It is NOT necessary to run all checks to cast a vote for a release candidate.

However, you should clearly state which checks you did when casting a vote.

The release manager needs to ensure that each following check was done.

Legal Verifications

Checking Artifacts

Some of these are strictly required for a release to be ASF compliant.

(required) Verify that the checksums and GPG files match the corresponding release files, for:
- All artifacts to be released to Maven in the staging Apache Nexus Repository
  A detailed description on how this is done can be found in https://www.apache.org/info/verification.html
(required) Verify that the source distributions do not contain any binaries
(required) Build the source distribution to ensure all source files have Apache headers
- Run "mvn clean install -DskipTests" in the maven source distribution.
(required) Verify that all POM files point to the same version.
Check that the README.md file does not have anything unexpected.

Checking Licenses

These checks are strictly required for a release to be ASF compliant.

Important: These checks must be performed for

the Source Release
the Binary Release
the artifacts (jar files uploaded to Maven Central)

Checks to be made include

All artifacts should contain an Apache License file and a NOTICE file as described below
- For Maven artifacts that DO NOT bundle any external dependency, the NOTICE file is pulled in automatically via the apache-jar-resource-bundle defined in the Apache parent pom. There is no need to manually checkin the NOTICE and LICENSE files into the repo.
- For Maven artifacts that DO bundle (usually through the maven-shade-plugin) any external dependency, the NOTICE file must be included in the src/main/resources/META-INF directory of the respective module.
- Use "jar tf <jar file>" to check if the Maven artifacts contain any external dependency.
Non-Apache licenses of bundled dependencies must be included in the src/main/resources/META-INF/licenses/ directory of the respective module.
The NOTICE files should include all copyright notices and all bundled dependencies.

A detailed explanation on the steps above is in Licensing.

Testing Functionality

This is not necessarily required for a release to be ASF compliant, but required to ensure a high quality release.

This is not an exhaustive list - it is mainly a suggestion where to start testing.

Built-in tests

Check if the source release is building properly with Maven, including checkstyle and all tests

Command: mvn clean verify
Build for Java 8 and Scala 2.12

Testing Against Staged Maven Artifacts

Create a settings.xml file with these contents:

settings.xml

<settings>
  <activeProfiles>
    <activeProfile>paimon-${PAIMON_VERSION}</activeProfile>
  </activeProfiles>
  <profiles>
    <profile>
      <id>paimon-${PAIMON_VERSION}</id>
      <repositories>
        <repository>
          <id>paimon-${PAIMON_VERSION}</id>
          <url>https://repository.apache.org/content/repositories/orgapachepaimon-${STAGED_REPO_ID}/</url>
        </repository>
        <repository>
          <id>archetype</id>
          <url>https://repository.apache.org/content/repositories/orgapachepaimon-${STAGED_REPO_ID}/</url>
        </repository>
      </repositories>
    </profile>
  </profiles>
</settings>

And reference that in you maven commands via "--settings path/to/settings.xml".
This is useful for creating a quickstart based on the staged release and for building against the staged jars.

Page tree

Verifying a Paimon Release