Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpcomponents Wiki" for change notification.
The "HttpComponentsCoreReleaseProcess" page has been changed by SebastianBazley. The comment on this change is: Settings.xml; encrypted password; rename/delete RC tag. http://wiki.apache.org/HttpComponents/HttpComponentsCoreReleaseProcess?action=diff&rev1=24&rev2=25 -------------------------------------------------- = HttpComponents Core Release Process = - == Release preparation == + == Preparations for using Nexus and uploading files == - * Make sure there are no open Jira issues targeted for this release + * If you have not done so already, create a master password. + See http://maven.apache.org/guides/mini/guide-encryption.html + The master password should be stored on a USB stick if your host system is not secure. + ''Note'' The plain-text master password does not seem to be needed, once it has been used to create the encrypted master password. + Create the ~/.m2/settings-security.xml file, for example: {{{ + <settingsSecurity> + <relocation>/USB/settings-security.xml</relocation> + </settingsSecurity>}}} - https://issues.apache.org/jira/browse/HTTPCORE + This should point to the file containing the master password:{{{ + <settingsSecurity> + <master>{Encrypted master password goes here}</master> + </settingsSecurity>}}} - * Review RELEASE_NOTES.txt and make sure all important issues closed since the previous release are included in the release notes + If you are sure that your system is secure, then the master password can be stored directly in the ~/.m2/settings-security.xml file (as in the file above) + * Ensure that you have set up your Apache username and encrypted password in your settings.xml file, as below - * Write an opening statement for the release highlighting the most changes, bug fixed and improvements - - * Make sure you are using JDK 1.5 and a reasonably up to date version of Maven to build the packages - - {{{ - mvn -version - }}} - - * Generate pre-release JARs by running - - {{{ - mvn package - }}} - - * Test the contents of Maven artifacts (e.g. do all the jars contain suitable NOTICE, LICENSE and MANIFEST files?) by doing a test deploy. - The artifacts are saved to the relevant ''target/deploy'' directory. - (Note: the ''gpg.skip'' and ''skipTests'' qualifiers can be used to speed up the command.) - - {{{ - mvn deploy -Ptest-deploy -Prelease [-Dgpg.skip -DskipTests] - }}} - - - * If this is a non-ALPHA release, verify binary compatibility with the previous stable baseline version. Baseline version is the latest stable xx.yy.00 release - - {{{ - mvn clirr:check - }}} - - Please note Clirr currently can't handle Java 5 constructs very well and it can generate bogus errors about incompatibility of {{{Enum}}}s - - {{{ - [INFO] [clirr:check {execution: default-cli}] - [INFO] Comparing to version: 4.0 - [ERROR] org.apache.http.impl.nio.reactor.SSLMode: Method 'public org.apache.http.impl.nio.reactor.SSLMode[] values()' is now final - [ERROR] org.apache.http.nio.reactor.IOReactorStatus: Method 'public org.apache.http.nio.reactor.IOReactorStatus[] values()' is now final - }}} - - * Review the following pages - - {{{ - src/site/apt/download.apt - src/site/apt/index.apt - }}} - - and make adjustments that are necessary - - * Deploy the site to a staging directory and review the resultant site before committing the changes - - {{{ - mvn site site:stage -Dmaven.clover.licenseLocation=<path>/clover.license -DstagingDirectory=<path>/stage - }}} - - You may need to re-build the site several times until fully satisfied with its content and appearance - - Remark: ASF committers can obtain a copy of Clover2 license donated to the ASF at this location - https://svn.apache.org/repos/private/committers/donated-licenses/clover - - Remark: stagingDirectory MUST be an absolute path - - Remark: due to limitations of the docbkx plugin the tutorial will not be copied to the staging directory - - * Package the content of the staging directory - - * Generate release javadocs - - {{{ - mvn javadoc:aggregate - }}} - - * Generate tutorial - - {{{ - mvn docbkx:generate-pdf docbkx:generate-html - }}} - - * Generate release packages - - {{{ - mvn package assembly:assembly antrun:run - }}} - - * Use this script to sign release packages - - The script assumes presence of a functional gpg setup on the local system - - {{{ - #!