...
- Apache Release Guide
- Apache Release Policy
- Apache Incubator Release Guidelines
- Apache Incubator Release Policy
Code Signing Key
Create a code signing gpg key for release signing; use <your Apache ID>@apache.org for your primary ID for the code signing key. See the Apache Release Signing documentation for further information.
- Add your code signing key to your Apache ID here
- Publish it to a public key server such as the MIT key server.
- Add it to the HAWQ KEYS file.HAWQ KEYS files in the dev and release subversion repositories:
Ensure JIRA Issues are Appropriately Tagged for the Release
...
Create the Release Candidate
Prepare Tarballs
- Tag
Branch your release:
(or create a release branch)git
tag -a <tag name> <commit SHA> -m "<message for the tag>"checkout -b <your release name> <commit sha1>
push
to
origin:
git
push origin <tag name> -m "<tag description message>"push origin <your release name>
Apply signed tag on release branch and push to origin
Example:
git tag -u <GPG KEY ID> --sign <your release name>-rc# -m "Apache HAWQ <your release name> RC#" <SHA of HEAD of branch>
git push origin <your release name>-rc#
- Make a tarball and gzip:
git archive -o ../apache-hawq-src-<your release name>.tar --prefix=apache-hawq-src-<your release name>/ <your tag/branch name>
gzip ../apache-hawq-src-<your release name>.tarExample:
$ git archive -o ../apache-hawq-src-2.14.0.0-incubating.tar --prefix=apache-hawq-src-2.14.0.0-incubating/ 2.14.0.0-incubating
$ ls -al ../apache-hawq-src-2.1.0.0-incubating.tar
-rw-r--r-- 1 espino staff 183347200 Jan 10 11:02 ../apache-hawq-src-2.1.0.0-incubating.tar
$ gzip ../apache-hawq-src-2.1.0.0-incubating.tar
$ ls -al ../apache-hawq-src-2.1.0.0-incubating.tar.gz
-rw-r--r-- 1 espino staff 35214063 Jan 10 11:02 ../apache-hawq-src-2.1.0.0-incubating.tar.gz
4.0.0.tar Prepare Prepare MD5, SHA256 and ASC files from the source tarball
:md5 apache-hawq-src-<your release name>.tar.gz > apache-hawq-src-<your release name>.tar.gz.md5 shasum -a 256 apache-hawq-src-<your release name>.tar.gz > apache-hawq-src-<your release name>.tar.gz.sha256 gpg --detach-sign -a apache-hawq-src-<your release name>.tar.gz
Example:
$ md5 apache-hawq-src-2.1.0.0-incubating.tar.gz > apache-hawq-src-2.1.0.0-incubating.tar.gz.md5$ shasum -a 256 apache-hawq-src-2.1.0.0-incubating.tar.gz > apache-hawq-src-2.1.0.0-incubating.tar.gz.sha256
$ gpg --detach-sign -a apache-hawq-src-2.1.0.0-incubating.tar.gzYou need a passphrase to unlock the secret key for
user: "Edward Bartolo Espino (CODE SIGNING KEY) <espino@apache.org>"
4096-bit RSA key, ID 57325522, created 2017-01-09
$ ls -al apache-hawq-src-2.14.0.0-incubating*-rw-r--r-- 1 espino staff 35214063 Jan 10 11:04 apache-hawq-src-2.1.0.0-incubating.tar.gz
-rw-r--r-- 1 espino staff 819 Jan 10 11:09 apache-hawq-src-2.1.0.0-incubating.tar.gz.asc
-rw-r--r-- 1 espino staff 83 Jan 10 11:10 apache-hawq-src-2.1.0.0-incubating.tar.gz.md5
-rw-r--r-- 1 espino staff 84 Jan 10 11:10 apache-hawq-src-2.1.0.0-incubating.tar.gz.sha256
- Retrieve the subversion dev incubator hawq repo
Example: svnsvn checkout https://dist.apache.org/repos/dist/dev
/incubator/hawq/ --username=<your
user name>apache user>
- Create create a local folder for the release (e.g. 2.4.0.0-0-incubating.RC1) in svn. We use apache's distribution repo: https://dist.apache.org/repos/dist/dev/incubator/hawq/
- move Move the files into the release folder on local disk.
- svn add <release folder>
- Commit artifacts:
Example:svn commit -m 'adding 2.4.0.0 RC1 candidate release artifacts' --username=<your apache user id>
Validate the Release Candidate
As per the Apache documentation, verify that the release candidate artifacts satisfy the following:
- PGP signatures and SHA256 checksum verification
Example (performed on a Macbook Pro: brew install gpg2 coreutils):
$ brew install gpg coreutils
brew install gpg coreutils
Warning: gnupg 2.2.9 is already installed
Warning: coreutils 8.30 is already installed
$ which gpg gsha256sum gmd5sum
/usr/local/bin/gpg
/usr/local/bin/gsha256sum
/usr/local/bin/gmd5sum
$ gpg --import ../KEYS
gpg: key 60E8C5A6D0D6D44A: "Caleb Welton <cwelton@apache.org>" not changed
gpg: key 0C2F24469AF9C0EE: "Ting (Goden) Yao (CODE SIGNING KEY) <godenyao@apache.org>" not changed
gpg: key 0BD297A18051460D: "Ting (Goden) Yao (CODE SIGNING KEY) <godenyao@apache.org>" not changed
gpg: key 13971DA39475BD5D: 7 signatures not checked due to missing keys
gpg: key 13971DA39475BD5D: "Roman V Shaposhnik (CODE SIGNING KEY) <rvs@apache.org>" not changed
gpg: key 83BCBA982858A0C9: "Lei Chang <lei_chang@apache.org>" not changed
gpg: key FC0662F257325522: "Edward Bartolo Espino (CODE SIGNING KEY) <espino@apache.org>" not changed
gpg: key 8FECDA881B8B6872: "Ruilong Huo (CODE SIGNING KEY) <huor@apache.org>" not changed
gpg: key CE60F90D1333092A: "Yi Jin <yjin@apache.org>" not changed
gpg: key 280B695FCA7FAEB2: "Radar Lei <rlei@apache.org>" not changed
gpg: Total number processed: 9
gpg: unchanged: 9
$
gpg --verify apache-hawq-src-2.4.0.0.tar.gz.asc
gpg: assuming signed data in 'apache-hawq-src-2.4.0.0.tar.gz'
gpg: Signature made Tue Sep 11 15:54:29 2018 CST
gpg: using RSA key 31136E4DB96401A60446D269280B695FCA7FAEB2
gpg: Good signature from "Radar Lei <rlei@apache.org>" [ultimate]
$ gsha256sum --check apache-hawq-src-2.4.0.0.tar.gz.sha256
apache-hawq-src-2.4.0.0.tar.gz: OK
- Build is successful (Refer to Build and Install for build instructions)
- DISCLAIMER is correct
- Checksums and PGP signatures are valid
- Build is successful
- DISCLAIMER is correct, filenames include “incubating”
- LICENSE and NOTICE files are correct and dependency licenses are acceptable
- LICENSE and NOTICE files at the root of the artifact directory must only reflect the contents of the artifact in which they are contained.
