Discusses the steps used to create a new Trafodion release. You have to be a Trafodion committer to create a release.
Create PGP Key
If you haven’t done so already, then you need to create a PGP key so that you can sign the release. Please refer to:http://www.apache.org/dev/openpgp.html#generate-key.
Please remember to store your private key in a secure place.
gpg --gen-key (verify that sha1 is avoided (last on list - see above web site) gpg -k (shows public key) gpg -K (shows private key)
Upload Public Key
Upload your public key to a public key server. We recommend using https://pgp.mit.edu/.
gpg --send-keys <keyID> --keyserver pgp.mit.edu
Generate Revocation Certificate
Create a revocation certification using the instructions at: http://www.apache.org/dev/openpgp.html==revocation-certs.
Please remember to store it in a secure place separate from your PGP keys.
gpg --output revoke-<keyD>.asc --armor --gen-revoke <keyID>
Add PGP to KEYS File
Do the following:
svn co https://dist.apache.org/repos/dist/release/incubator/trafodion traf_release cd traf_release gpg --list-sigs <keyID> >> KEYS gpg -armor -export <keyID> svn commit -m "added new public key to KEYS file"
Prepare Artifacts
Prepare New Release
- Send a message out to the community indicating that a new release is being planned. In this message, indicate what is planned for the release and when the release is scheduled.
- Give contributors enough time to assimilate this information so they can make plans to deliver their changes. Recommend giving the community several weeks notice.
- Review open issues and planned features; determine what Jiras should be included in the release.
Verify Release Requirements
You need to ensure that:
- A DISCLAIMER file exists in the top level directory containing correct information. Please refer to:http://incubator.apache.org/guides/branding.html==disclaimers.
- NOTICE and LICENSE files exist in the top level directory which includes all third party licenses used in the product. Please refer to: http://www.apache.org/dev/licensing-howto.html.
- A README file exists and is up to date in the top level directory describing the release.
- The source release contains source code only, no binaries.
- The provenance of all source files is clear.
- All source files have Apache license headers, where possible. Where not possible, then the exceptions are written up in the RAT_README file located in the top level directory.
- RAT report is clean.
- Copyright dates are current.
- Build instructions are provided and can be run successfully.
- Test instructions are provided and can be run successfully.
Create Release Branch
Prior to releasing, send a message to the community indicating that a new release is imminent and that a new branch will be created to build the artifacts.
After the new release branch is created, send another message to the community indicating that the branch is available and the deliveries will be monitored. Allow deliveries on the main branch to continue.
Verify that all required changes have been delivered.
Create Artifacts
Trafodion uses git as its repository. When a new version is created, mark the repository with the tag to make sure it source tar can be recreated.
Create Tag
git checkout -b tagx.x.x <release branch name> git tag -a x.x.xrc1 git show x.x.xrc1 git push apache x.x.xrc1 git tag
Once completed, a new source tar file exist in the distribution directory.
Create Artifact Checksums and Signatures
Assumption
You’ve already created the signing key and registered it at the https://pgp.mit.edu/ repository.
gpg --armor --output apache-trafodion-x.x.x-incubating-src.tar.gz.asc --detach-sig apache-trafodion-x.x.x-incubating-src.tar.gz gpg --verify apache-trafodion-x.x.x-incubating-src.tar.gz.asc md5sum apache-trafodion-x.x.x-incubating-src.tar.gz > apache-trafodion-x.x.x-incubating-src.tar.gz.md5 sha1sum apache-trafodion-x.x.x-incubating-src.tar.gz > apache-trafodion-x.x.x-incubating-src.tar.gz.sha
Test Artifacts
Build and Test Source tar File
Build and test the source tar file using the 5. Build Source instructions. You should perform this test on the following environments:
Test build on a fresh VM.
Test build using the tagged version from git