You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by co...@apache.org on 2008/03/27 11:05:00 UTC

[CONF] Apache Jackrabbit: Creating Releases (page created)

Creating Releases (JCR) created by Felix Meschberger
   http://cwiki.apache.org/confluence/display/JCR/Creating+Releases

Content:
---------------------------------------------------------------------

h1. Creating Releases

{note}
This page is targeted at Committers of the Jackrabbit project tasked with creating releases of modules of Jackrabbit. It documents the current release process and should be updated as we might move forward.
{note}

This is a draft for a how to about releasing artifacts from Apache Jackrabbit.

Most of the work is done by Maven, but we do not currently use the Maven Release Plugin.

h5. Prerequisites

To prepare or perform a release you *MUST BE* at a Apache Jackrabbit Committer.

Each and every release must be signed; therefore the public key should be cross signed by other Apache committers (not required but suggested).
The public key should be added to http://www.apache.org/dist/jackrabbit/KEYS (See Appendix A)


h5. Building the Release Candidates

* Make sure that an appropriate version for the release is entered in Jira
* Build the release artifacts with Maven. See below for the exact steps.
* Upload these files to people.apache.org into your home folder and put them there together with the KEYS file containing your public key so we can verify the signatures.
* Start the vote thread, wait 72 hours.
* If the vote fails (easy case first) remove the tag from svn - done
* If the vote is successful, copy the released artifacts to the dist directory on www.apache.org, delete the old release there (its archived), and deploy the release to the maven repository.
* Create a new version for the artifact in jira.


h5. Steps to build the release artifacts

The following steps are highly manual at the moment because we do not use the Maven Release Plugin to create them. This may change in the future.

* Create a {{RELEASE-NOTES.txt}} file in the root folder of the project to be released. If such a file already exists, update it for the release. When done, commit the file. The release notes file has the following contents:
** Short description of the release contents
** Explanation on how to use the source and binary artifacts
** List the enhancements and bugs fixed as well as the open issues
* Set the version number in the project descriptor {{pom.xml}} to the release version number and commit the descriptor
* Tag the project with a tag containing the project artifact ID and the version number
* Set the version number in the project descriptor {{pom.xml}} to the next SNAPSHOT version number and commit the descriptor
* Prepare the build location
{code}
$ LOC=${PWD}/${PROJECT_NAME}-${PROJECT_VERSION}
$ SRC=${LOC}/sources
$ BIN=${LOC}/binaries
$ REPO=${LOC}/repository
$ mkdir -p ${SRC} ${BIN} ${REPO}
$ cd ${LOC}
{code}
* Export the tagged project and build the sources
{code}
$ TAG=${PROJECT_NAME}-${PROJECT_VERSION}
$ JAR=${SRC}/${TAG}-src.jar
$ svn export http://svn.apache.org/repos/asf/jackrabbit/tags/${TAG}
$ jar cMf ${JAR} ${TAG}
$ openssl md5 < ${JAR} > ${JAR}.md5
$ openssl sha1 < ${JAR} > ${JAR}.sha
$ gpg --armor --output ${JAR}.asc --detach-sig ${JAR}
{code}
* Build the project and deploy to the build location
{code}
$ cd ${TAG}
$ mvn -DaltDeploymentRepository=local::default::file://${REPO} clean deploy
$ cd -
{code}
* Copy the binary artifact and sign it
{code}
$ cp -R ${REPO}/org/apache/jackrabbit/${PROJECT_NAME}/${PROJECT_VERSION}/${TAG}.jar* ${BIN}
$ BIN_JAR=${BIN}/${TAG}.jar
$ gpg --armor --output ${BIN_JAR}.asc --detach-sig ${BIN_JAR}
{code}
* Copy the release notes to the root
{code}
$ cp ${TAG}/RELEASE-NOTES.txt .
{code}


h5. Related Links
# http://www.apache.org/dev/release-signing.html
# http://wiki.apache.org/incubator/SigningReleases

h5. Appendix A: Create and Add your key to http://www.apache.org/dist/jackrabbit/KEYS

Considering that you are using a *nix system with a working OpenSSH, GnuPG, and bash you can create and add your own key with the following command:
# _Create a public/private pair key_:
{code}
gpg --gen-key
{code}
When gpg asks for e-mail linked the key you *MUST USE* the <committer>@apache.org one
When gpg asks for comment linked the key you _SHOULD USE_ "CODE SIGNING KEY"
# _Add the key to_ http://www.apache.org/dist/jackrabbit/KEYS: type the following command replacing the word e-mail with your Apache's one (<committer>@apache.org).
{code}
(gpg --list-sigs e-mail && gpg --export --armor e-mail) > toadd.key
scp toadd.key people.apache.org:
ssh people.apache.org "cat toadd.key >> /x1/www/www.apache.org/dist/jackrabbit/KEYS"
{code}
# You are *DONE*, but to see the changes on http://www.apache.org/dist/jackrabbit/KEYS you must wait 2 hours


---------------------------------------------------------------------
CONFLUENCE INFORMATION
This message is automatically generated by Confluence

Unsubscribe or edit your notifications preferences
   http://cwiki.apache.org/confluence/users/viewnotifications.action

If you think it was sent incorrectly contact one of the administrators
   http://cwiki.apache.org/confluence/administrators.action

If you want more information on Confluence, or have a bug to report see
   http://www.atlassian.com/software/confluence