Do another full build inside the source tarbal
This document describes how to release Sentry. It is a work in progress and should be refined by the Release Manager (RM) as they come across aspects of the release process not yet documented here.
NOTE: This document outlines how to do a source only release. Releasing and publishing binary artifacts requires steps that are not outlined here.
NOTE: For the purpose of illustration, this document assumes that the version being released is 1.2.0-incubating, and the following development version will become 1.3.0-incubating
Prerequisites
Policy documents
Frequently asked questions for making Apache releases are available on Releases FAQ page. Guide to Release Management During Incubation also has good information on best practices for releasing artifacts from an incubating Apache project.
The Release Manager (RM) must go through the policy document to understand all the tasks and responsibilities of running a release.
Give a heads up
The RM should first create an umbrella issue and then setup a timeline for release branch point. The time for the day the umbrella issue is created to the release branch point must be at least two weeks in order to give the community a chance to prioritize and commit any last minute features and issues they would like to see in the upcoming release.
The RM should then send the pointer to the umbrella issue along with the tentative timeline for branch point to the developer lists (TODO: Also send to users list once we create one). Any work identified as release related that needs to be completed should be added as a subtask of the umbrella issue to allow users to see the overall release progress in one place.
To: dev@sentry.incubator.apache.org Subject: Work on $release release has started Created a tracking jira (jira#) for the Sentry $release and plan to branch tentatively on $date. What would you like to see included? Thanks, $RM
Sanitize JIRA
Before a release is done, make sure that any issues that are fixed have their fix version setup correctly. Run the following JIRA query to see which resolved issues do not have their fix version set up correctly:
project = sentry and resolution = fixed and fixVersion is empty
The result of the above query should be empty. If some issues do show up in this query that have been fixed since the last release, please bulk-edit them to set the fix version to '1.2.0'.
Move the unresolved jiras to the next release
project = sentry and fixVersion = 1.2.0 and status not in( resolved, done, Accepted, Closed)
You can also run the following query to make sure that the issues fixed for the to-be-released version look accurate:
project = sentry and fixVersion = '1.2.0'
Finally, check out the output of the JIRA release note tool to see which JIRAs are included in the release, in order to do a sanity check.
Monitor active issues
It is important that between the time the intent to release email is sent and the release branch is created, no experimental or potentially destabilizing work is checked into the trunk. While it is acceptable to introduce major changes, they must be thoroughly reviewed and have good test coverage to ensure that the release branch does not start of being unstable.
If necessary the RM can discuss if certain issues should be fixed on the trunk in this time, and if so what is the gating criteria for accepting them.
Creating Release Artifacts
Communicate with the community
- Send an email to dev list to
Notify that you are about to branch. Ask to hold off any commits until this is finished. - Send another email after branching is done.
Preparing branches
- Create a release branch
Clone fresh repository copy
git clone https://git-wip-us.apache.org/repos/asf/incubator-sentry.git cd sentry
Checkout master branch
git checkout master
Check that current HEAD points to commit on which you want to base new release branch. Checkout particular commit if not.
git log # Check current branch history. HEAD should point to commit that you want to be base for your release branch git checkout abcdef123 # Check out particular commit that should be base for release branch if -^
Create new release branch with name "branch-$version"
git checkout -b branch-1.2.0
Update CHANGELOG in the trunk to indicate the changes going into the new version.
The change list can be swiped from the JIRA release note tool (use the "text" format for the change log). See JIRA Cleanup above to ensure that the release notes generated by this tool are what you are expecting.
Remove -SNAPSHOT from the release branch and commit
find . -name pom.xml | xargs sed -i "" -e "s/X.Y.0-SNAPSHOT/X.Y.0/" git add . git commit -m "SENTRY-XXXX: Removing -SNAPSHOT from X.Y release branch"
Check your changes and push new branch to Apache repository
mvn package -Pdownload-hadoop git push origin branch-1.2.0
Check that branch was correctly propagated to Apache repository.