/usr/bin/perl -w - # signs and checksums all files given as command line args - - foreach my $file (@ARGV) { - print $file."\n"; - - my $md5 = `md5sum $file`; - `echo "$md5" > $file.md5`; - $md5 =~ /(\w+)\s+/; - $md5 = $1; - # verify md5 - my $testMd5 = `openssl md5 < $file`; - chomp($testMd5); - if ($testMd5 ne $md5) { die 'md5 does not equal'; } - - `gpg --armor --output $file.asc --detach-sig $file`; - # verify signature - `gpg --verify $file.asc $file` - } - }}} - - * Upload the content of the staging directory, RELEASE_NOTES.txt, release packages and corresponding MD5 and signature files to a publicly accessible web space such as people.apache.org - - * Deploy pre-release snapshots to the Apache Nexus snapshot repository. - The snapshots will appear at https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/ - (This is also where the Hudson snapshots appear) - - {{{ - mvn deploy - }}} - - The command assumes presence of a functional gpg setup on the local system - - * Invite people on the [email protected] list to review the site, release notes, release packages and report problems - - == Building release packages == - - Rather than making the necessary changes in the current SVN tree, and then creating the tag from that, - we create a clean workspace from the current tree. - The version and SCM changes are applied to the new workspace, which is then used to create the tag. - This approach means that the current tree is never in a transitional state. - Also, ongoing changes to the current tree cannot affect the new workspace. - - * Make sure all the workspace is up to date - - {{{ - svn -u st - }}} - - * Checkout the current SVN tree (usually trunk) into a fresh directory - - {{{ - svn co https://svn.apache.org/repos/asf/httpcomponents/httpcore/trunk httpcore-4.2-beta3-RC1 - }}} - - * Manually update the top-level pom.xml of the project: put the release version (e.g. 4.2-beta3) as the artifact version and update the SCM details to refer to the final release tag (without the -RC1 suffix, as the tag will be renamed later). - - ''TODO - can this be done using the versions plugin?'' - - {{{ - pom.xml - }}} - - * Manually update pom.xml of all modules in the project to refer to the updated parent version - - {{{ - httpcore/pom.xml - httpcore-nio/pom.xml - httpcore-osgi/pom.xml - httpcore-ab/pom.xml - httpcore-benchmark/pom.xml - }}} - - * Double-check that the changes to the workspace look OK - The diff command should only show changes to the version and scm tags - - {{{ - svn diff - }}} - - * Commit the changes, creating the release tag in the process. - Note: this preserves history, and the commit message will show just the version and SCM changes as above - - {{{ - svn cp . https://svn.apache.org/repos/asf/httpcomponents/httpcore/tags/4.2-beta3-RC1 - }}} - - '''IMPORTANT''' the workspace is still attached to trunk, so do not perform a checkin. - - * Install release artifacts to the local Maven repository - - {{{ - mvn install - }}} - - * Generate release javadocs - - {{{ - mvn javadoc:aggregate - }}} - - * Generate tutorial - - {{{ - mvn docbkx:generate-pdf docbkx:generate-html - }}} - - * Build release packages - - {{{ - mvn package assembly:assembly antrun:run - }}} - - * Sign packages using the helper script (see previous section) - - * Deploy the Maven artefacts to the Nexus staging repository - - {{{ - mvn deploy -P release - }}} - - The 'release' profile parameter will cause release artifacts to be signed prior to deployment to Nexus - where will be held in the staging repository until they are promoted or deleted. - - The command assumes presence of a functional gpg setup on the local system. - - All official ASF release artifacts MUST be signed. - - * Login to Nexus (same login/password as for SVN and people), and navigate to the staging repository - * Check that the correct files are present (e.g. binary, source, Javadoc), and "Close" the upload directory. - * This will allow the files to be seen publicly, but the files won't be added to the Central Maven repo yet. - * You can then delete any unwanted files (such as .asc.md5 and .asc.sha1) (N.B. You cannot delete files until the upload is closed). - * Check that the files at the public URL look OK. - * If not, you can delete them all and try