Geronimo 2.1.7 Release Process
Reference http://www.apache.org/dev/publishing-maven-artifacts.html
Release Checklist
1. Better to use linux
- Dos line endings makes all unix shell scripts unexecutable
2. mvn rat:check
- During deal with the 2.1.7 release, I found the maven rat plugin(1.0-alpha-3, latest) seems have some bugs to me.
- incorrect number of unapproved licenses reported by rat:check. This should be resolved in 1.0-alpha-4, but it has not released yet..(http://incubator.apache.org/rat/apache-rat-plugin/changes-report.html
) - If I designated the profile, for example -Pall-subprojects, rat:check won't run in any of the subprojects.
If I designated -Pno-it, rat:check will run only in testsuite subproject.
If I designated -Ptools, which does not contain any subprojects, it will run in all subprojects.
So, the program logic is inverted.. I have to use -Ptools to do rat:check..
- incorrect number of unapproved licenses reported by rat:check. This should be resolved in 1.0-alpha-4, but it has not released yet..(http://incubator.apache.org/rat/apache-rat-plugin/changes-report.html
3. Manually update some files:
- delete all pom.xml files, and then search "SNAPSHOT"
- update ##VERSION## in README.txt and RELEASE-NOTES-2.1.7-SNAPSHOT.txt
- svn rename RELEASE-NOTES-2.1.7-SNAPSHOT.txt to RELEASE-NOTES-2.1.7.txt
- list JIRAs in RELEASE-NOTES-2.1.7.txt (bugs, improvement, new features, limitations)
- Check the copyright year number in NOTICE file
- commit them
4. mvn release:prepare -DdryRun=true -Pall-subprojects
- Diff the original file pom.xml with the one called pom.xml.tag to see if the license or any other info has been removed. This has been known to happen if the starting <project> tag is not on a single line.
- The only things that should be different between these files are the <version> and <scm> elements. Any other changes you must backport yourself to the original pom.xml file and commit before proceeding with the release.
- compare the numbers of pom.xml, pom.xml.tag, pom.xml.releaseBackup
- NOTE: the following 5 pom.xml files won't generate the pom.xml.tag and pom.xml.releaseBackup files
\buildsupport\geronimo-assembly-archetype\src\main\resources\archetype-resources\pom.xml
\buildsupport\geronimo-plugin-archetype\src\main\resources\archetype-resources\pom.xml
\buildsupport\testsuite-archetype-plugin\src\main\resources\archetype-resources\pom.xml
\buildsupport\testsuite-archetype-plugin\src\main\resources\archetype-resources\testset-1\pom.xml
\testsuite\enterprise-testsuite\ejbcontainer-tests\pom.xml
- NOTE: the following 5 pom.xml files won't generate the pom.xml.tag and pom.xml.releaseBackup files
5. Release Prepare
- This will update the versions in branch 2.1 and create tag
- mvn release:clean -Pall-subprojects
- mvn release:prepare -Pall-subprojects
6. Release Perform
- This will stage the release artifacts,
- mvn release:perform -Pall-subprojects
- In Apache nexus, click "close" https://repository.apache.org/index.html#welcome
7. Vote
- Vote in mailing list, meanwhile wait TCK results
- Post "RESULTxxx" when vote close.
8. Release artifacts
- In Apache nexus, click "release"
- the artifacts will be sync to maven central repo in some time.
9. Update geronimo-plugins.xml
- delete your local ~/.m2/repository/geronimo-plugins.xml
- build tag 2.1.7, then will generate a new geronimo-plugins.xml in ~/.m2/repository/
- do the actions as described here – https://cwiki.apache.org/GMOxPMGT/geronimo-server-release-process.html – in step 12.
10. Upload artifacts to dist
- Upload artifacts to http://www.apache.org/dist/geronimo/
- Copy https://svn.apache.org/repos/asf/geronimo/KEYS to people.apache.org:/www/www.apache.org/dist/geronimo/KEYS if your public key is not in it (one time)
- Upload the artifacts and their checksums to people.apache.org:/www/www.apache.org/dist/geronimo/2.1.5
- Ensure distribution directories have 0775 dir permission and a 0664 file permission set on them
- Copy https://svn.apache.org/repos/asf/geronimo/KEYS
11. Announce in Mailing list and Post news in homepage
- Modify frontpage and add a news.
