Versions Compared

Old Version 10

changes.mady.by.user Donald Woods

Saved on

compared with

New Version 11

changes.mady.by.user Donald Woods

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added new Steps #8 to run rat:check

...

  1. Download and install the Gnu Privacy Guard (GPG) from http://www.gnupg.org. Read the documentation on that site and create a key. Have the key signed and verified by others. Submit your public key to http://pgp.mit.edu/. This is a one time process.
  2. Be sure that you have your ~/.m2/settings.xml updated as specified above in Releasing a Geronimo Project
  3. Copy (or move as per situation, for eg specs) the trunk/branch to the new branch using the following command.
    No Format
    svn mv SRC-URL DEST-URL -m "Reason for this commit".
  4. Checkout or update this branches tree on your machine.
  5. Update the <scm> urls in the pom.xml to point to the final url in tags. Eg:
    Code Block
    xml
    xml
    <scm>
     <connection>scm:svn:http://svn.apache.org/repos/asf/geronimo/specs/tags/geronimo-servlet_2.5_spec-1.1</connection>
     <developerConnection>scm:svn:https://svn.apache.org/repos/asf/geronimo/repos/asf/geronimo/specs/tags/geronimo-servlet_2.5_spec-1.1</developerConnection>
     <url>http://svn.apache.org/viewvc/geronimo/repos/asf/geronimo/specs/tags/geronimo-servlet_2.5_spec-1.1</url>
</scm>
  6. Add the following release profile to the root pom.xml (Note: This is a subset of the profile included in the maven release process). This will utilize the maven gpg plugin to sign the artifacts produced and the maven deploy plugin to stage the release to your people.apache staging location but will not utilize the maven release plugin to create the tag, rename versions, etc...
    Code Block
    xml
    xml
    <profile>
          <id>release</id>
            <build>
                <plugins>
                    <!-- We want to sign the artifact, the POM, and all attached artifacts -->
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-gpg-plugin</artifactId>
                        <inherited>true</inherited>
                        <configuration>
                            <passphrase>${gpg.passphrase}</passphrase>
                        </configuration>
                        <executions>
                            <execution>
                                <goals>
                                    <goal>sign</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>
                    <!-- We want to deploy the artifact to a staging location for perusal -->
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-deploy-plugin</artifactId>
                        <inherited>true</inherited>
                        <configuration>
                            <altDeploymentRepository>${deploy.altRepository}</altDeploymentRepository>
                            <updateReleaseInfo>true</updateReleaseInfo>
                        </configuration>
                    </plugin>
                </plugins>
            </build>
        </profile>
  7. Build the new branches tree as you normally would (including the testsuite) to ensure that it is correct.
    No Format
        mvn install
  8. After verifying the updated branch can be built and all tests pass, use the rat-maven-plugin to verify that the source contains required license headers.
    No Format
    
    find . -name target | xargs rm -rf
    mvn rat:check
    Note

    There are a few source files that cannot contain license headers due to the expected format of the file (like LogFactory classes.) Compare these files against the last release to verify it's okay to release them without headers and ask the prior release manager and/or dev list for guidance.

  9. Stage the release for a vote.
    When you are ready to create a release candidate, clean out the previous build results from the branches tree (otherwise assemblies will not be rebuilt correctly) and rebuild (without tests or testsuite) to now deploy the artifacts to the staging site that will be used for the release vote using the following command.
    No Format
    Server 2.0.x/2.1.x -
    find . -name target | xargs rm -rf
    mvn -Pstaging deploy
Server 2.2 -
    find . -name target | xargs rm -rf
    mvn -Prelease,no-it deploy
    Note

    Be extremely careful with this step. There have been times when a slight modification in the above command will result in items being deployed directly to the rsync location rather than to the staging location.
    Before running this step, verify that there is a corresponding "staging" or "release" profile in pom.xml.
    If there are issues/problems with the deploy to the staging location you may have to stage to a local repository and then scp the content to an apache staging location.

  10. Export and tar/zip the source to be voted on for the release using the following commands:
    No Format
    svn export https://svn.apache.org/repos/asf/geronimo/server/branches/2.1.2 geronimo-2.1.2-src
tar -zcvf geronimo-2.1.2-src.tar.gz geronimo-2.1.2-src
    Also create a zip of the source image.
  11. Create a distribution directory. It should contain the following artifacts for the vote:
    1. Source tar & zip
    2. All assembly images that are part of the vote. This is bot for convenience of the voters and to serve as a distribution location once the vote is complete.
    3. Release notes, README, LICENSE, NOTICE, and DISCLAIMER
  12. Create appropriate md5, sha1, and signatures (asc) for the artifacts added manually. A script similar to this can be used to create the checksums and signature:
    Panel
    titlesignDist.sh
    borderStylesolid

