EricJoy2048 commented on code in PR #217: URL: https://github.com/apache/incubator-seatunnel-website/pull/217#discussion_r1147216744
########## community/contribution_guide/release.md: ########## @@ -0,0 +1,631 @@ +# Become Apache Release Manager + +Release managers shepherd a release from an initial community consensus to getting the compiled code package to final distribution, and may be involved in publicizing the release to the project's community and the ASF in general. + +Tips: The Release Manager needs to have an Apache LDAP account, which means you need to become a Committer of the project before you can have an Apache LDAP account + +An Apache release is a set of valid, signed, artifacts, voted on by the appropriate PMC and distributed on the official ASF release infrastructure. + +For a release, you go through the following steps: +- Has code that complies with the software licensing requirements +- Decides as a community to make a release, and designates a release manager +- The release manager prepares and signs the proposed release materials +- The PMC votes on whether to approve the release +- If the vote passes, the release manager copies the artifacts to the distribution infrastructure. + +The source code and build process must comply with the ASF legal and intellectual property requirements for a valid release, and the project must have the infrastructure in place to correctly sign the release artifacts. + +## Environment Preparation +If this is the first time for a publisher to publish, you need to install the necessary environment, including the signature tool GnuPG and Maven repository certification-related preparations. + +### Install Git +Use to clone project source code locally. + +### Install GPG +Used to generate a digital signature, leaving a trail of every action you take. Apache's maven and SVN repositories both use GPG signatures to verify the validity of files. + +Download GnuPG binary releases from [the official GnuPG website](https://www.gnupg.org/download/index.html). + +Note: The commands of 1. x and 2. x versions of GnuPG are slightly different. The following description takes 2.2.28 as an example. After the installation, the GPG command is added to the system environment variable and is available. +```bash +# Check the version, which should be 2. x +gpg --version +``` + +### Install SHASUM +Used to generate signatures for files. + +### SVN +Used to pull the Apache Release SVN repository. Apache uses svn to host the release of the project. + +### MAVEN +Used to compile the project. + +## Environment Configuration +### Configure GPG KEY +#### Create the Key +```shell +gpg --gen-key +``` +```bash +gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) +Your selection? 1 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (3072) 4096 +Requested keysize is 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire + <n> = key expires in n days + <n>w = key expires in n weeks + <n>m = key expires in n months + <n>y = key expires in n years +Key is valid for? (0) 0 +Key does not expire at all +Is this correct? (y/N) y +``` + +As shown above, the options are: +- 1 +- 4096 +- 0 +- y + +In the process of configuring GPG, the key types selected are RSA and RSA (default), so the first option is 1, and the desired key size can be directly input the corresponding value. The third option is 0, indicating that the validity period of the key is never expired. Finally, input y to ensure that the above input is correct. + +```shell +You need a user ID to identify your key; the software constructs the user ID +from the Real Name, Comment and Email Address in this form: + "Heinrich Heine (Der Dichter) <[email protected]>" + +Real name: tyrantlucifer +Email address: [email protected] +Comment: The key of Apache SeaTunnel +You selected this USER-ID: + “tyrantlucifer (The key of Apache SeaTunnel) <[email protected]>” + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O +You need a password to protect your private key. +``` + +As shown above, you will need to specify your personal information and encryption password for this key. You will need to fill in the following information: +- Name +- Email (Apache Email) +- Comment for key +- Password (Very important, don't forget) + + +```shell +We need to generate a lot of random bytes. It is a good idea to perform +some other action (type on the keyboard, move the mouse, utilize the +disks) during the prime generation; this gives the random number +generator a better chance to gain enough entropy. + +gpg: key 0983DF85 marked as ultimately trusted +public and secret key created and signed. + +pub 4096R/0983DF85 2022-12-28 +keys fingerprint = AE63 FC40 ECCD 600D 724B 5625 05FD AE73 0983 DF85 +uid tyrantlucifer (The key of Apache SeaTunnel) <[email protected]> Review Comment: I see you use `tyrantlucifer` as an example, Can you add a explain about it in the begin of this document? Let user know `tyrantlucifer` only is an example and the release manager need use they own userid. On the other hand, you need hide the key about `tyrantlucifer` ensure don't leakage of critical information. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
