Initial Setup
The following steps must only be performed only once:
Signing Keys
Release files must be signed with an OpenPGP compatible key. If you do not already have a key for signing Apache releases, follow the developer instructions in the Daffodil KEYS file to generate a key and add it to the KEYS file. Follow the contributor workflow and create a review branch and pull request to commit your changes to the KEYS file. Once merged, perform the following steps:
- Clone the Apache Dist Daffodil release directory, copy the KEYS file, and commit it:
Code Block language bash $ svn checkout https://dist.apache.org/repos/dist/release/incubator/daffodil/ daffodil-dist $ cp daffodil.git/KEYS daffodil-dist $ cd daffodil-dist $ svn ci -m "Update Apache Daffodil KEYS"
Add your key fingerprint to https://id.apache.org. To get your fingerprint, run the following
Below are the steps one should follow to create a new Apache Daffodil release.
...
Initial Setup
The following steps must only be performed once to setup signing keys and the file distribution SVN repository.
Signing Keys
Release files must be signed with an OpenPGP compatible key. If you do not already have a key for signing Apache releases, follow the developer instructions in the Daffodil KEYS file to generate a key and add it to the KEYS file. Follow the contributor workflow and create a review branch and pull request to commit your changes to the KEYS file. Once merged, perform the following steps:
- Clone the Apache Dist Daffodil release directory, copy the KEYS file, and commit it
:
Code Block language bash $ svngpg checkout https://dist.apache.org/repos/dist/release/incubator/daffodil/ daffodil-dist $ cp daffodil.git/KEYS daffodil-dist $ cd daffodil-dist $ svn ci -m "Update Apache Daffodil KEYS"
--fingerprint KEYID
Send your key to a keyserver via the command:
Code Block language bash $ gpg --send-keys KEYID
For more information on signing keys, visit How to OpenPGP and Signing Releases.
Container Software
To improve reproducibilty and to minimize the effects and variability of a the users environment, release candidates should be created using the "Daffodil release candidate container". Note that although commands to use this container have been tested with and use podman
, you should be able to replace podman
with docker
if you would rather use it instead. Install the container software of choice using your systems package manager or from the containers website. For example:
Code Block | ||
---|---|---|
| ||
$ sudo |
...
dnf |
...
Send your key to a keyserver via the command:
Code Block | ||
---|---|---|
| ||
$ gpg --send-keys KEYID |
For more information on signing keys, visit How to OpenPGP and Signing Releases.
Creating a Release Candidate
...
Prior to creating the release candidate, the version
setting in build.sbt
should contain the -SNAPSHOT
keyword. Create and merge a pull request to remove this keyword in preparation for a non-snapshot release.
To improve reproducibilty and to minimize the effects and variability of a users environment, release candidates should be created using the Daffodil release candidate container. Although the following commands use and have been tested with podman
, you should be able to replace podman
with docker
if you would rather use docker
. Install docker or podman using your systems package manager or from the containers website. For example:
Code Block | ||
---|---|---|
| ||
$ sudo dnf install podman |
install podman |
Preparing for a Release Candidate
The following steps should be performed prior to creating a release canditate:
- Create a [DISCUSS] thread on dev@daffodil.apache.org to make a decision as a community if the timing is correct for a release and what open issues should be resolved for a release. Ensure there is at leas 72 hours for discussion before moving forward.
- Upon agreement, someone should volunteer to be the "Release Manager" to take the responsibility to prepare the release candidate.
Prior to creating the release candidate, the
version
setting inbuild.sbt
should contain the-SNAPSHOT
keyword. Create and merge a pull request to remove this keyword in preparation for a non-snapshot release.
Creating a Release Candidate
Below are the steps one should follow to create a new Apache Daffodil release candidate.
Build the Daffodil release candidate image:
Code Block language bash $ podman build -t daffodil-release-candidate /path/to/daffodil.git/containers/release-candidate/
This may take 20-30 minutes the first time, but should be significantly faster in subsequent runs unless something changes in the image where a full rebuild is needed.
Run the daffodil release candidate container:
Code Block language bash $ podman run -it \ -v ~/.gitconfig:/root/.gitconfig \ -v ~/.gnupg/:/root/.gnupg/ \ -v ~/.ssh/:/root/.ssh/ \ daffodil-release-candidate
The container will periodically ask for user input (e.g. usenames, passwords) to sign and publish release files. This includes:
- Release candidate label. For example:
rc1
if this is the first release candidate for a version
- Long format of your signing key ID. This can be found by running
gpg --list-secret-keys --keyid-format long
- Git commit name and email. This is the name and email you want to show up as the "Comitter" when creating a git tag or commit.
- Apache user name and password. This is the username and password credentials used to log in at https://id.apache.org.
- GitHub SSH key password. The Daffodil repository will be cloned using SSH authentication. If you your SSH key is password protected, you may be prompted for that password.
- Private GPG password. The release process will sign artifacts with your GPG key–you will be prompted for a password to sign this these artifacts.
- Release candidate label. For example:
After entering the necessary information, this script will perform the following actions:
- Create a zip of the source
- Create tgz, zip, msi, and rpm of the helper binary
- Create sha256 and sha512 checksum and ASCII armored detached signatures of the above files
- Move the above files to the Apache dist dev directory
- Create javadoc and scaladoc and move to the daffodil site repository docs directory for this release
- Stages jars/poms to https://repository.apache.org
- Create a signed git tag
- Create a zip of the source
- Once the script completes, you should verify all the files. The script will list the files and locations to verify. This includes:
- Verify the checksums and signatures created in the Apache dist directories are correct
- Verify the staged jars/poms at https://repository.apache.org/ are correct. To do so, visit that url, login in the top right using id.apache.org credentials, select "Staging Repositories" on the left, and find the
orgapachedaffodil-XXXX
repository. Inspect the "Content"
tab to make sure the appropriate jars are uploaded and appear valid. - Verify the git tag is correct
- Verify the javadoc and scala docs in the daffodil site repository are correct
- Verify the checksums and signatures created in the Apache dist directories are correct
- If any of the above do not look correct perform the following steps:
- Drop the published jars/poms (at https://repository.apache.org - check the box for the staging repository just created and choose "Drop" at the top)
- Type
exit
to close the container. All files created in the container will be deleted.
- Fix the issue and repeat the "Create Release Candidate" process from the beginning.
- Drop the published jars/poms (at https://repository.apache.org - check the box for the staging repository just created and choose "Drop" at the top)
- After verifying all is correct, run the commands provided at the end of the script to perform the following:
- Commit the release artifacts
- Push the new tag
- Update the daffodil site repository
- Close the staged files in the Apache repsitory
- Type
exit
to close
- the container.
- Commit the release artifacts
Update the Website
Create a new release file in the site/_releases/
directory in the Daffodil Site Repository, updating the page to include a summary of the changes and links/descriptions of the bugs that were fixed in this release. Parameters that must be set because this is a release candidate include:
...