THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Currently, this is just a collection area for my rough notes and what-not. It will soon be a much cleaner guide.
Speaking of guides, here Here are a bunch of good onesguides:
http://accumulo.apache.org/releasing.html
http://accumulo.apache.org/verifying_releases.html
http://yetus.apache.org/contribute/releases/
How to Improve this Page
The purpose of this page is to document the mechanics of a release. I took this phrase from the NiFi Release Guide (http://nifi.apache.org/release-guide.html) because I really like their outline and guide. Eventually, we should incorporate other aspects into this guide including:
...
The flow of a release (an outline)
(Feel free to toss in any additional sections here)
The mechanics of the release
Release Manager
...
First-Time Preparation
Before a Release Manager begins cutting a release of Apache Rya, there are a handful of Dependencies and one-time Prerequisites they need to satisfy:
- They need to be a Rya Commiter
As a Rya Commiter, the Release Manager will have access to several really important tools used throughout the release process. This includes write access to the official Apache Rya Git Repo, the Apache Jenkins Server, and the Apache Nexus Server. - Checkout and Build Rya
The Release Manager should verify that they can checkout, build, and test Apache Rya on their machine.Checkout code from Git
Code Block git clone https://git-wip-usgitbox.apache.org/repos/asf/incubator-rya.git incubator-rya-apacherya cd rya
Build and Test Apache Rya
Code Block mvn clean install
- Setting up a PGP Key
The Release manager needs a PGP Key and this key needs to be public. The first two items listed here need to be done (i.e. get some software to create a key, and create a key). I'm not sure about the last three.- Getting software
- Get GPG. (PGP should work as well, but this guide uses GPG). It is probably already available in your linux distro.
Get
Use gpg-agent, and be sure to increase the gpg-agent cache timeout (via .gnupg/gpg-agent.conf) to ensure that the agent doesn’t require re-authentication mid-build, as it will cause things to fail. For example, you can add default-cache-ttl 6000 to increase the timeout from the default of 10 minutes to over an hour. If you do not have a GPG key, reference the very thorough ASF release signing documentation. make sure you reset gpg-agent:
- Here is a working example of ~/.gnupg/gpg-agent.conf
default-cache-ttl 28800# 8 hourspinentry-program /usr/bin/pinentry-cursesallow-loopback-pinentry make sure you reset gpg-agent:
echo RELOADAGENT | gpg-connect-agent
- Creating a key
- Publishing a key to a public server
- Adding your key to id.apache.org
- Getting software
- Setting up Maven to push to apache repo
- Username/pass in maven settings
- Add Key to KEYS file
https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
- Testing settings
- Testing locally:
- mvn clean install -Papache-release
Testing by pushing to apache snapshot repo
mvn clean deploy -Papache-release
- Testing locally:
Staging a release (super short edition):
1.Checkout out code
2. Create release candidate branch from master. Name the branch <releaseVersion>-RC<N>
| Code Block |
|---|
git checkout -b 3.2.10-RC2 master |
3. Build Rya, prepare and perform release
| Code Block |
|---|
mvn clean release:prepare -Darguments="-DskipTests"
|
Using Fedora, might need to use gpg2. These two must match:
gpg --version
- gpg-agent --version
If they don't, check for version 2:
- gpg2 --version
- I was able to copy/link the commands in /usr/bin/: mv gpg gpg1 and ln -s gpg2 gpg
- Creating a key If you do not have a GPG key, reference the very thorough ASF release signing documentation available at https://www.apache.org/dev/release-signing.html.
- Publishing a key to a public server
- Adding your key to id.apache.org
- Setting up Maven to push to apache repo
- Username/pass in maven settings
- Add Key to KEYS file
See it here:
https://dist.apache.org/repos/dist/release/rya/KEYSDo this with your name where it says "David":
svn checkout https://dist.apache.org/repos/dist/release/rya
(gpg --list-sigs "David" && gpg --armor --export "David") >> rya/KEYS
cd rya
svn commit -m "Adding David to KEYS"
- Testing settings
- Testing locally:
- mvn clean install -Papache-release
Testing by pushing to apache snapshot repo
mvn clean deploy -Papache-release
- Testing private key use and gpg-agent prompting. This is a way to preload the key before the release build below. Do this with your name (Unique initial characters of the full name are accepted) where it says "David":
eval $(gpg-agent --daemon) ### Start the gpg-agent if not already.echo "hello" >> text.txtgpg -e -u "Aaron" -r "David" text.txt ### These names are actually in the Rya keys file.gpg -d text.txt.gpg ### this will prompt for David's key decrypt password and cache it.