    gpg --print-md MD5 ./geronimo-2.1.2-src.tar.gz > ./geronimo-2.1.2-src.tar.gz.md5
    gpg --print-md MD5 ./geronimo-2.1.2-src.zip > ./geronimo-2.1.2-src.zip.md5
    gpg --print-md MD5 ./RELEASE_NOTES-2.1.2.txt > ./RELEASE_NOTES-2.1.2.txt.md5
    gpg --print-md MD5 ./README.txt > ./README.txt.md5
    gpg --print-md MD5 ./NOTICE.txt > ./NOTICE.txt.md5
    gpg --print-md MD5 ./LICENSE.txt > ./LICENSE.txt.md5
    gpg --print-md MD5 ./DISCLAIMER.txt > ./DISCLAIMER.txt.md5
    gpg --print-md SHA1 ./geronimo-2.1.2-src.tar.gz > ./geronimo-2.1.2-src.tar.gz.sha1
    gpg --print-md SHA1 ./geronimo-2.1.2-src.zip > ./geronimo-2.1.2-src.zip.sha1
    gpg --print-md SHA1 ./RELEASE_NOTES-2.1.2.txt > ./RELEASE_NOTES-2.1.2.txt.sha1
    gpg --print-md SHA1 ./README.txt > ./README.txt.sha1
    gpg --print-md SHA1 ./NOTICE.txt > ./NOTICE.txt.sha1
    gpg --print-md SHA1 ./LICENSE.txt > ./LICENSE.txt.sha1
    gpg --print-md SHA1 ./DISCLAIMER.txt > ./DISCLAIMER.txt.sha1
    gpg --armor --output ./geronimo-2.1.2-src.tar.gz.asc --detach-sig ./geronimo-2.1.2-src.tar.gz
    gpg --armor --output ./geronimo-2.1.2-src.zip.asc --detach-sig ./geronimo-2.1.2-src.zip
    gpg --armor --output ./RELEASE_NOTES-2.1.2.txt.asc --detach-sig ./RELEASE_NOTES-2.1.2.txt
    gpg --armor --output ./README.txt.asc --detach-sig ./README.txt
    gpg --armor --output ./NOTICE.txt.asc --detach-sig ./NOTICE.txt
    gpg --armor --output ./LICENSE.txt.asc --detach-sig ./LICENSE.txt
    gpg --armor --output ./DISCLAIMER.txt.asc --detach-sig ./DISCLAIMER.txt

    Note

    Ensure that your public PGP key is in appropriate public locations (esp. /www/www.apache.org/dist/geronimo/KEYS on people and http://pgp.mit.edu/) and that your pgp key has been signed by several other apache committers to create a web of trust.

  13. Copy the entire distribution directory to a publicly accessible location. Put it for a vote along with the staging release you created earlier. In the vote notice, please include the precise names and versions being voted on (e.g. geronimo-jetty6-javaee5-2.1.2) and the svn urls to the current source and where the tag will be created.
  14. Copy from the staging repo to the production repo.
    Once the release is deemed fit for public consumption it can be transfered to a production repository where it will be available to all users. Note: Current version of the stage plugin is 1.0-alpha-1.
    Here is an example on how to use the stage plugin:
    No Format
    mvn stage:copy -Dsource="http://people.apache.org/<your apache id>/staging-repo/<siteId>" \
  -Dtarget="scp://people.apache.org/www/people.apache.org/repo/m2-ibiblio-rsync-repository" \
  -Dversion=2.1.2 \
  -DtargetRepositoryId=apache.releases
    Note

    The version parameter is currently ignored but specify the correct version anyway. The entire staging repository is synced, not just the given version or the current project.

    Note

    Also note, this process has been known to have problems at times if a maven version other than 2.0.8 is used.

  15. Copy the distribution content from the staging location to the production repo.
    From your people apache account copy the distribution content to the appropriate location under /www/www.apache.org/dist/geronimo/
    Info

    Ensure that the files you copy to the rsync directory have 0775 dir permission and a 0664 file permission set on them.

  16. Move the branches to tags using the following command.
    No Format
    svn mv SRC-URL DEST-URL -m "Reason for this commit".
  17. Update the Geronimo site download pages with a new page for the release Geronimo Downloads . Include the list JIRA for know issues by first generating a JIRA query for the release, right clicking on the XML format and saving the url to inclusion in the download page.

  18. Administer the GERONIMO JIRA project to update the released and unreleased versions

  19. Update the Geronimo Home Page with a News item that a new Geronimo Server release is available

  20. Final step is to update the Geronimo Release Roadmaps with the release date.

...