All, Mark just put out the release vote for nifi 0.1.0 release which is a really exciting release as it contains a lot of bug fixes, new features, and includes code contributions from more than a dozen people. Very cool.
I wanted to put this guidance out there to help people who may be interested in learning the process of reviewing a release. If you're interested in parts of it, think it needs to be done differently, or have questions please fire away. *** 0) Import latest KEYS file so i get all the public keys. 0a) Pull KEYs file: https://dist.apache.org/repos/dist/release/incubator/nifi/KEYS 0b) Import keys file: gpg --import KEYS 1) Clear out my local maven artifact repository to get rid of everything under org/apache/nifi 2) Pull down nifi-parent items for review: https://repository.apache.org/content/repositories/orgapachenifi-1046/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip https://repository.apache.org/content/repositories/orgapachenifi-1046/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.asc https://repository.apache.org/content/repositories/orgapachenifi-1046/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.md5 https://repository.apache.org/content/repositories/orgapachenifi-1046/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.sha1 2a) Verify the signature gpg --verify nifi-parent-1.0.0-incubating-source-release.zip.asc nifi-parent-1.0.0-incubating-source-release.zip Note: While the key reports as good I see a warning about it not being a trusted signature. That is because Mark isn't in my ring of trust. Noted. Can keep going forward. 3) Verify the hashes (md5 and sha1) match the source artifact and email sha1sum nifi-parent-1.0.0-incubating-source-release.zip md5sum nifi-parent-1.0.0-incubating-source-release.zip Note: The results I get match the downloaded file content and Mark's email. 4) Unzip the nifi-parent-1.0.0-incubating-source-release.zip 5) Verify the contents include a good readme, LICENSE, NOTICE, and DISCLAIMER 6) Verify that the build works. Did this by running mvn clean install -Pcontrib-check 7) Verify the git commit ID is correct and points to the same source we're looking at for nifi-parent 8) Pull down nifi-nar-maven-plugin items for review: https://repository.apache.org/content/repositories/orgapachenifi-1047/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip https://repository.apache.org/content/repositories/orgapachenifi-1047/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.asc https://repository.apache.org/content/repositories/orgapachenifi-1047/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.md5 https://repository.apache.org/content/repositories/orgapachenifi-1047/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.sha1 9) Verify the signature gpg --verify nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.asc nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip 10) Verify the hashes (md5 and sha1) match the source artifact and mark's email 11) Unzip the nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip 12) Verify the build works. Did this by running mvn clean install -Pcontrib-check 13) Verify the contents contain a good readme, LICENSE, NOTICE, DISCLAIMER 14) Verify the git commid id is correct 15) Pull down nifi-0.1.0 items for review: https://repository.apache.org/content/repositories/orgapachenifi-1048/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip https://repository.apache.org/content/repositories/orgapachenifi-1048/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.asc https://repository.apache.org/content/repositories/orgapachenifi-1048/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.md5 https://repository.apache.org/content/repositories/orgapachenifi-1048/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.sha1 16) Verify the signature gpg --verify nifi-0.1.0-incubating-source-release.zip.asc nifi-0.1.0-incubating-source-release.zip 17) Verify the hashes (md5 and sha1) match the source and mark's email 18) Unzip nifi-0.1.0-incubating-source-release.zip 19) Verify the build works. Did this by running the following which includes the RAT/license/header checks and checkstyle consistency checks mvn clean install -Pcontrib-check 19) Verify the contents contain a good readme LICENSE, NOTICE, DISCLAIMER 20) Verify the git commit ID is correct 21) Look at the resulting convenience binary as found in nifi-assembly/target/nifi-0.1.0-incubating-bin/nifi-0.1.0-incubating/ Make sure the README, LICENSE, NOTICE, DISCLAIMER are present and correct 22) Run the resulting convenience binary. Make sure it works as expected. Dataflows can be setup, etc.. 23) Send a response to the vote indicating a +1. Also indicate whether the vote is binding or not. Basically if you're an IPMC member it is binding. If you are simply PPMC or a contributor it is non-binding. However, whether it is binding or not the vote is appreciated as all of it helps ensure quality of the release and engages the community. 24) Dance in streets or high-five the person closest to you. *** Thanks Joe