Prepare the trunk for next release (TODO: update change log?)
git checkout master find . -name pom.xml | xargs sed -i "" -e "s/1.2.0-SNAPSHOT/1.3.0-SNAPSHOT/" git add . git commit -m "SENTRY-XXXX: Preparing for sentry 1.3.0 development" git push origin master:master
- Send an email announcing new branch
To: dev@sentry.incubator.apache.org Subject: New release branch 1.2.0 I've just created new release branch for upcoming 1.2.0 incubating release. Please continue committing to master branch as usual. I'll cherry-pick commits to branch-1.2.0 on per needed basis. Thanks, $RM
Create release tar balls
Check out release branch
git checkout branch-1.2.0
Create tag on this commit to identify precise point where the RC was generated and push this tag to main repository
git tag -a release-1.2.0 -m "Sentry 1.2.0 incubating release" #Make sure compiles/tests run fine and rat check is fine mvn clean install -DskipTests mvn test mvn verify -DskipTests (to do the rat check) git push origin release-1.2.0
If an rc1, rc2, etc is needed, delete that tag before creating a new one:
git tag -d release-1.2.0 git push origin :refs/tags/release-1.2.0
Create temporary directory where you'll be preparing all required artifacts
mkdir -p /tmp/sentry-release-preparations
Create source artifact and move it to your temporary directory (TODO: git verify?)
git archive --format=tar --prefix=apache-sentry-1.2.0-incubating-src/ HEAD | gzip > /tmp/sentry-release-preparations/apache-sentry-1.2.0-incubating-src.tar.gz
Sanity Check
Make sure the tar and the rc match
cd /tmp/sentry-release-preparations tar -xvf apache-sentry-1.2.0-incubating-src.tar.gz #Do a fresh clone of the tag git clone https://git-wip-us.apache.org/repos/asf/incubator-sentry.git cd incubator-sentry/ git checkout tags/release-1.2.0 cd .. diff -r incubator-sentry apache-sentry-1.2.0-incubating-src
Make sure code compiles and tests pass on the untared src.
cd apache-sentry-1.2.0-incubating-src mvn clean install -DskipTests mvn test mvn verify -DskipTests (to do the rat check)
Signatures and Checksums
All artifacts must be signed and checksummed. In order to sign a release you will need a PGP key. You should get your key signed by a few other people. You will also need to recv their keys from a public key server. See the Apache release signing page for more details. If you add your PGP key fingerprint to your Apache profile, your key should automatically be added to https://people.apache.org/keys/group/sentry.asc
Create signatures and check sums (TODO: Use maven gpg plugin?)
1. Change your working directory to the temporal one
cd /tmp/sentry-release-preparations
2. Sing each file with your key
for file in *.tar.gz; do gpg --armor --output $file.asc --detach-sig $file; done
3. You can immediately verify your signature
for file in *.tar.gz; do gpg --verify $file.asc $file; done
4. Create md5 check sum
for file in *.tar.gz; do md5sum $file > $file.md5; done
5. Create sha1 check sum
for file in *.tar.gz; do sha1sum $file > $file.sha; done
6. Upload artifacts and all created check sums with signatures to your own web-space on people.apache.org
ssh people.apache.org "mkdir -p ~/public_html/sentry-1.2.0-rc0" scp * people.apache.org:~/public_html/sentry-1.2.0-rc0
Update KEYS file
If your PGP key is not yet in the project's KEYS file, you need to first add that in. To do this, checkout the KEYS file and update it using the following commands:
$ cd sentry-release$ (gpg --list-sigs <KEY-ID> && gpg --armor --export <KEY-ID> ) >> KEYS$ svn commit -m "Adding PGP public key to KEYS file" KEYS |
Once this file has been updated, you need to publish it in the appropriate dist directory for the project on http://www.apache.org/dist. To do this, you must copy the file as follows:
This will take some time to propagate in which you can continue with the other steps of the release process.
