Seems like we are missing the signature .asc files and Nexus has failed to push the artifacts to staging.
We need to rollback the release from staging. Its easier if we got onto the Slack channel to resolve this quicker. We can later post the summary to the mailing lists. On Sat, Aug 13, 2016 at 8:22 PM, Suneel Marthi <[email protected]> wrote: > In Nexus, > > 1. Select 'orgapachepirk-1000' in staging repositories. > 2. Click on 'Close' button on top -> will prompt u for a message -> fill > in 'Blah blah' > 3. Nexus then puts the artifacts to a staging area with a URL that can be > accessed from browser (no need of logging into Nexus then). > 4. Include the URL in the call for Vote for testing and verifying the > artifacts. > > > On Sat, Aug 13, 2016 at 8:20 PM, Ellison Anne Williams < > [email protected]> wrote: > >> I'm confused... >> >> The artifacts are in the staging area of Nexus at >> https://repository.apache.org/#stagingRepositories under >> orgapachepirk-1000. What does it mean to 'close' the artifacts in Nexus? >> Where should I push them and how? >> >> On Sat, Aug 13, 2016 at 8:13 PM, Suneel Marthi <[email protected]> >> wrote: >> >> > Before u call for the Vote, here's what needs to be done. >> > >> > I see the staged artifacts in Nexus. >> > >> > 1. 'Close' the artifacts in Nexus ----> this pushes them to a staging >> area >> > 2. Send the URL of the staged artifacts in the call for vote. >> > >> > >> > >> > >> > On Sat, Aug 13, 2016 at 8:10 PM, Ellison Anne Williams < >> > [email protected]> wrote: >> > >> > > Ok - thanks to lots of mentor help (shout out to Suneel!), we now have >> > > staged artifacts - w00t! >> > > >> > > The staged artifacts can be found here -- >> > > https://repository.apache.org/#stagingRepositories -- log in with >> your >> > > Apache creds to view/download. >> > > >> > > Please take a look at the staged artifacts and vote to accept/reject. >> > > >> > > (FYI - I successfully ran the executable jar through the distributed >> > tests) >> > > >> > > Mentors - I'm fine with a single vote process as it seems to be the >> > > recommendation. Should I send out a new vote email thread and declare >> > this >> > > one null or keep this one going? >> > > >> > > On Sat, Aug 13, 2016 at 4:33 PM, Suneel Marthi <[email protected]> >> > wrote: >> > > >> > > > ... and in https://dist.apache.org/repos/dist/dev/incubator/pirk/ >> > > > >> > > > On Sat, Aug 13, 2016 at 4:23 PM, Suneel Marthi < >> > [email protected]> >> > > > wrote: >> > > > >> > > > > The KEYS file has been pushed to https://dist.apache.org/repos/ >> > > > > dist/release/incubator/pirk/ >> > > > > >> > > > > On Sat, Aug 13, 2016 at 4:08 PM, Josh Elser <[email protected]> >> > wrote: >> > > > > >> > > > >> I'm realizing that I'm a bone-head and you didn't actually stage >> > > > anything >> > > > >> yet :) Too much coffee and not enough close-reading. Sorry for >> the >> > > spam. >> > > > >> Hopefully some of it was helpful too. >> > > > >> >> > > > >> One more thing just to make sure, you should use >> > > > >> https://dist.apache.org/repos/dist/dev/incubator/pirk/ for your >> #2 >> > > > point >> > > > >> until the vote passes (referencing files directly from nexus is >> OK >> > > > too). A >> > > > >> simple `svn mv` can be done over to dist/release after that to >> > > "promote" >> > > > >> the artifacts to the ASF mirrors. >> > > > >> >> > > > >> >> > > > >> Josh Elser wrote: >> > > > >> >> > > > >>> Hi Ellison Anne, >> > > > >>> >> > > > >>> A couple of issues before getting to verifying the artfiacts: >> > > > >>> >> > > > >>> * Can you please add the SHA1 for the git hash that the >> > > source-release >> > > > >>> was built from? This