Prerequisites
Before entering into this process you need to ensure you will be able to cryptographically sign the final result in such a way that others can validate the signature. This can be a confusing process. Here are links to several documents that should help.
- http://www.apache.org/dev/openpgp.html
- http://www.apache.org/dev/release-signing.html
- http://httpd.apache.org/dev/verification.html
Discuss
Send a [DISCUSS] email to the dev@knox list proposing a release.
Prepare
In preparation for each release there are a number of sub-steps required to ensure that that the project's repository is in a suitable state for branching.
Start with clean local repo
This can be a fresh clone or just a repo that has no pending changes or extraneous files in.
Switch to the branch that you will branch from
In this step we need to check out the previous release branch or some other existing branch from which we will create our new one.
List existing branches:
git branch -al * master remotes/origin/HEAD -> origin/master remotes/origin/master remotes/origin/v0.2.0 remotes/origin/v0.3.0 remotes/origin/v{X.Y.Z-1}
Check out the previous (release) branch:
git checkout -t origin/v{X.Y.Z-1}
Tag Branch Point and Branch
This step tags the point in time of when the branching starts within the remote repo.
git tag --annotate v{X.Y.Z}-branch --message "Branch point for v{X.Y.Z}" git push origin --tags
Switch to the new branch
Check out the branch that is intended for this release:
git checkout -b v{X.Y.Z} git push --set-upstream origin v{X.Y.Z}
Clone & Checkout Branch
This step does a couple things for us:
- it ensures that the branch is actually there and available
- it ensures that our local repository to work from is clean
git clone -b v{X.Y.Z} https://git-wip-us.apache.org/repos/asf/knox.git knox-{X.Y.Z} cd knox-{X.Y.Z}
Cherry pick previous commits from master
You can use cherry-pick to pull commits in from existing branches.
To pull the changeset for the commit at the tip of the master branch:
git cherry-pick origin/master
Search for and replace all occurrences of the previous branch versions within the project's files
All build artifacts that contain the previous branch's version need to be updated with the new version to reflect this new branch.
grep -r "0\.3\.0" .
Change all occurrences as appropriate.
Update version numbers on master branch (from A.B.C-SNAPSHOT to D.E.F-SNAPSHOT) and push changes
Update version numbers on release branch (from A.B.C-SNAPSHOT to A.B.C) and push changes
Update CHANGES
Update CHANGES with release date (Release X.Y - MM/dd/yyyy) and (if needed) add additional changelog entries.
The CHANGES file can be found in gateway-release/home
Update documentation
Build, Test and Push Changes
git pull git commit --all --message "Updating branch." ant verify git push
Create a new Jenkins job to build the release. It should call these two commands. It is probably best to copy the previous releases job.
Assuming that you have proper karma for creating new Jenkins jobs, you will see a link to create a new one.
From that link you will be provided a page to select how to proceed; select copy existing job.
The Copy from text box will auto complete as you type - start with "Knox-" and select the job to copy from.
Ensure that the following form reflects the following values within various form elements:
- maven
- -Prelease clean install
- ant post-build
Be sure to change any versions to reflect "v{X.Y.Z}"
Upon successful creation of the new job, you may manually kick off a build with the Build Now button.
Download the release candidate
ant download-candidate
Sanity Test
Do some basic manual testing to see if release looks ok. For example do and install and run through a few of the samples.
Sign
ant sign-candidate
This will prompt you for your passphrase for each signed archive.
