Currently, this is just a collection area for my rough notes and what-not. It will soon be a much cleaner guide.
Speaking of guides, here are a bunch of good ones:
http://accumulo.apache.org/releasing.html
http://accumulo.apache.org/verifying_releases.html
http://yetus.apache.org/contribute/releases/
The purpose of this page is to document the mechanics of a release. I took this phrase from the NiFi Release Guide (http://nifi.apache.org/release-guide.html) because I really like their outline and guide. Eventually, we should incorporate other aspects into this guide including:
Background Material
What to validate and how to Validate a release
The flow of a release (an outline)
(Feel free to toss in any additional sections here)
The mechanics of the release
Release Manager Dependencies
Before a Release Manager begins cutting a release of Apache Rya, there are a handful of Dependencies and Prerequisites they need to satisfy:
- They need to be a Rya Commiter
As a Rya Commiter, the Release Manager will have access to several really important tools used throughout the release process. This includes write access to the official Apache Rya Git Repo, the Apache Jenkins Server, and the Apache Nexus Server. - Checkout and Build Rya
The Release Manager should verify that they can checkout, build, and test Apache Rya on their machine.Checkout code from Git
git clone https://git-wip-us.apache.org/repos/asf/incubator-rya.git incubator-rya-apache
Build and Test Apache Rya
mvn clean install
- Setting up a PGP Key
The Release manager needs a PGP Key and this key needs to be public. The first two items listed here need to be done (i.e. get some software to create a key, and create a key). I'm not sure about the last three.- Getting software
Use gpg-agent, and be sure to increase the gpg-agent cache timeout (via .gnupg/gpg-agent.conf) to ensure that the agent doesn’t require re-authentication mid-build, as it will cause things to fail. For example, you can add default-cache-ttl 6000 to increase the timeout from the default of 10 minutes to over an hour. If you do not have a GPG key, reference the very thorough ASF release signing documentation. make sure you reset gpg-agent:
echo RELOADAGENT | gpg-connect-agent
- Creating a key
- Publishing a key to a public server
- Adding your key to id.apache.org
- Adding your key to project key list (we currently don't have this)
- Getting software
- Setting up Maven to push to apache repo
- Username/pass in maven settings
- Testing settings
- Testing locally:
- mvn clean install -Papache-release
Testing by pushing to apache snapshot repo
mvn clean deploy -Papache-release
- Testing locally:
Staging a release
note: I followed these instructions: http://www.apache.org/dev/publishing-maven-artifacts.html#prepare-poms
- Checkout Rya
git clone https://git-wip-us.apache.org/repos/asf/incubator-rya.git incubator-rya-apache
- Create a Release Branch
git checkout -b 3.2.10-RC1 master
- Build a push a signed snapshot
mvn clean deploy -Papache-release
Do some manual checks (note I think that the mvn release plugin does all of this)
Make sure there are no dependencies on snapshots in the POMs to be released
Check that your POMs will not lose content when they are rewritten during the release process
mvn release:prepare -Papache-release -DdryRun=true -Darguments="-DskipTests"
Diff the original file pom.xml with the one called pom.xml.tag to see if the license or any other info has been removed
What is the release version for "Apache Rya Project"? (org.apache.rya:rya-project) 3.2.10: :
What is SCM release tag or label for "Apache Rya Project"? (org.apache.rya:rya-project) rya-project-3.2.10: : 3.2.10
What is the new development version for "Apache Rya Project"? (org.apache.rya:rya-project) 3.2.11-SNAPSHOT: :
Prepare release
mvn release:clean
mvn release:prepare
- Stage release for a vote
mvn release:perform
Also, it's helpful to create a JIRA task to tract the release process. Eg:
Summary: Perform 3.2.10-RC2 Release
Affects Version/s: 3.2.10
Assignee: Release Manager
Description: This is a ticket to track general commits needed to conduct release management activities.
Staging a release (super short edition):
git checkout -b 3.2.10-RC master
mvn clean package -Papache-release -DskipTests
mvn release:prepare -Darguments="-DskipTests"
What is the release version for "Apache Rya Project"? (org.apache.rya:rya-project) 3.2.10-incubating: : What is SCM release tag or label for "Apache Rya Project"? (org.apache.rya:rya-project) v3.2.10-incubating: : rya-incubating-3.2.10-rc2 What is the new development version for "Apache Rya Project"? (org.apache.rya:rya-project) 3.2.11-incubating-SNAPSHOT: :
mvn release:perform -Darguments="-DskipTests"
remove the release tag:
# Creates rya-3.2.10-incubating-RC2 from rel/rya-3.2.10-incubating git tag rya-3.2.10-incubating-RC2 rel/rya-3.2.10-incubating # Delete rel/rya-3.2.10-incubating git tag -d rel/rya-3.2.10-incubating # Push RC tag to fork git push origin rya-3.2.10-incubating-RC2
- Download the sources and verify they compile cleanly.