again. - - * The public URL, which will look something like https://repository.apache.org/content/repositories/orgapachehttpcomponents-nnn/, - should be copied into the Release Vote e-mail (see below). - - == Release vote == - - * Upload RELEASE_NOTES.txt, release packages and corresponding MD5 and signature files to a publicly accessible web space such as people.apache.org - - * Call release vote on the [email protected] list - - {{{ - [VOTE] HttpComponents Core ${VERSION} release - - Please vote on releasing these packages as HttpComponents Core ${VERSION}. The vote is open for the - at least 72 hours, and only votes from HttpComponents PMC members are binding. The vote passes if at least - three binding +1 votes are cast and there are more +1 than -1 votes. - - Packages: - [link] - - Release notes: - [link] - - Maven artefacts: - [link] - - SVN tag: - [link] - -------------------------------------------------------------------------- - Vote: HttpComponents Core ${VERSION} release - [ ] +1 Release the packages as HttpComponents Core ${VERSION}. - [ ] -1 I am against releasing the packages (must include a reason). - - }}} - - == Release vote result == - - * Tally votes after the voting deadline elapsed (usually 72 hours, but may be extended if not enough votes have been cast) - - * If the vote fails, address concerns / problems stated as reasons for negative votes and re-vote - * Login to Nexus and "Delete" the staged uploads - - * If the vote succeeds, send results to [email protected] and [email protected] - - {{{ - [VOTE][RESULT] HttpComponents Core ${VERSION} release - - The vote to release HttpComponents Core ${VERSION} has passed with the following results - - +1 (4 binding votes in total) - aaaa <aaaa -at- apache.org> * - bbbb <bbbb -at- apache.org> - cccc <cccc -at- apache.org> * - dddd <dddd -at- apache.org> * - eeee <eeee -at- apache.org> * - - -1 (1 binding vote in total) - - ffff <ffff -at- apache.org> * - - * binding votes - - Original voting thread: - [link] - }}} - - == Release deployment == - - * Review your local Maven settings (usually located in ~/.m2/settings.xml) - - It will make your life _infinitely_ easier if you have a functional GPG system installed and are able - to login into people.apache.org using your private key. If you are not comfortable with the idea of - having your phase stored in clear text on your disk either remove it from settings.xml once you - are done with the release deployment or consider storing settings.xml on an encrypted partition. {{{ ... @@ -319, +35 @@ <directoryPermissions>775</directoryPermissions> <filePermissions>644</filePermissions> </server> + <!-- To publish a release --> <server> <id>apache.releases.https</id> <username>${your apache id}</username> + <password>{encryptedpassword}</password> - <passphrase>${your GPG pass phrase}</passphrase> - <directoryPermissions>775</directoryPermissions> - <filePermissions>644</filePermissions> </server> + <!-- To publish a snapshot --> <server> <id>apache.snapshots.https</id> <username>${your apache id}</username> + <password>{encryptedpassword}</password> - <passphrase>${your GPG pass phrase}</passphrase> - <directoryPermissions>775</directoryPermissions> - <filePermissions>644</filePermissions> </server> </servers> ... + }}} + + == Release preparation == + + * Make sure there are no open Jira issues targeted for this release + + https://issues.apache.org/jira/browse/HTTPCORE + + * Review RELEASE_NOTES.txt and make sure all important issues closed since the previous release are included in the release notes + + * Write an opening statement for the release highlighting the most changes, bug fixed and improvements + + * Make sure you are using JDK 1.5 and a reasonably up to date version of Maven to build the packages + + {{{ + mvn -version + }}} + + * Generate pre-release JARs by running + + {{{ + mvn package + }}} + + * Test the contents of Maven artifacts (e.g. do all the jars contain suitable NOTICE, LICENSE and MANIFEST files?) by doing a test deploy. + The artifacts are saved to the relevant ''target/deploy'' directory. + (Note: the ''gpg.skip'' and ''skipTests'' qualifiers can be used to speed up the command.) + + {{{ + mvn deploy -Ptest-deploy -Prelease [-Dgpg.skip -DskipTests] + }}} + + + * If this is a non-ALPHA release, verify binary compatibility with the