Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: provide instructions for GitHub to show release tags as verified

...

Info
titlePermission and Keys:
  • Ensure that the release manager is (or will be able to work with) a Geode PMC member (needed at svn checkout step in prepare_rc).
  • Ensure that the release manager has bulk modification permissions on Apache Geode JIRA.

To verify

    1. Go to : https://issues.apache.org/jira/secure/Dashboard.jspa→ login → Issues → Search for Issues → select Geode in the Project list
    2. After logging in, on the top right side of the page click on Tools → Bulk Change → Current Page
    3. Select any ticket and click Next
    4. The Transition Issue option should not be blocked as N/A. If it is not blocked means that you have bulk operation permission.
    5. You will also need admin permissions to manage releases in Jira.  To check, see if you can see an Add button on https://issues.apache.org/jira/projects/GEODE?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page
    6. If you don't have permissions, send a mail requesting permission to dev@geode.apache.org.
  • Ensure that the release manager has permission to modify the wiki for the release docs : Release Notes
    1. If you don't have permissions, send a mail requesting permission to dev@geode.apache.org.
  • Ensure that the release manager has Docker Hub credentials with permission to upload Apache Geode to Docker Hub. To get permissions follow the steps below
    1. If you don't have a docker hub account create one at https://hub.docker.com/
    2. After creating the docker hub ID, send an email to dev@geode.apache.org requesting access to upload Apache Geode artifacts to Docker Hub mentioning your docker id.
  • Ensure that the release manager has a valid pgp key.  Make sure to keep your gpg passphrase in a safe place (you will need it again later).  The email address associated with your gpg key must be your @apache.org email address. 
    1. For MacOS use https://gpgtools.org/
    2. For Ubuntu https://askubuntu.com/questions/100281/how-do-i-make-a-pgp-key
    3. Ensure that the public key is published and uploaded to servers.
      1. Add the key fingerprint to https://id.apache.org under OpenPGP Public Key Primary Fingerprint. The fingerprint can be found in the GPG Keychain in MacOS or the second line of the command executed in step a.
      2. Upload your public key into ALL of the following keyservers:
        1. http://pool.sks-keyservers.net:11371
        2. http://keyserver.ubuntu.com:11371
        3. gpg --send-keys 8_digit_fingerprint
          gpg --keyserver pgp.mit.edu --send-keys 8_digit_fingerprint
          gpg --keyserver keyserver.ubuntu.com --send-keys 8_digit_fingerprint
    4. Ask a fellow committer to co-sign your key. Note: it may take several hours or overnight before other's can "see" that your key has been uploaded, and as along again for you to see that they signed it, so start this process early.
  • Add the release manager's public key block to the KEYS file in develop branch, if they are not already present in it.
    1. On MacOS : (More information available at https://www.apache.org/dev/release-signing.html#basic-facts)

      Code Block
      languagebash
      titleOn MacOS terminal
      (gpg --list-sigs <your name> && gpg --armor --export <your name>) >> keys.log


    2. Take the contents of keys.log and append it to KEYS file in the develop branch of Apache Geode. Commit and push to origin.

    3. Sample key block which needs to be appended to the KEYS file in develop:

      No Format
      pub   rsa4096 2018-01-04 [SC] [expires: 2022-01-04]
            CE6CD0A89480B1B9FCB98699274C66710770C135
      uid           [ultimate] Nabarun Nag <nag@cs.wisc.edu>
      sig 3        274C66710770C135 2018-01-04  Nabarun Nag <nag@cs.wisc.edu>
      sig 3        C8D3705F9DBE2177 2018-02-26  Jason Huynh <jasonhuynh@apache.org>
      sub   rsa4096 2018-01-04 [E] [expires: 2022-01-04]
      sig          274C66710770C135 2018-01-04  Nabarun Nag <nag@cs.wisc.edu>
      
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      
      mQINBFpOogwBEADlT2Ue6XDFHqbM/LbZXhHMw4rcT4ifuBGyibbUbhLWGimav5tI
      buGRxOViV2q5FNIEYK6Gyfr1kKTlBxCZxkmbNj5lyqgBM7HfL0sTQ2kGd9IE7rPz
      KQ65yzUdKd4Aacm9Zlfja6pV6vYbMBdd4gcGFfsobh4yD0dZFXBlkEiqKV89PhxG
      h9PaBFN6FfDYTaUwir2MveV54N5ynPKcVt9Ler5v6wo/1Mr+bxoZ5dy15UMqxgHT
      YfRDGmLvCPjI0Aabc86bzgi8FJ8QdW1/oBLH/fjDardQOSgGCI7Smz4F52LGXb7Z
      .
      .
      .
      Y79TWNoe0dBLf6B8dmX+aqfWhziCz2Ijy8lF8sfQl2DalG+YpBkBBsNs8j/6lpHr
      Fgh2AddGmNuaP+tMFGCtdeHujkSbx7b1UOkxgLTS7nsRM0l6QN4czTNYcaUFgVU4
      Ig==
      =VFqr
      -----END PGP PUBLIC KEY BLOCK-----
      
      
      


  1. In GitHub, from drop-down menu in top-right of screen:
    1) under Settings > Emails > Add email address, add your apache email address (and check your inbox for verification link)
    2) paste your public key block (same what you put in KEYS file) into GitHub under Settings > SSH and GPG keys > New GPG Key

Minor vs Patch release

A minor release is a version x.y.0

...

  1. Confirm that your brew PR has been merged or closed and brew install apache-geode picks up the new release.  

    Code Block
    brew install apache-geode
    gfsh version


  2. Check that docs for the version you are releasing appear on https://geode.apache.org/docs/
  3. Check that download detail for the version you are releasing appear on https://geode.apache.org/releases/
  4. Check that the release tag appears as "Verified" in https://github.com/apache/geode/tags (if not, see last step in Permissions and Keys)
  5. Check that the release has propagated to Maven Central.  Sometimes this may take a couple days, it seems?  Two ways to check this are: 
    1. Check for the version you are releasing to appear on https://mvnrepository.com/artifact/org.apache.geode/geode-core
    2. Plus the Examples pipeline for your support branch (e.g. at https://concourse.apachegeode-ci.info/teams/main/pipelines/apache-support-1-13-examples)

...