Verify Signatures
Verify the hashes and signatures. First change into the distribution directory.
cd candidate
Verify the signatures for both the source and binary distribution. Note: This assumes that gpg is installed.
gpg --verify knox-{X.Y.Z}-src.zip.asc knox-{X.Y.Z}-src.zip gpg --verify knox-{X.Y.Z}.zip.asc knox-{X.Y.Z}.zip gpg --verify knox-{X.Y.Z}.tar.gz.asc knox-{X.Y.Z}.tar.gz
Verify the SHA-1 hashes for both the source and binary distribution. Note: This assumes a Linux or MacOS environment with openssl installed.
cat knox-{X.Y.Z}-src.zip.sha && openssl sha1 knox-{X.Y.Z}-src.zip cat knox-{X.Y.Z}.zip.sha && openssl sha1 knox-{X.Y.Z}.zip cat knox-{X.Y.Z}.tar.gz.sha && openssl sha1 knox-{X.Y.Z}.tar.gz
Verify the MD5 digest for both the source and binary distribution. Note: This assumes a Linux or MacOS environment with openssl installed.
cat knox-{X.Y.Z}-src.zip.md5 && openssl md5 knox-{X.Y.Z}-src.zip cat knox-{X.Y.Z}.zip.md5 && openssl md5 knox-{X.Y.Z}.zip cat knox-{X.Y.Z}.tar.gz.md5 && openssl md5 knox-{X.Y.Z}.tar.gz
Tag Release Candidate
git tag --annotate vX.Y.Z-rcN --message "vX.Y.Z-rcN" git push origin --tags
Stage
Follow the instructions output by the sign step above. Basically execute this command.
cd .. ant stage-candidate
Community reviews the RC
https://dist.apache.org/repos/dist/dev/knox/
ant download-stage verify-stage
Vote
Send a [VOTE] email to the dev@knox list. A template was output by the sign step above as target/vote.eml
.
From: ${release-manager}@apache.org To: dev@${gateway-project}.apache.org Subject: [VOTE] Release ${gateway-name} ${gateway-version} A candidate for the ${gateway-name} ${gateway-version} release is available at: https://dist.apache.org/repos/dist/dev/${gateway-project}/${gateway-project}-${gateway-version}/ The release candidate is a zip archive of the sources in: https://git-wip-us.apache.org/repos/asf/knox.git Branch v${gateway-version} (git checkout -b v{gateway-version}) The SHA1 checksum of the archive is ${checksum}. The KEYS file for signature validation is available at: https://dist.apache.org/repos/dist/release/knox/KEYS Please vote on releasing this package as ${gateway-name} ${gateway-version}. The vote is open for the next 72 hours and passes if a majority of at least three +1 ${gateway-name} PMC votes are cast. [ ] +1 Release this package as ${gateway-name} ${gateway-version} [ ] -1 Do not release this package because...${line.separator}
Iterate based on feedback until vote passes
Once vote passes, tag the release:
git tag --annotate v{X.Y.Z}-release --message "Release of v{X.Y.Z}" git push origin --tags
Promote
ant promote-release
Verify that the results are accessible.
https://dist.apache.org/repos/dist/release/knox/
Publish to Maven Repository
Preparation
- Setup your ~/.m2/settings.xml file as described here.
- Make sure you encrypt your passwords as described here.
Staging
This special variant of the build command will build and publish the release to a staging are in the Apache Nexus repo.
Note: Get your gpg passphrase in your paste buffer you will need it MANY times.
If someone can figure out how to use gpg-agent properly they should document it.
mvn -Papache-release -Drepo.id=apache.releases.https deploy
Release
Once that completes, login to the Apache Maven Nexus staging repositories with your Apache credentials and:
- Select "Staging Repositories" from "Build Promotion" on the left.
- Close the stage with the Close button at the top of the repo list. For the Description field use Apache Knox 0.5.1 Staged
- Release the stage with the Release button at the top of the repo list. For the Description field Apache Knox 0.5.1 Release
Wait 24 hours for release to propagate to mirrors.
Update site
Update news in News.
Create version in JIRA for release X.Y.
Send announcements to the user and developer lists.
Update CHANGES with header for new changes
Trademarks
Apache Knox Gateway, Apache, the Apache feather logo and the Apache Knox Gateway project logos are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
License
Apache Knox uses the standard Apache license.
Privacy Policy
Apache Knox uses the standard Apache privacy policy.