First of all, thanks for taking the time to validate an Apache StreamPipes (incubating) release!
The following steps should help you in performing the necessary steps to validate a release. Any comments or improvements to this guide are highly appreciated!
Introduction
An Apache StreamPipes release currently consists of three different source releases:
- incubator-streampipes is the core of Apache StreamPipes
- incubator-streampipes-extensions contains several extensions (> 20 adapters and > 70 pipeline elements)
- incubator-streampipes-installer contains installation files for Docker, a CLI and helm charts for running StreamPipes in Kubernetes.
Using the validation script
(sorry, the validation script is not yet available and will hopefully be ready after the first ASF release)
Manual validation
Download
Download all staged artifacts under the url specified in the release vote email into a directory we’ll now call download-dir
.
The artifacts are available at https://dist.apache.org/repos/dist/dev/incubator/streampipes
Typically, this includes three zip files (core, extensions and installer) along with checksum, signature, README, RELEASE_VALIDATION and RELEASE_NOTES.
incubator-streampipes
First, open the core folder (core/{version}/{rc}).
Check signatures and checksums
Verify the signature:
gpg --verify apache-streampipes-{current-full-version}-incubating-source-release.zip.asc apache-streampipes-{current-full-version}-incubating-source-release.zip # example: gpg --verify apache-streampipes-0.66.0-incubating-source-release.zip.asc apache-streampipes-0.66.0-incubating-source-release.zip
Verify the checksum:
sha512sum -c apache-streampipes-{current-full-version}-incubating-source-release.zip.sha512 # example: sha512sum -c apache-streampipes-0.66.0-incubating-source-release.zip.sha512
Check source release
Build backend & UI
incubator-streampipes-extensions
incubator-streampipes-installer
Verify
gpg --verify zip.asc
if not found
gpg --keyserver hkp://keyserver.ubuntu.com:80 --rev-key KEY
Test
Validation Template
See also the Incubator Release Checklist (which is not official policy, but may help)
Here is a template that can help you valiating a release:
- Download all staged artifacts under the url specified in the release vote email
- Verify the signature is correct
- Check if the check is successful.
- Check if the signature references an Apache email address.
- Verify the SHA512 hashes.
- Unzip the archive.
- Verify the existence of LICENSE, NOTICE, README, RELEASE_NOTES files in the extracted source bundle.
- Verify the content of LICENSE, NOTICE, README, RELEASE_NOTES files in the extracted source bundle.
- Run RAT
- Search for SNAPSHOT
- Build the project according to the information in the README.md file.