Licensed to the Apache Software Foundation (ASF) under one or more http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software |
Before entering into this process you need to ensure you will be able to cryptographically sign the final result in such a way that others can validate the signature. This can be a confusing process. Here are links to several documents that should help.
Send a [DISCUSS] email to the dev@knox list proposing a release.
In preparation for each release there are a number of sub-steps required to ensure that that the project's repository is in a suitable state for branching.
This can be a fresh clone or just a repo that has no pending changes or extraneous files in.
In this step we need to check out the previous release branch or some other existing branch from which we will create our new one.
List existing branches:
git branch -al * master remotes/origin/HEAD -> origin/master remotes/origin/master remotes/origin/v0.2.0 remotes/origin/v0.3.0 remotes/origin/v{X.Y.Z-1} |
Check out the previous (release) branch:
git checkout -t origin/v{X.Y.Z-1} |
This step tags the point in time of when the branching starts within the remote repo.
git tag --annotate v{X.Y.Z}-branch --message "Branch point for v{X.Y.Z}" git push origin --tags |
Check out the branch that is intended for this release:
git checkout -b v{X.Y.Z} git push --set-upstream origin v{X.Y.Z} |
This step does a couple things for us:
git clone -b v{X.Y.Z} https://gitbox.apache.org/repos/asf/knox.git knox-{X.Y.Z} cd knox-{X.Y.Z} |
You can use cherry-pick to pull commits in from existing branches.
To pull the changeset for the commit at the tip of the master branch:
git cherry-pick origin/master |
All build artifacts that contain the previous branch's version need to be updated with the new version to reflect this new branch.
grep -r "0\.3\.0" . |
Change all occurrences as appropriate.
git pull git commit --all --message "Updating branch." ant verify git push |
Assuming that you have proper karma for creating new Jenkins jobs, you will see a link to create a new one.
From that link you will be provided a page to select how to proceed; select copy existing job.
The Copy from text box will auto complete as you type - start with "Knox-" and select the job to copy from.
Ensure that the following form reflects the following values within various form elements:
Be sure to change any versions to reflect "v{X.Y.Z}"
Upon successful creation of the new job, you may manually kick off a build with the Build Now button.
You will be prompted for your Jenkins username and password.
ant download-candidate |
Do some basic manual testing to see if release looks ok. For example do and install and run through a few of the samples.
You will be prompted for your GPG passphrase.
ant sign-candidate |
This will prompt you for your passphrase for each signed archive.
Verify the hashes and signatures. First change into the distribution directory.
cd candidate |
Verify the signatures for both the source and binary distribution. Note: This assumes that gpg is installed.
export KNOX_VERSION={X.Y.Z} gpg --verify knox-${KNOX_VERSION}-src.zip.asc knox-${KNOX_VERSION}-src.zip gpg --verify knox-${KNOX_VERSION}.zip.asc knox-${KNOX_VERSION}.zip gpg --verify knox-${KNOX_VERSION}.tar.gz.asc knox-${KNOX_VERSION}.tar.gz gpg --verify knoxshell-${KNOX_VERSION}.zip.asc knoxshell-${KNOX_VERSION}.zip gpg --verify knoxshell-${KNOX_VERSION}.tar.gz.asc knoxshell-${KNOX_VERSION}.tar.gz |
Verify the SHA-256 and SHA-512 hashes for both the source and binary distribution. Note: This assumes a Linux or MacOS environment with openssl installed.
export KNOX_VERSION={X.Y.Z} cat knox-${KNOX_VERSION}-src.zip.sha256 && openssl sha256 knox-${KNOX_VERSION}-src.zip cat knox-${KNOX_VERSION}-src.zip.sha512 && openssl sha512 knox-${KNOX_VERSION}-src.zip cat knox-${KNOX_VERSION}.zip.sha256 && openssl sha256 knox-${KNOX_VERSION}.zip cat knox-${KNOX_VERSION}.zip.sha512 && openssl sha512 knox-${KNOX_VERSION}.zip cat knox-${KNOX_VERSION}.tar.gz.sha256 && openssl sha256 knox-${KNOX_VERSION}.tar.gz cat knox-${KNOX_VERSION}.tar.gz.sha512 && openssl sha512 knox-${KNOX_VERSION}.tar.gz cat knoxshell-${KNOX_VERSION}.zip.sha256 && openssl sha256 knoxshell-${KNOX_VERSION}.zip cat knoxshell-${KNOX_VERSION}.zip.sha512 && openssl sha512 knoxshell-${KNOX_VERSION}.zip cat knoxshell-${KNOX_VERSION}.tar.gz.sha256 && openssl sha256 knoxshell-${KNOX_VERSION}.tar.gz cat knoxshell-${KNOX_VERSION}.tar.gz.sha512 && openssl sha512 knoxshell-${KNOX_VERSION}.tar.gz |
git tag --annotate vX.Y.Z-rcN --message "vX.Y.Z-rcN" git push origin --tags |
Follow the instructions output by the sign step above. Basically execute this command. You will be prompted for your SVN username and password.
cd .. ant stage-candidate |
https://dist.apache.org/repos/dist/dev/knox/
You will be prompted for your SVN username and password.
ant download-stage verify-stage |
Send a [VOTE] email to the dev@knox list. A template was output by the sign step above as target/vote.txt
.
git tag --annotate v{X.Y.Z}-release --message "Release of v{X.Y.Z}" git push origin --tags |
You will be prompted for your SVN username and password.
ant promote-release |
https://dist.apache.org/repos/dist/release/knox/
Staging
This special variant of the build command will build and publish the release to a staging are in the Apache Nexus repo.
Note: Get your gpg passphrase in your paste buffer you will need it MANY times. If someone can figure out how to use gpg-agent properly they should document it.
This page contains some information about getting gpg-agent installed and running.
mvn -Papache-release -Drepo.id=apache.releases.https deploy |
If you have issues with the above command due to javadoc warnings, something like this can be done:
mvn -Dmaven.javadoc.failOnError=false -Papache-release -Drepo.id=apache.releases.https deploy |
Once that completes, login to the Apache Maven Nexus staging repositories with your Apache credentials and:
Update news in News.
svn delete https://dist.apache.org/repos/dist/release/knox/${OLD_VERSION} -m "Delete Knox ${OLD_VERSION} from dist.apache.org" |