- Testing locally:
Staging a Release
- Communicate: Give notice of the intent and timing of the release to the developer's list: dev@rya.apache.org
Later, request descriptions for the release notes. A day before cutting a release candidate, do a last call for Pull requests. - Make sure the year in the NOTICE file is correct. If not, update the NOTICE file with the correct year.
- Checkout out code
git clone https://gitbox.apache.org/repos/asf/rya.git ryacd rya - Create release candidate branch from master. Name the branch <releaseVersion>-RC<N>
| Code Block |
|---|
git checkout -b 4.0.1-RC2 master |
5. Build Rya, prepare and perform release. This takes about 50 minutes. At this point you must have the gpg-agent running and probably have the password cached. It has failed without asking. See the preparation section for details on testing private key use (6c). It will ask several things, release names quoted below, and Apache committer username and password a few times, currently 3 times.
| Code Block |
|---|
mvn clean release:prepare -Pgeoindexing -Pbenchmark -Pgiraph -Darguments="-DskipTests"
|
| Code Block |
|---|
What is the release version for "Apache Rya Project"? (org.apache.rya:rya-project) 4.0.1: :
What is SCM release tag or label for "Apache Rya Project"? (org.apache.rya:rya-project) v4.0.1: : rya-4.0.1-rc1
What is the new development version for "Apache Rya Project"? (org.apache.rya:rya-project) 4.1.0-SNAPSHOT: : |
For the next step, create file: settings.xml containing your Apache Nexus username and password. Make sure you remove the password after your done. You can checking your password by logging in at: https://repository.apache.org/
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>apache.releases.https</id>
<username>PUT_USERID_HERE</username>
<password>PUTPASSWORDHERE</password>
</server>
</servers>
<pluginGroups></pluginGroups>
<proxies></proxies>
<mirrors></mirrors>
<profiles></profiles>
</settings> |
Then perform the release for the release candidate. If this command fails with "Return code is: 401, ReasonPhrase: Unauthorized." then your user/password is wrong, or you already have a file with the same name. See this for troubleshooting: https://stackoverflow.com/questions/24830610/why-am-i-getting-a-401-unauthorized-error-in-maven
| Code Block |
|---|
mvn release:perform -Darguments="-DskipTests" |
6. Add the artifacts to dist
| Code Block |
|---|
cd ..
svn checkout https://dist.apache.org/repos/dist/dev/rya
cd rya
mkdir rya-4.0.1-rc3
cd rya-4.0.1-rc3
cp ../../rya/target/checkout/target/rya-project-4.0.1-source-release.zip* .
openssl sha512 -r rya-project-4.0.1-source-release.zip > rya-project-4.0.1-source-release.zip.sha512
cd ..
svn add rya-4.0.1-rc3
svn commit -m "Adding rya-4.0.1-rc3" |
| Code Block |
|---|
What is the release version for "Apache Rya Project"? (org.apache.rya:rya-project) 3.2.10-incubating: :
What is SCM release tag or label for "Apache Rya Project"? (org.apache.rya:rya-project) v3.2.10-incubating: : rya-incubating-3.2.10-rc2
What is the new development version for "Apache Rya Project"? (org.apache.rya:rya-project) 3.2.11-incubating-SNAPSHOT: : |
| Code Block |
|---|
mvn release:perform -Darguments="-DskipTests" |
add the artifacts to dist
| Code Block |
|---|
svn checkout https://dist.apache.org/repos/dist/dev/incubator/rya
(double check that last command)
mkdir rya-incubating-3.2.10-rc3
cd rya-incubating-3.2.10-rc3
cp ../../incubator-rya-apache/target/checkout/target/rya-project-3.2.10-incubating-source-release.zip.* .
