vidakovic commented on a change in pull request #1292: URL: https://github.com/apache/fineract/pull/1292#discussion_r478221642
########## File path: README.md ########## @@ -353,6 +353,41 @@ Releasing [How to Release Apache Fineract](https://cwiki.apache.org/confluence/x/DRwIB) documents the process how we make the source code that is available here in this Git repository into a binary release ZIP available on http://fineract.apache.org. +Before you use Gradle to create a release you need to make sure that your GPG is properly setup and that you have set the following properties in your ~/gradle/gradle.properties: +``` +signing.gnupg.keyName=7890ABCD +signing.gnupg.passphrase=secret +``` + +IMPORTANT: Do not set your GPG secrets in one of the project gradle.properties and double check that you are not accidentally committing them to Git. + +NOTE: Let's assume your GPG key ID would be "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890ABCD" then you have to use the last 8 characters (i. e. "7890ABCD") for the signing plugin property "signing.gnupg.keyName". + +Execute the following task to create a distribution with an ASCII armored signature (.asc) and a SHA512 checksum file (.sha512): +``` +./gradlew -Pfineract.release clean build +``` + +Above task will create the following files in folder build/distributions: + +- distribution file: apache-fineract-1.4.0-binary.tar.gz +- ASCII armored signatures: apache-fineract-1.4.0-binary.tar.gz.asc +- SHA512 checksum: apache-fineract-1.4.0-binary.tar.gz.sha512 + +Verify the validity of the release distribution with: +``` +gpg --verify build/distributions/apache-fineract-1.4.0-binary.tar.gz.asc +``` Review comment: Good point, I'll add this. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