previous stable baseline version. Baseline version is the latest stable xx.yy.00 release + + {{{ + mvn clirr:check + }}} + + Please note Clirr currently can't handle Java 5 constructs very well and it can generate bogus errors about incompatibility of {{{Enum}}}s + + {{{ + [INFO] [clirr:check {execution: default-cli}] + [INFO] Comparing to version: 4.0 + [ERROR] org.apache.http.impl.nio.reactor.SSLMode: Method 'public org.apache.http.impl.nio.reactor.SSLMode[] values()' is now final + [ERROR] org.apache.http.nio.reactor.IOReactorStatus: Method 'public org.apache.http.nio.reactor.IOReactorStatus[] values()' is now final + }}} + + * Review the following pages + + {{{ + src/site/apt/download.apt + src/site/apt/index.apt + }}} + + and make adjustments that are necessary + + * Deploy the site to a staging directory and review the resultant site before committing the changes + + {{{ + mvn site site:stage -Dmaven.clover.licenseLocation=<path>/clover.license -DstagingDirectory=<path>/stage + }}} + + You may need to re-build the site several times until fully satisfied with its content and appearance + + Remark: ASF committers can obtain a copy of Clover2 license donated to the ASF at this location + https://svn.apache.org/repos/private/committers/donated-licenses/clover + + Remark: stagingDirectory MUST be an absolute path + + Remark: due to limitations of the docbkx plugin the tutorial will not be copied to the staging directory + + * Package the content of the staging directory + + * Generate release javadocs + + {{{ + mvn javadoc:aggregate + }}} + + * Generate tutorial + + {{{ + mvn docbkx:generate-pdf docbkx:generate-html + }}} + + * Generate release packages + + {{{ + mvn package assembly:assembly antrun:run + }}} + + * Use this script to sign release packages + + The script assumes presence of a functional gpg setup on the local system + + {{{ + #!/usr/bin/perl -w + # signs and checksums all files given as command line args + + foreach my $file (@ARGV) { + print $file."\n"; + + my $md5 = `md5sum $file`; + `echo "$md5" > $file.md5`; + $md5 =~ /(\w+)\s+/; + $md5 = $1; + # verify md5 + my $testMd5 = `openssl md5 < $file`; + chomp($testMd5); + if ($testMd5 ne $md5) { die 'md5 does not equal'; } + + `gpg --armor --output $file.asc --detach-sig $file`; + # verify signature + `gpg --verify $file.asc $file` + } + }}} + + * Upload the content of the staging directory, RELEASE_NOTES.txt, release packages and corresponding MD5 and signature files to a publicly accessible web space such as people.apache.org + + * Deploy pre-release snapshots to the Apache Nexus snapshot repository. + The snapshots will appear at https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/ + (This is also where the Hudson snapshots appear) + + {{{ + mvn deploy + }}} + + The command assumes presence of a functional gpg setup on the local system + + * Invite people on the [email protected] list to review the site, release notes, release packages and report problems + + == Building release packages == + + Rather than making the necessary changes in the current SVN tree, and then creating the tag from that, + we create a clean workspace from the current tree. + The version and SCM changes are applied to the new workspace, which is then used to create the tag. + This approach means that the current tree is never in a transitional state. + Also, ongoing changes to the current tree cannot affect the new workspace. + + * Make sure all the workspace is up to date + + {{{ + svn -u st + }}} + + * Checkout the current SVN tree (usually trunk) into a fresh directory + + {{{ + svn co https://svn.apache.org/repos/asf/httpcomponents/httpcore/trunk httpcore-4.2-beta3-RC1 + }}} + + * Manually update the top-level pom.xml of the project: put the release version (e.g. 4.2-beta3) as the artifact version and update the SCM details to refer to the final release tag (without the -RC1 suffix, as the tag will be renamed later). + + ''TODO - can this be done using the versions plugin?'' + + {{{ + pom.xml + }}} + + * Manually update pom.xml of all modules in the project to refer to the updated parent version + + {{{ + httpcore/pom.xml + httpcore-nio/pom.xml + httpcore-osgi/pom.xml + httpcore-ab/pom.xml + httpcore-benchmark/pom.xml + }}} + + * Double-check that the changes to the workspace look OK. + The diff command should