vvysotskyi commented on a change in pull request #1937: DRILL-7230: Add README.md with instructions for release and release scripts URL: https://github.com/apache/drill/pull/1937#discussion_r359999029
########## File path: docs/dev/Release.md ########## @@ -0,0 +1,365 @@ +# Drill Release Process + +1. ## Setup release final cut-off date + + 1. Start mail thread on Apache dev list with the subject: + ``` + [DISCUSS] Drill 1.17.0 release + ``` + + Body example: + ``` + Hi Drillers, + + It's been several months since the last release and it is time to do the next one. I am volunteering to be the release manager. + + If there are any issues on which work is in progress, that you feel we *must* include in the release, please post in reply to this thread. Based on your input we'll define release cut off date. + + Kind regards + + Thanks + ``` + 2. Gather list of Jiras that need to be included in the release, discuss possible blockers. + 3. Identify final cut-off date. + 4. Before starting the release send a reminder to dev list that merge in Apache Drill master is forbidden during + release. + + Example: + ``` + Note for the committers: + until the release is not over and Drill version is not changed to 1.17.0-SNAPSHOT, please do not push any + changes into Drill master. + ``` + +2. ## Setup environment: + 1. ### GPG key: + You will need a GPG key set up. This key is needed for signing the release. + 1. Read [Apache docs for release signing](http://www.apache.org/dev/release-signing.html). + 2. Install the `gpg2` package on Ubuntu, or `gnupg` on MacOS. + 3. Generate GPG key using the **Apache email address** if it wasn't done before: + 1. Run `gpg --gen-key` and follow the instructions. + 2. Remember your passphrase. + 3. Save your key pair: + ``` + gpg --output mygpgkey_pub.gpg --armor --export MY_KEY_ID + gpg --output mygpgkey_sec.gpg --armor --export-secret-key MY_KEY_ID + ``` + 4. Or import existing GPG key pair if required: + ``` + gpg --import mygpgkey_pub.gpg + gpg --allow-secret-key-import --import mygpgkey_sec.gpg + ``` + 5. Have another committer signed your key (add to the trust chain). + Apache advises to do it at + [key signing parties](https://www.apache.org/dev/release-signing.html#key-signing-party). + 6. Make sure default key is the key generated using the Apache email. + 7. Publish your public key to a public server (e.g. http://pgp.surfnet.nl or http://pgp.mit.edu) + using Web-UIs or CLI (for example using the following command: + `gpg --keyserver hkp://pool.sks-keyservers.net --trust-model always --send-keys`) + 8. Add your key signature to the `KEYS` file in the Drill sources repo. Review comment: Good point, I have added additional info. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