md5 -r rya-project-3.2.10-incubating-source-release.zip > rya-project-3.2.10-incubating-source-release.zip.md5
shasum -a 1 rya-project-3.2.10-incubating-source-release.zip > rya-project-3.2.10-incubating-source-release.zip.sha1
cd ..
svn add rya-incubating-3.2.10-rc3
svn commit -m "Adding rya-incubating-3.2.10-rc3" |
add your keys to KEYS (this is a pre-req)
Once the release has been performed, the artifacts should be in a staging repository:
From "Publishing Maven Artifacts" page:
Now you must close the staging repository to indicate to Nexus that the build is done and to make the artifacts available. Follow the steps in Closing the Staged Repositoryto close your new repository, this will allow your community to VOTE on the staged artifacts.
Download the src artifact and performs some simple tests:
Other release checklists:
http://wiki.apache.org/incubator/ReleaseChecklist
http://incubator.apache.org/guides/releasemanagement.html#check-list
how to verify hashes:
https://www.openoffice.org/download/checksums.html
| Code Block | ||
|---|---|---|
| ||
rm DEPENDENCIES
mkdir /tmp/new_m2
cp $M2_HOME/conf/settings.xml /tmp/new_m2/settings.xml
mvn --settings /tmp/new_m2settings.xml -Dmaven.repo.local=/tmp/new_m2 clean package |
| Code Block | ||
|---|---|---|
| ||
find . -type f | grep -v '\/test\/\|\/site\/\|\.java\|\.xml\|\.xsl\|\.groovy\|\.properties\|\.sh\|\.bat\|\.md\|\.txt' |
| Code Block | ||
|---|---|---|
| ||
find . -type f | xargs du -sh | grep [GM]\\s |
Send out a Vote email (make sure to include some sort of "RC-X" identifier in the vote subject so that we can differentiate them in the archives)
7. Check that your keys are in the file: KEYS . It is here:
https://dist.apache.org/repos/dist/
devrelease/rya/KEYS
If not, see Release Manager Dependencies section above.
8. Once the release has been performed, the artifacts should be in a staging repository:
incubator/rya/rya-incubating-3.2.10-rc2/
Ancillary artifacts such as poms, jars, wars, ect. can be found here:
https://repository.apache.org/#stagingRepositories
From "Publishing Maven Artifacts" page:
Now you must close the staging repository to indicate to Nexus that the build is done and to make the artifacts available. Follow the steps in Closing the Staged Repository to close your new repository, this will allow your community to VOTE on the staged artifacts.
9. Download the src artifact and performs some simple tests:
- Download the sources and verify they compile cleanly.
- Validate the hashes match.
- Validate that the sources contain no unexpected binaries.
- Validate the signature for the build and hashes.
- Validate the LICENSE/NOTICE/Headers.
Other release checklists:
http://wiki.apache.org/incubator/ReleaseChecklist
http://incubator.apache.org/guides/releasemanagement.html#check-list
how to verify hashes (note that md5 and sha1 are no longer considered useful; sha512 is recommended):
https://www.openoffice.org/download/checksums.html
| Code Block | ||
|---|---|---|
| ||
rm DEPENDENCIES
mkdir /tmp/new_m2
cp $M2_HOME/conf/settings.xml /tmp/new_m2/settings.xml
mvn --settings /tmp/new_m2settings.xml -Dmaven.repo.local=/tmp/new_m2 clean package |
| Code Block | ||
|---|---|---|
| ||
find . -type f | grep -v '\/target\/\|\/test\/\|\/site\/\|\.java\|\.xml\|\.xsl\|\.groovy\|\.properties\|\.sh\|\.bat\|\.md\|\.txt' |
| Code Block | ||
|---|---|---|
| ||
find . -type f | xargs du -sh | grep [GM]\\s |
Send out a Vote email (make sure to include some sort of "RC-X" identifier in the vote subject so that we can differentiate them in the archives)
| Code Block |
|---|
To: dev@rya.apache.org
Subject: [VOTE] Release Rya version 4.0.1 RC2
I am pleased to be calling this vote for the source release of Apache Rya, version 4.0.1.