only show changes to the version and scm tags. + + {{{ + svn diff + }}} + + * Commit the changes, creating the release tag in the process. + Note: this preserves history, and the commit message will show just the version and SCM changes as above + + {{{ + svn cp . https://svn.apache.org/repos/asf/httpcomponents/httpcore/tags/4.2-beta3-RC1 + }}} + + '''IMPORTANT''' the workspace is still attached to trunk, so do not perform a checkin. + + * Install release artifacts to the local Maven repository + + {{{ + mvn install + }}} + + * Generate release javadocs + + {{{ + mvn javadoc:aggregate + }}} + + * Generate tutorial + + {{{ + mvn docbkx:generate-pdf docbkx:generate-html + }}} + + * Build release packages + + {{{ + mvn package assembly:assembly antrun:run + }}} + + * Sign packages using the helper script (see previous section) + + * Deploy the Maven artefacts to the Nexus staging repository + + {{{ + mvn deploy -P release + }}} + + The 'release' profile parameter will cause release artifacts to be signed prior to deployment to Nexus + where will be held in the staging repository until they are promoted or deleted. + + The command assumes presence of a functional gpg setup on the local system. + + All official ASF release artifacts MUST be signed. + + * Login to Nexus (same login/password as for SVN and people), and navigate to the staging repository + * Check that the correct files are present (e.g. binary, source, Javadoc), and "Close" the upload directory. + * This will allow the files to be seen publicly, but the files won't be added to the Central Maven repo yet. + * You can then delete any unwanted files (such as .asc.md5 and .asc.sha1) (N.B. You cannot delete files until the upload is closed). + * Check that the files at the public URL look OK. + * If not, you can delete them all and try again. + + * The public URL, which will look something like https://repository.apache.org/content/repositories/orgapachehttpcomponents-nnn/, + should be copied into the Release Vote e-mail (see below). + + == Release vote == + + * Upload RELEASE_NOTES.txt, release packages and corresponding MD5 and signature files to a publicly accessible web space such as people.apache.org + + * Call release vote on the [email protected] list + + {{{ + [VOTE] HttpComponents Core ${VERSION} release + + Please vote on releasing these packages as HttpComponents Core ${VERSION}. The vote is open for the + at least 72 hours, and only votes from HttpComponents PMC members are binding. The vote passes if at least + three binding +1 votes are cast and there are more +1 than -1 votes. + + Packages: + [link] + + Release notes: + [link] + + Maven artefacts: + [link] + + SVN tag: + [link] + -------------------------------------------------------------------------- + Vote: HttpComponents Core ${VERSION} release + [ ] +1 Release the packages as HttpComponents Core ${VERSION}. + [ ] -1 I am against releasing the packages (must include a reason). + + }}} + + == Release vote result == + + * Tally votes after the voting deadline elapsed (usually 72 hours, but may be extended if not enough votes have been cast) + + * If the vote fails, address concerns / problems stated as reasons for negative votes and re-vote + * Login to Nexus and "Delete" the staged uploads + * Delete the local workspace containing the updated poms + * (Optionally) delete the SVN RC tag (it may be useful to keep this until a bit later) + + * If the vote succeeds, send results to [email protected] and [email protected] + + {{{ + [VOTE][RESULT] HttpComponents Core ${VERSION} release + + The vote to release HttpComponents Core ${VERSION} has passed with the following results + + +1 (4 binding votes in total) + aaaa <aaaa -at- apache.org> * + bbbb <bbbb -at- apache.org> + cccc <cccc -at- apache.org> * + dddd <dddd -at- apache.org> * + eeee <eeee -at- apache.org> * + + -1 (1 binding vote in total) + + ffff <ffff -at- apache.org> * + + * binding votes + + Original voting thread: + [link] + }}} + + == Release deployment == + + * Rename the SVN tag to remove the RCn suffix:{{{ + svn ren https://svn.apache.org/repos/asf/httpcomponents/httpcore/tags/4.2-beta3-RC1 https://svn.apache.org/repos/asf/httpcomponents/httpcore/tags/4.2-beta3 }}} * Deploy release artifacts to the Maven2 repository --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