- See:
- LICENSE file requirements
- LICENSE requirements for distribution artifacts with multiple licenses
- NOTICE file requirements (Check Copyright year)
- Apache Legal
- Acceptable and Unacceptable Dependency Licenses
- All source files have license headers where appropriate, RAT checks pass
- Additional check:
- pom.xml (For artifactId "hawq", verify version is consistent with the version specified in getversion file in the root directory).
- Additional check:
- The provenance of all source files is clear (ASF or software grants)
...
Vote on the Release
As per the Apache Incubator release guidelines, all releases for incubating projects must go through a two-step voting process. First, release voting Release voting must successfully pass within the Apache HAWQ community via the dev@hawq.incubator.apache.org
mailing mail list. Then, release voting must successfully pass within the Apache Incubator PMC via the general@incubator.apache.org
mailing list.
General information regarding the Apache voting process can be found here.
...
To vote on a candidate release, send an email to the dev list with subject: [VOTE]: Apache HAWQ <release version> Release
and a body along the lines of:similar to the template below. Use a Text Editor without formatting when composing the email.
This is the vote for <release | version>name> of Apache HAWQ | (incubating). This is a Source only release. The vote will run for at least 72 hours and will close on <vote | <closingclosing date>. | Release Notes (Jira generated): Release verification steps can be | downloaded here: found at: Git branch for the release: | incubator/HAWQ/release/<release number>hawq/<release name>.RC#/apache-hawq-src-<release name>.tar.gz | <ID<CODE | ofSIGNING | signingKEY | key>ID> Please vote accordingly: | , | acceptapprove | RC] | as+0 | the official <release version> release no opinion | , | dodisapprove | not(and | accept RC as the official <release version> release because...
...
reason why) |
If any -1 (binding) votes are entered, then address them such that the voter changes their vote to a +1 (binding) or cancel the vote, fix the issues, and start over with Prepare Tarballs.
Once 72 hours has passed (which is generally preferred) and/or at least three +1 (binding) votes have been cast with no -1 (binding) votes, send an email closing the vote and pronouncing the release candidate a success. Please use the subject: [RESULT][VOTE]: Apache HAWQ <release version> Release
.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| general@incubator.apache.org.
Incubator PMC Vote
...
...
...
...
|
...
Publishing and Distributing Release
- Finalizing your tag
switching to master branchgit tag -s rel/v{version} <commit SHA> -m "Apache HAWQ(incubating) {version) release (<other comments>)"
Info title Sign your release tag You need to configure your git user signing key first before you can sign a tag.
git config --global user.signingkey <Your secret key SHA>
- Push your tag to remote (origin)
git push origin rel/v{version}
Move tarballs from staging (dev) folder to release location:
svn mv https://dist.apache.org/repos/dist/dev/incubator/hawq/{version}.RC#/ https://dist.apache.org/repos/dist/release/incubator/hawq/{version}
Info title Commit Message As if you put https URL in svn commands, it'll commit automatically. A text editor will popup for you to edit commit message, put something like: "Release Apache HAWQ (incubating) {{
version
}}"- Add download link on hawq website: http://hawq.apache.org/
Use mirror for latest download, e.g. http://apache.org/dyn/closer.cgi/hawq/2.4.0.0/apache-hawq-rpm-2.4.0.0.tar.gz
Use dist server links for binary signatures and hashes. e.g. https://www.apache.org/dist/hawq/2.4.0.0/apache-hawq-rpm-2.4.0.0.tar.gz.asc
Use archive server links for archives downloads. e.g. https://archive.apache.org/dist/hawq/ - Go to http://issues.apache.org/jira/browse/hawq to release the specific version (need admin permisison permission, under "Version")Send email announcement to general@ and dev@ mailing list to announce the release. see example here
- Add the document for the version into the hawq website and modify the link if needed. (https://github.com/apache/hawq-site)
...
Announce the Release
After doing the above change, wait for at least 24 hours and then announce the release by send an email to announce@apache.org, user@hawq.apache.org and dev@hawq.apache.org with the subject: [ANNOUNCE] Apache HAWQ <release number> Release and a body along the lines of:
Apache HAWQ Project Team is proud to announce Apache Apache HAWQ combines exceptional MPP-based analytics performance, robust ANSI SQL compliance, Hadoop ecosystem |
General Apache information regarding announcing a release may be found here.