The source zip, including signatures, digests, etc. can be found at:
https://dist.apache.org/repos/dist/dev/rya/rya-4.0.1-rc2/
Ancillary artifacts such as poms, jars, wars, ect. can be found here:
https://repository.apache.org/content/repositories/orgapacherya-1002/org/apache/rya/rya-project/4.0.1/
The Git tag is rya-4.0.1-rc2
The Git commit ID is 9f0d63e6089df172eb3f41957d2956ec0035953a
https://gitbox.apache.org/repos/asf/rya.git;a=commit;h=9f0d63e6089df172eb3f41957d2956ec0035953a
Checksums of rya-project-4.0.1-source-release.zip:
SHA512: b6ae761aa42f80e1cb84bb645184e29e4436eaaaf66aa7249aa65b6adb38f3dfdd9a6f8b536eb0e2de88ac75cc2a0c8d97d85b4dd0ffef7f9407e05642110b3f
Release artifacts are signed with the following key:
https://people.apache.org/keys/committer/mihalik.asc
KEYS file available here:
https://dist.apache.org/repos/dist/release/rya/KEYS
Issues that were closed/resolved for this release are here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334209&styleName=Html&projectId=12319020
Issues resolved between RC1 and RC2 are here:
https://issues.apache.org/jira/browse/RYA-184
The vote will be open for at least 72 hours and close after <Date Time and Timezone>.
Please download the release candidate and evaluate the necessary items including checking hashes, signatures, build from source, and test. Then please vote:
[ ] +1 Release this package as rya-project-4.0.1
[ ] +0 no opinion
[ ] -1 Do not release this package because because...
|
If the vote was unsuccessful, respond to the dev list with the "Unsuccessful" Vote Email
| Code Block |
|---|
To: dev@rya.apache.org
Subject: [RESULT] [VOTE] Release Rya version 4.0.1 RC1
Hello,
The vote to release Rya version 4.0.1 RC1 has failed.
+1 (binding):
(Members of PMC)
+1 (non binding):
(Everyone else)
(List of series of tasks that have been created or already exist that block the release)
The following Jira tasks have been created to capture the issues blocking a successful release:
RYA-XXX <Issue Title> [1]
RYA-XXX <Issue Title> [2]
RYA-XXX <Issue Title> [3]
(Create an issue that links to all of these issues)
The following Jira task has been created to capture all of the issues that will be resolved in the next RC:
RYA-XXX Perform 4.0.1-RC<N+1> Release [4]
These tasks should address the concerns raised during the voting process. |
Since Rya is no longer incubating, Rya only has to pass the vote from the PMC.
If vote passed, send Final Release Email
| Code Block |
|---|
To: dev@rya.apache.org
Subject: [RESULT] [VOTE] Release Rya version 4.0.1 RC1
Hello,
The vote to release Rya version 4.0.1 RC1 has passed.
+1 (binding):
(Members of PMC)
+1 ( |
If the vote was unsuccessful, respond to the dev list with the "Unsuccessful" Vote Email
| Code Block |
|---|
To: dev@rya.incubator.apache.org
Subject: [RESULT] [VOTE] Release Rya (Incubating) version 3.2.10 RC1
Hello,
The vote to release Rya (Incubating) version 3.2.10 RC1 has failed.
+1 (binding):
(Members of PPMC)
+1 (non binding):
(Everyone else)
(List of series of tasks that have been created or already exist that block the release)
The following Jira tasks have been created to capture the issues blocking a successful release:
RYA-XXX <Issue Title> [1]
RYA-XXX <Issue Title> [2]
RYA-XXX <Issue Title> [3]
(Create an issue that links to all of these issues)
The following Jira task has been created to capture all of the issues that will be resolved in the next RC:
RYA-XXX Perform 3.2.10-RC<N+1> Release [4]
These tasks should address the concerns raised during the voting process. |
Since Rya is still incubating, Rya must pass a vote on the general@incubator.apache.org list as well.
