apache releases -
### [http://www.apache.org/dev/release.html]
## A -1 vote does not necessarily mean that the vote must be redone, however it is usually a good idea to rollback the release if a -1 vote is received. See - [#Recovering from a vetoed release]
## After the vote has been open for at least 72 hours, has at least three +1 PMC votes and no -1 votes, then post the results to the vote thread by -
### reply to the initial email and prepend to the original subject -
{code:none}[RESULT]{code}
### Include a list of everyone who voted +1, 0 or -1.
# Finalizing a release
## Promote the staged nexus artifacts -
### https://repository.apache.org/index.html
### Enterprise --> Staging
### Staging tab --> Name column --> org.apache.bval
### Right click on the closed staging repo (org.apache.bval-XXX) and select Promote.
## Copy the staged site over to our website area
{code:none}
$ ssh ${user.name}@people.apache.org
$ mkdir /www/bval.apache.org/${project.version}
$ cp -R ~/public_html/bval/${project.version}/staging-site/* /www/bval.apache.org/${project.version}
# Make sure all the copied files have g+rw set and only o+r set
$ cd /www/bval.apache.org
$ find . -user ${user.name} -type f | xargs chmod 664
$ find . -user ${user.name} -type d | xargs chmod 775
{code}
## Update the *Documentation* wiki page to point to the new apidocs
{code:none}
http://bval.apache.org/${project.version}/apidocs/
{code}
## Copy the distribution artifacts over to the distribution area
{code:none}
$ ssh ${user.name}@people.apache.org
$ mkdir /www/www.apache.org/dist/bval/${project.version}
$ cd /www/www.apache.org/dist/bval/${project.version}
$ wget https://repository.apache.org/content/repositories/releases/org/apache/bval/bval-parent/${project.version}/bval-parent-${project.version}-source-release.zip
$ wget https://repository.apache.org/content/repositories/releases/org/apache/bval/bval-parent/${project.version}/bval-parent-${project.version}-source-release.zip.asc
$ wget https://repository.apache.org/content/repositories/releases/org/apache/bval/bval-parent/${project.version}/bval-parent-${project.version}-source-release.zip.md5
$ wget https://repository.apache.org/content/repositories/releases/org/apache/bval/bval-parent/${project.version}/bval-parent-${project.version}-source-release.zip.sha1
# Make sure all the copied files have g+rw set and only o+r set
$ find . -user ${user.name} -type f | xargs chmod 664
$ find . -user ${user.name} -type d | xargs chmod 775
# Note: All of the artifacts are in the maven repos, but we may create an assembly to publish in future releases
{code}
## Update the *Downloads* wiki page to point to the new release artifacts
{code:none}
http://www.apache.org/dyn/closer.cgi/bval/${project.version}/
http://repo1.maven.org/maven2/org/apache/bval/${artifactId}/${project.version}/
{code}
## Update the [JIRA versions | https://issues.apache.org/jira/secure/project/ManageVersions.jspa?pid=12311080] page to mark the version as "released", and set the date to the date that the release was approved. You may also need to make a new release entry for the next release.
# Announcing the release
## After the mirrors have had time to update (24 hours to be on the safe side) update the wiki with pointers to the new release
## Make a [news announcement|http://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=BeanValidation] on the BVal wiki.
## Make an announcement about the release on the [mailto:users@bval.apache.org], [mailto:dev@bval.apache.org], and [mailto:announce@apache.org] list as per [the Apache Announcement Mailing Lists page|http://www.apache.org/foundation/mailinglists.html#foundation-announce])
\\
h3. Recovering from a vetoed release
# Reply to the initial vote email and prepend to the original subject -
{code:none}[CANCELED]{code}
# Rollback the version upgrades in trunk by either -
## Restore the 0.1-rc1.tar.gz and run
{code:none}
$ mvn -Papache-release release:rollback
{code}
## Manually revert the versions in trunk to the prior version and commit
# Delete the svn tag created by the release:perform step -
{code:none}
$ svn del https://svn.apache.org/repos/asf/bval/tags/1.0 -m "deleting tag from rolled back release"
{code}
# Drop the nexus staging repo
## https://repository.apache.org/index.html
## Enterprise --> Staging
## Staging tab --> Name column --> org.apache.bval
## Right click on the closed staging repo (org.apache.bval-XXX) and select Drop.
# Remote the staged site
{code:none}
$ ssh ${user.name}@people.apache.org
$ cd ~/public_html/bval
$ rm -fr ${project.version}
{code}
# Make the required updates that caused the vote to be canceled
# Spin another release candidate!
\\
h3. Verifying release signatures
On unix platforms the following command can be executed -
{code:none}
for file in `find . -type f -iname '*.asc'`
do
gpg --verify ${file}
done
{code}
You'll need to look at the output to ensure it contains only good signatures -
{code:none}
gpg: Good signature from ...
gpg: Signature made ...
{code}
\\
Change your notification preferences: https://cwiki.apache.org/confluence/users/viewnotifications.action