Content
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Building Steps (Struts)
Getting ready
- Prepare new Security Bulletin - use just brief description about the security vulnerability, no examples, no proof-of-concept, anything that could be used against users, secure the page to allow access only member of struts-committers group in Confluence
- Create a new Version Notes page in Confluence, link from Migration Guide, and link to prior release page and JIRA DONE filters of the version to release, secure the page to allow access only member of struts-committers group in Confluence
When a serious security issue arises, we should try to create a
STRUTS_#_#_#_X
branch from the last GA release (from tag - check it out and usemvn release:branch
as below).No Format svn co https://svn.apache.org/repos/asf/struts/struts2/tags/STRUTS_#_#_# cd STRUTS_#_#_# mvn release:branch -DbranchName=STRUTS_#_#_#_X -DupdateBranchVersions=true -DupdateWorkingCopyVersions=false -DautoVersionSubmodules=true
Read the maven release:branch docs for further details or alternatively
- Apply to that branch only the security patch
- Commit the fix. No reference should be make to the commit being related to a security vulnerability.
- If the patch first applies to some other dependency, implore the other group to do the same, to avoid side-effects from other changes.
- Release the upcoming version in JIRA (under Administration/Manage Releases) and tag the release date
- Create DONE and TODO filters for the new version, share with all, and remove obsolete TODO filter
Info | ||
---|---|---|
| ||
If needed, you can use Versions Maven Plugin to set -SNAPSHOT version in all poms, like below:
|
Obtain a fresh checkout of created branch.
Code Block |
---|
svn co https://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X STRUTS_#_#_#_X
|
...
Tag the release by using the "release:prepare" goal of Maven:
Code Block |
---|
mvn release:prepare -Dusername=yourSvnUsername -Dpassword=yourSvnPassword -DautoVersionSubmodules=true
|
...
Note |
---|
For some reason, when using svn client 1.5, the release plugin might fail to tag the release, if it fails, run: |
Code Block |
---|
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.0-beta-7:prepare (default-cli) on project struts2-parent: Unable to tag SCM
[ERROR] Provider message:
[ERROR] The svn tag command failed.
[ERROR] Command output:
[ERROR] svn: Commit failed (details follow):
[ERROR] svn: No such revision 1223030
|
...
Perform the release
Code Block |
---|
mvn release:perform -Dusername=yourSvnUsername
|
...
If you need to run perform again, (or in a different box), do:
Code Block |
---|
svn co http://svn.apache.org/repos/asf/struts/struts2/tags/$VERSION
cd $VERSION
mvn deploy site-deploy --no-plugin-updates -DperformRelease=true
|
...
After closing repository in Nexus, check if the version is available from staging repository as below:
Code Block |
---|
https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-assembly/$VERSION/
|
In order to move the assemblies login to people.apache.org and execute the following code:
Code Block | ||||
---|---|---|---|---|
| ||||
#!/bin/sh
# create the destination directory
mkdir $VERSION
cd $VERSION
# get the distro
wget -erobots=off -nv -l 1 --accept=zip,md5,sha1,asc -r --no-check-certificate -nd -nH https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-assembly/$VERSION
# rename files
for f in *2-assembly*.zip*
do
mv $f `echo $f | sed s/2-assembly//g`
done
# remove unneeded files
for f in struts2-assembly-*.pom*
do
rm $f
done
# remove unneeded hashes
rm *.asc.md5
rm *.asc.sha1
|
After that move the assemblies directory to the builds destination with
Code Block |
---|
mv $VERSION /www/people.apache.org/builds/struts/
|
...
Post a release/quality vote to the dev list (and only the dev list). The example mail is on Sample Announcementsannouncements page. Include the term "fast-track" in the subject, as: [VOTE] Struts 2.0.9.1 quality (fast track).
...
After the vote, if the distribution is being mirrored (there was a favourable release vote) copy the Sources and Binaries:
Code Block |
---|
ssh people.apache.org
cd /www/people.apache.org/builds/struts/$VERSION
cp struts-$VERSION-src.* /www/www.apache.org/dist/struts/source
cp struts-$VERSION-docs.* /www/www.apache.org/dist/struts/documentation
cp struts-$VERSION-lib.* /www/www.apache.org/dist/struts/library
cp struts-$VERSION-apps.* /www/www.apache.org/dist/struts/examples
cp struts-$VERSION-all.* /www/www.apache.org/dist/struts/binaries
|
...
Update site (Struts top level site)
Check out site src code
Code Block svn co https://svn.apache.org/repos/asf/struts/site/ struts-site
- Update xml files
- struts-site/src/site/xdoc/announce.xml (if applicable, refer also to corresponding security bulletin)
- struts-site/src/site/xdoc/downloads.xml (remove previous version)
- struts-site/src/site/xdoc/download.xml (remove previous version)
- struts-site/src/site/xdoc/index.xml
- struts-site/src/site/site.xml
- struts-site/src/site/resources/archetype-catalog.xml
- Commit the changes
- Got to Struts Staging and review the changes
- If everything is ok, push changes to Production via Apache CMS web interface
...
Use below script to perform update
Code Block |
---|
#!/bin/sh
# script used to update struts2-subsite after release
VERSION=2.3.15
BRANCH=2.3.x
TAG=STRUTS_2_3_15
svn co https://svn.apache.org/repos/infra/websites/production/struts/content/ struts-site
svn co https://svn.apache.org/repos/asf/struts/struts2/tags/$TAG/ $TAG
wget -erobots=off http://people.apache.org/builds/struts/$VERSION/struts-$VERSION-docs.zip
unzip struts-$VERSION-docs.zip -d docs
rm -r struts-site/release/$BRANCH/docs
rm -r struts-site/release/$BRANCH/struts2-core
rm -r struts-site/release/$BRANCH/struts2-plugins
rm -r struts-site/release/$BRANCH/xwork-core
mv -f docs/struts-$VERSION/docs/* struts-site/release/$BRANCH
cd $TAG
mvn site:site site:stage -DstagingDirectory=../struts-site/release/$BRANCH
cd ../struts-site
svn add --force ./
# Delete removed files
svn st | grep '^!' | awk '{print $2}' | xargs svn delete --force
svn commit -m "Updates Struts2 subsite after release process"
cd ..
rm -r struts-site
rm -r $TAG
rm -r docs
rm struts-$VERSION-docs.zip
|
...