First, create a Result/Vote email on dev:
| Code Block |
|---|
To: dev@rya.incubator.apache.org
Subject: [RESULT] [VOTE] Release Apache Rya (Incubating) version 3.2.10 RC3
This vote passes with +<N> Binding and +<N> Non-binding votes.
+1 (binding):
(Members of PPMC)
+1 (non binding):
(Everyone else)
I'll be sending a vote email to the IPMC soon
|
The create an email on the IPMC Email:
| Code Block |
|---|
To: dev@rya.incubator.apache.org, general@incubator.apache.org
Subject: [VOTE] Release Apache Rya (Incubating) version 3.2.10 RC3
The Apache Rya community has voted and approved the proposed release of Apache Rya 3.2.10 (Incubating) RC3.
We now kindly request the Incubator PMC members review and vote on this incubator release.
Rya (pronounced "ree-uh" /rēə/) is a cloud-based RDF triple store that supports SPARQL queries. Rya is a scalable RDF data management system built on top of Apache Accumulo®. Rya uses novel storage methods, indexing schemes, and query processing techniques that scale to billions of triples across multiple nodes. Rya provides fast and easy access to the data through SPARQL, a conventional query mechanism for RDF data. More information can be found at http://rya.incubator.apache.org/
[VOTE] Thread:
https://lists.apache.org/thread.html/01d692717b2ee088253fa96c42759309a2a4d2aaf9867905bc473fa7@%3Cdev.rya.apache.org%3E
[VOTE RESULT] Thread:
https://lists.apache.org/thread.html/e58e7456987d74f11a0698fd5d4dde436bd83016baa269c149f03511@%3Cdev.rya.apache.org%3E
<cut and paste from vote email on dev list. |
Final Release Email
| Code Block |
|---|
To: dev@rya.incubator.apache.org, general@incubator.apache.org Subject: [RESULT] [VOTE] Release Rya (Incubating) version 3.2.10 RC1 Hello, The vote to release Rya (Incubating) version 3.2.10 RC1 has passed. +1 (binding): (Members of PPMC) (Members of IPMC) +1 (non binding): (Everyone else) IThank willyou promoteall the for voting! I will promote the artifacts to the central reporepository. |
| Code Block |
|---|
To: announce@apache.org, dev@rya.incubator.apache.org, general@incubator.apache.org Subject: [ANNOUNCE] Apache Rya 34.20.10-incubating1 released The Apache Rya (Incubating) team is happy to announce the release of Apache Rya 34.20.10-incubating1: https://rya.incubator.apache.org/release/rya-34.20.10-incubating1/ Rya (pronounced "ree-uh" /rēə/) is a cloud-based RDF triple store that supports SPARQL queries. Rya is a scalable RDF data management system built on top of Apache Accumulo®. Rya uses novel storage methods, indexing schemes, and query processing techniques that scale to billions of triples across multiple nodes. Rya provides fast and easy access to the data through SPARQL, a conventional query mechanism for RDF data. [Include highlights of changes in this release] Thanks, The Apache Rya team ===== *Disclaimer* Apache Rya (incubating) is an effort undergoing Incubation at The Apache Software Foundation (ASF), sponsored by the Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. |
If there is something wrong with the staging repo:
delete the tag:
| Code Block |
|---|
git tag -d v3.2.10-RC1
git push origin :refs/tags/v3.2.10-RC1
git branch -D 3.2.10-RC1
git push origin --delete 3.2.10-RC1 |
Rya uses Mini Accumulo Cluster for a number of it's tests and I've run into a number of gotchas:
- On windows, I've found that I need to update my hosts file to add my ip and my machine name (something like 10.aaa.bbb.ccc mymachinename)
- Close all VPNs
- Do not use strange DNS machines. just use the default ones your network/isp provides
- McAfee Virus Scan may slow things down and throw off the test
When merging a pull request, it's important to verify whether or not new commits are pulling in any third party
dependencies that are incompatible with ASF. To check whether the pull request contains invalid dependencies issue
the following command in your terminal:
| Code Block |
|---|
>> mvn license:aggregate-add-third-party |
This will generate a file THIRD-PARTY.txt in the directory target/generated-sources/license/ that lists the license for each java file in the jar. You can now grep the directory for all licenses which are
not ASF approved licenses.
| Code Block |
|---|
egrep -iv "BSD|ASF|MIT|CDDL|EPL|Apache|Eclipse|Public Domain" target/generated-sources/license/THIRD-PARTY.txt |
The above grep command does a case insensitive search over all instances of THIRD-PARTY.txt in the project for licenses that are not in the list approved Apache Licenses .