- Modify http://geronimo.apache.org/downloads.html.
- Add a new page list the artifacts that can be downloaded.
12. Manaually update files in branch after release
- update 2.1.7 to ##VERSION## in README.txt and RELEASE-NOTES-2.1.7.txt
- svn rename RELEASE-NOTES-2.1.7.txt to RELEASE-NOTES-2.1.8-SNAPSHOT.txt
- remove the JIRA list in RELEASE-NOTES-2.1.8-SNAPSHOT.txt (bugs, improvement, new features, limitations)
- search "2.1.7" and change them to "2.1.8-SNAPSHOT"
- Update artifact-alias, add version 2.1.7 in artifact-alias after 2.1.7 release
- /framework/configs/pom.xml
- /plugins/client/pom.xml
- /plugins/corba/client-corba-yoko/pom.xml
- /plugins/pom.xml
- commit them
Prerequisite
1. Use Genesis 2.0 as a parent pom
<parent> <groupId>org.apache.geronimo.genesis</groupId> <artifactId>genesis-java5-flava</artifactId> <version>2.0</version> </parent>
- genesis-java5-flava-2.0.pom
- genesis-default-flava-2.0.pom
- genesis-2.0.pom
- apache-6.pom
- genesis-2.0.pom
- genesis-default-flava-2.0.pom
2. Use Maven 2.2.1
- Enable Apache Servers (refer: http://maven.apache.org/developers/committer-settings.html)
<settings>
...
<servers>
<!-- To publish a snapshot of some part of Maven -->
<server>
<id>apache.snapshots.https</id>
<username> <!-- YOUR APACHE LDAP USERNAME --> </username>
<password> <!-- YOUR APACHE LDAP PASSWORD --> </password>
</server>
<!-- To publish a website of some part of Maven -->
<server>
<id>apache.website</id>
<username> <!-- YOUR APACHE LDAP USERNAME --> </username>
<filePermissions>664</filePermissions>
<directoryPermissions>775</directoryPermissions>
</server>
<!-- To stage a release of some part of Maven -->
<server>
<id>apache.releases.https</id>
<username> <!-- YOUR APACHE LDAP USERNAME --> </username>
<password> <!-- YOUR APACHE LDAP PASSWORD --> </password>
</server>
<!-- To stage a website of some part of Maven -->
<server>
<id>stagingSite</id> <!-- must match hard-coded repository identifier in site:stage-deploy -->
<username> <!-- YOUR APACHE LDAP USERNAME --> </username>
<filePermissions>664</filePermissions>
<directoryPermissions>775</directoryPermissions>
</server>
...
</servers>
</settings>
reference:
It is highly recommended to use Maven's password encryption capabilities for your passwords.
http://maven.apache.org/guides/mini/guide-encryption.html
3. Setup PGP Keys (for the ones who be the release manager the first time)
- Download gnupg2
- Generate your PGP Key (refer: http://www.apache.org/dev/openpgp.html) so that maven-release-plugin can sign your built artifacts when do release:perform
- How To Avoid SHA-1
- How To Generate a Strong Key
- Update Maven's settings.xml with following:
<settings> ... <profiles> <profile> <id>apache-release</id> <properties> <gpg.passphrase> <!-- YOUR KEY PASSPHRASE --> </gpg.passphrase> </properties> </profile> </profiles> ... </settings> - Meanwhile, append your public key to https://svn.apache.org/repos/asf/geronimo/KEYS and people.apache.org:/www/www.apache.org/dist/geronimo/KEYS so that user can verify the artifacts you released.
- gpg --gen-key
- RSA and RSA (default), 4096
- gpg --list-sigs "xxxxxx" && gpg --armor --export "xxxxxx" > xxxxxx.key
- "cat" your public key to above KEYS file
- gpg --gen-key
reference:
http://maven.apache.org/developers/release/pmc-gpg-keys.html