Some more things to verify before sending out an email
- Verify Signatures and hashes
- Verify DISCLAIMER, NOTICE and LICENCE (year etc)
- Should be in format apache-$project-$version-incubating.tar.gz
- All source file have correct headers (Rat check should be clean - mvn verify)
- No jar files or the like in the release
- Can compile successfully from source
- git tag matches the released bits (diff -rf)
Running the vote
Call for sentry dev list votes
Send an email to dev@sentry.incubator.apache.org list followed by general@incubator.apache.org For example,
To: dev@sentry.incubator.apache.org Subject: [VOTE] Release Sentry incubating version 1.2.0 This is the incubator release of Apache Sentry, version 1.2.0-incubating. It fixes the following issues: http://s.apache.org/VlU Source files : http://people.apache.org/~shreepadma/sentry-1.2.0/ Tag to be voted on (rc#): https://git-wip-us.apache.org/repos/asf/incubator-sentry/?p=incubator-sentry.git;a=commit;h=<commit-hash-of-the-tag> Sentry's KEYS containing the PGP key we used to sign the release: https://people.apache.org/keys/group/sentry.asc (or http://www.apache.org/dist/incubator/sentry/KEYS for non committers) Note that this is a source only release and we are voting on the source: tag=release-1.2.0, SHA=5e6e34202b26d7d5bc1a41e3dd4ad0cacd123e3f (You can get the hash of the tag by doing "git rev-list release-1.4.0 | head -n 1" ) Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Thanks, $RM
Need 3 +1 votes from PPMC members. Additionally need 3 +1 votes from IPMC members. The vote has to be called first on the dev list. Upon receiving 3 +1s from the PPMC, the vote should be called on general@incubator.apache.org.
Binding votes are from IPMC member, and non-binding votes are from PPMC members.
You can close the vote after voting period expires when you accumulate sufficient votes. Send the closing email out to both dev@sentry.incubator.apache.org , and general@incubator.apache.org
Example close email:
Voting is now closed and has passed with the following tally, Binding +1s: Patrick Hunt, Arvind Prabhakar, Andrei Savu Non binding +1s: Xuefu Zhang, Jarcec Cecho, Ashish Paliwal. Thanks to everyone who voted! I'll continue with the rest of the release process. $RM
Rolling out the Release
Close JIRA version
You need to close the release in JIRA so that everyone knows that your version should not be used as "fixVersion" for new bugs. Go to JIRA "Administer project" page and follow "Versions" in left menu. Table with list of all releases should appear, click on additional menu on the right of your release and choose "Release" option. Submit release date and you're done.
Upload the artifacts
In order to release you have to checkout release repository located on https://dist.apache.org/repos/dist/release/incubator/sentry/ and add release artifacts there.
svn co https://dist.apache.org/repos/dist/release/incubator/sentry/ sentry-release cd sentry-release mkdir 1.2.0-incubating/ cp $source_to_your_artifacts 1.2.0-incubating/ svn add 1.2.0-incubating
It may take up to 24 hours for all mirrors to sync up (http://www.apache.org/dyn/closer.cgi/incubator/sentry/)
Announce the release
Send an email to announce@apache.org (the from: address must be @apache.org). For example,
To: announce@apache.org, dev@sentry.incubator.apache.org Subject: [ANNOUNCE] Apache Sentry 1.2.0 incubating released The Apache Sentry team is happy to announce the release of version 1.2.0-incubating from the Apache Incubator.Apache Sentry is a system to enforce fine grained role based authorization to data and metadata stored on a Hadoop cluster. The release bits are available at: http://www.apache.org/dyn/closer.cgi/incubator/sentry The change list is available at: http://s.apache.org/VlU We would like to thank all contributors who made the release possible. Disclaimer Apache Sentry is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. Regards, Sentry team
Update the website
- Update the website:
- Add the release to the downloads
- Add the release to the history page
- Update how to release page with your experience