Other note on license from david lotts:
If there is something wrong with the staging repo:
delete the tag:
| Code Block |
|---|
git tag -d v4.0.1-RC1
git push origin :refs/tags/v4.0.1-RC1
git branch -D 4.0.1-RC1
git push origin --delete 4.0.1-RC1 |
Rya uses Mini Accumulo Cluster for a number of it's tests and I've run into a number of gotchas:
- On windows, I've found that I need to update my hosts file to add my ip and my machine name (something like 10.aaa.bbb.ccc mymachinename)
- Close all VPNs
- Do not use strange DNS machines. just use the default ones your network/isp provides
- McAfee Virus Scan may slow things down and throw off the test
When merging a pull request, it's important to verify whether or not new commits are pulling in any third party
dependencies that are incompatible with ASF. To check whether the pull request contains invalid dependencies issue
the following command in your terminal:
| Code Block |
|---|
>> mvn license:aggregate-add-third-party |
This will generate a file THIRD-PARTY.txt in the directory target/generated-sources/license/ that lists the license for each java file in the jar. You can now grep the directory for all licenses which are
not ASF approved licenses.
The following command does a case insensitive search over all instances of THIRD-PARTY.txt in the project for licenses that are not in the list approved Apache Licenses .
| Code Block |
|---|
egrep -iv "BSD|ASF|MIT|CDDL|EPL|Apache|Eclipse|Public Domain" target/generated-sources/license/THIRD-PARTY.txt |
The Maven "Project Info Reports" plugin produces a Dependencies report that includes the Licenses for the dependencies.
After the release has been approved by PMC
- Release the Jars
- Go to https://repository.apache.org/ and release the staging repository
Copy dist/dev artifacts to dist/release
Code Block ### Starting from the folder where you svn checkout for the RC3: mv rya ryadev # first rename the RC3 dist/dev repo svn checkout https://dist.apache.org/repos/dist/release/rya mv rya ryarelease cd ryarelease mv ../ryadev/rya-4.0.1-rc3 ./ mv rya-4.0.1-rc3 rya-4.0.1 svn add rya-4.0.1 svn commit -m "Adding rya-4.0.1"- Create a rel/ tag in Git
git checkout rya-4.0.1-rc3
git tag -a rel/rya-4.0.1 -m "rya-4.0.1 Release"
git push origin rel/rya-4.0.1
- Merge Release branch into Master and Delete Release Branch
git checkout master
- git pull origin
git merge 4.0.1-RC3
- git push origin master
- If everything looks great, delete the branches:
git push origin --delete 4.0.1-RC3
git push origin --delete 4.0.1-RC2
git push origin --delete 4.0.1-RC1 - And tags:
git push --delete origin rya-4.0.1-rc2
git push --delete origin rya-4.0.1-rc1
git tag --delete rya-4.0.1-rc1 ### local repo
git tag --delete rya-4.0.1-rc2 ### local repo - Update the website, see instructions on this wiki
- Update projects.apache.org: Fill out the add release form to update the projects website.
- Send out an announce email
- Announce the release on Twitter
How to do this:
http://stackoverflow.com/questions/3500388/finding-out-the-licenses-of-jar-libraries
The Maven "Project Info Reports" plugin produces a Dependencies report that includes the Licenses for the dependencies.
After the release has been approved by IPMC
- Release the Jars
- Go to https://repository.apache.org/ and release the staging repository
- Copy dev artifacts to release
- Create a rel/ tag in Git
- Update the website
- Send out an announce email
References:
http://www.apache.org/dev/publishing-maven-artifacts.html