- Validate the hashes match.
- Validate that the sources contain no unexpected binaries.
- Validate the signature for the build and hashes.
- Validate the LICENSE/NOTICE/Headers.
Other release checklists:
http://wiki.apache.org/incubator/ReleaseChecklist
http://incubator.apache.org/guides/releasemanagement.html#check-list
how to verify hashes:
https://www.openoffice.org/download/checksums.html
rm DEPENDENCIES mkdir /tmp/new_m2 cp $M2_HOME/conf/settings.xml /tmp/new_m2/settings.xml mvn --settings /tmp/new_m2settings.xml -Dmaven.repo.local=/tmp/new_m2 clean package
find . -type f | grep -v '\/test\/\|\/site\/\|\.java\|\.xml\|\.xsl\|\.groovy\|\.properties\|\.sh\|\.bat\|\.md\|\.txt'
find . -type f | xargs du -sh | grep [GM]\\s
Send out a Vote email (make sure to include some sort of "RC-X" identifier in the vote subject so that we can differentiate them in the archives)
To: dev@rya.incubator.apache.org Subject: [VOTE] Release Rya (Incubating) version 3.2.10 RC1 I am pleased to be calling this vote for the source release of Apache Rya (Incubating), version 3.2.10. The source zip, including signatures, digests, etc. can be found at: https://repository.apache.org/content/repositories/orgapacherya-1001/org/apache/rya/rya-project/3.2.10/ The Git tag is v3.2.10 The Git commit ID is 16196b4c658062545964602835cb5fbd2870e578 https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;a=commit;h=16196b4c658062545964602835cb5fbd2870e578 Checksums of rya-project-3.2.10-source-release.zip: SHA1: dee4a5e4f8e74c4de614d02c7b17a5e0db132649 MD5: df4a47ae1232725bc95450f5e49de95c Release artifacts are signed with the following key: https://people.apache.org/keys/committer/mihalik.asc Issue that were closed/resolved for this release are here: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334209&styleName=Html&projectId=12319020 The vote will be open for 72 hours. Please download the release candidate and evaluate the necessary items including checking hashes, signatures, build from source, and test. The please vote: [ ] +1 Release this package as rya-project-3.2.10 [ ] +0 no opinion [ ] -1 Do not release this package because because...
To: dev@rya.incubator.apache.org Subject: [RESULT] [VOTE] Release Rya (Incubating) version 3.2.10 RC1 Hello, The vote to release Rya (Incubating) version 3.2.10 RC1 has passed/failed. +1 (binding): (Members of PPMC) +1 (non binding): (Everyone else) ...if vote was successful.. I will promote the artifacts to the central repo. ...if vote was unsuccessful.. List JIRA tasks blocking successful release. These tasks should address the concerns raised during the voting process.
git tag -d v3.2.10-RC1 git push origin :refs/tags/v3.2.10-RC1 git branch -D 3.2.10-RC1 git push origin --delete 3.2.10-RC1
- On windows, I've found that I need to update my hosts file to add my ip and my machine name (something like 10.aaa.bbb.ccc mymachinename)
- Close all VPNs
- Do not use strange DNS machines. just use the default ones your network/isp provides
- McAfee Virus Scan may slow things down and throw off the test
When merging a pull request, it's important to verify whether or not new commits are pulling in any third party
dependencies that are incompatible with ASF. To check whether the pull request contains invalid dependencies issue
the following command in your terminal:
>> mvn license:aggregate-add-third-party
This will generate a file THIRD-PARTY.txt in the directory target/generated-sources/license/ that lists the license for each java file in the jar. You can now grep the directory for all licenses which are
not ASF approved licenses.
egrep -iv "BSD|ASF|MIT|CDDL|EPL|Apache|Eclipse|Public Domain" target/generated-sources/license/THIRD-PARTY.txt
The above grep command does a case insensitive search over all instances of THIRD-PARTY.txt in the project for licenses that are not in the list approved Apache Licenses .
How to do this:
http://stackoverflow.com/questions/3500388/finding-out-the-licenses-of-jar-libraries
The Maven "Project Info Reports" plugin produces a Dependencies report that includes the Licenses for the dependencies.
References:
http://www.apache.org/dev/publishing-maven-artifacts.html