...
You should have a 4096 bit RSA PGP key for signing the release. This key should be in the Apache web of trust. Once generated, ensure your key is in https://svn.apache.org/repos/asf/zookeeper/bookkeeper/dist/KEYS.
...
- Create release branch
- Generate release notes
- Build and stage artifacts
- Test Inspect the built artifacts
- Tag the release in Subversion
- Run the vote
- If vote gets +1 from 3 PMC members and no -1, go to next step, otherwise fix problem and repeat from step 2.
- Release artifacts
- Wait 24 hours for mirrors to sync
- Update the website
- Announce the release
...
Generate the release notes from JIRA. https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311293
Select the correct version, in HTML format. Make it look like previous release notes. https://svn.apache.org/repos/asf/zookeeper/bookkeeper/site/content/docs/r4.1.0/releaseNotes.textile
Generate a list of all issues committed since last release. In this example, the last release was the 1st February 2012.
Code Block |
---|
bookkeeper/trunk$ svn log -r {2012-02-01}:HEAD
|
Manually check this list for accuracy! I've repeatedly seen closed bugs that were not fixed (i.e., duplicate) marked with a fix version, so that they incorrectly show up in this list. Find those, edit them to remove the fix release (only actually fixed bugs should have a fix release) and re-run the report.Select the correct version, in HTML format. Make it look like previous release notes.that the list from JIRA, SVN and CHANGES.txt all reflect the same changes.
Build the artifacts
Make sure the branch builds cleanly. Check for errors and warnings in the output.
Code Block |
---|
mvn clean findbugs:findbugs apache-rat:check install
|
Then build the artifacts.
Code Block |
---|
mvn clean package assembly:single -DskipTests
|
This will generate
- bookkeeper/target/bookkeeper-<VERSION>-src.tar.gz
- bookkeeper-server/target/bookkeeper-server-<VERSION>-bin.tar.gz
- hedwig-server/target/hedwig-server-<VERSION>-bin.tar.gz
Inspect the artifacts
Extract each of the generated artifacts;
- Check file permissions are correct for all files
- Check the LICENSE and NOTICE files cover all included jars (especially for the -bin packages)
- Check the source package builds, and all tests pass
- Check that "mvn apache-rat:check" passes on the source package.
- Check that a bookie can be run from the source package and from the bookkeeper-server binary package
- Check that a hedwig hub can be run from the source package and from the hedwig-server binary package
Staging the artifacts
Create a directory and copy the three tar.gz packages into it. Sign and generate md5 & sha1 hashes for each package.
Code Block |
---|
md5 <FILE>.tar.gz > <FILE>.tar.gz.md5
shasum <FILE>.tar.gz > <FILE>.tar.gz.sha1
gpg --armor --output <FILE>.tar.gz.asc --detach-sig <FILE>.tar.gz
|