is an important verification (I can see the >> > > point >> > > > >>> in the repository which this code was built from). >> > > > >>> >> > > > >>> * The KEYS file for Pirk is missing: >> > > > >>> https://dist.apache.org/repos/dist/release/incubator/pirk/KEYS >> > (feel >> > > > >>> free to copy a template from another project in dist.a.o). You >> > should >> > > > >>> have your key in there so we know what you used to sign the >> > release. >> > > > >>> It's also convenient to include the fingerprint of your key in >> the >> > > VOTE >> > > > >>> (although I don't think that's a requirement). >> > > > >>> >> > > > >>> I think that's all for now :). IMO, you can add a KEYS file and >> > just >> > > > >>> sent the SHA1 for the commit without having to cancel+re-VOTE. >> > > > >>> >> > > > >>> Ellison Anne Williams wrote: >> > > > >>> >> > > > >>>> Hi All, >> > > > >>>> >> > > > >>>> After some hiccups last night getting the pom ready for release >> > > > >>>> (thanks for >> > > > >>>> fixing it Suneel!), we can now proceed with release voting. >> After >> > we >> > > > get >> > > > >>>> through our first release, our initial process will be >> documented >> > on >> > > > the >> > > > >>>> website for ease of access. In the future, we will send 'true' >> > VOTE >> > > > >>>> emails >> > > > >>>> without all of the extra commentary. >> > > > >>>> >> > > > >>>> [Mentors: Please correct any info/process that I have gotten >> wrong >> > > > >>>> below - >> > > > >>>> thanks!] >> > > > >>>> >> > > > >>>> Following some of the best practice guidelines, let's hold our >> > > > internal >> > > > >>>> release Pirk vote in two stages: >> > > > >>>> >> > > > >>>> 1) Vote-1 to approve the 0.1.0 candidate release branch >> > > > >>>> >> > > > >>>> If that passes, then... >> > > > >>>> >> > > > >>>> 2) Vote-2 to approve the resulting files listed below, which >> will >> > be >> > > > >>>> posted >> > > > >>>> at ' >> > > > >>>> https://dist.apache.org/repos/dist/release/incubator/pirk/pi >> > > > >>>> rk-0.1.0-incubating' >> > > > >>>> >> > > > >>>> for the release: >> > > > >>>> >> > > > >>>> - apache-pirk-0.1.0-incubating-source-release.tar.gz >> > > > >>>> - apache-pirk-0.1.0-incubating-source-release.tar.gz.asc >> > > > >>>> - apache-pirk-0.1.0-incubating-source-release.tar.gz.md5 >> > > > >>>> - apache-pirk-0.1.0-incubating-source-release.tar.gz.sha1 >> > > > >>>> >> > > > >>>> Once Vote-1 closes with +1 from at least 3 Pirk PPMC members, >> we >> > > will >> > > > >>>> move >> > > > >>>> on to Vote-2. After Vote-2 passes, we can move to call a Pirk >> > > release >> > > > >>>> vote >> > > > >>>> with the IPMC. Once the IPMC vote passes, we can push the first >> > Pirk >> > > > >>>> maven >> > > > >>>> artifact. >> > > > >>>> >> > > > >>>> I have tagged all JIRAs completed for this release with >> > 'FixVersion >> > > = >> > > > >>>> 0.1.0'. You can view them here: >> > > > >>>> https://issues.apache.org/jira/browse/PIRK-47?jql=project%20 >> > > > >>>> %3D%20PIRK%20AND%20fixVersion%20%3D0.1.0 >> > > > >>>> >> > > > >>>> >> > > > >>>> The following steps were used to prepare the branch (some >> Apache >> > > > >>>> projects >> > > > >>>> have nice scripts to automate some of these checks -- we should >> > > > consider >> > > > >>>> using one too): >> > > > >>>> >> > > > >>>> - Verified the items Release Checklist (below, except for the >> > > > checksums >> > > > >>>> and signatures for the branch cut) >> > > > >>>> - mvn clean release:clean >> > > > >>>> - mvn release:prepare -Darguments="-DskipTests" (new version: >> > > > >>>> 0.1.0-incubating; SCM: apache-pirk-0.1.0-incubating; new dev >> > > version: >> > > > >>>> 0.1.1-SNAPSHOT) >> > > > >>>> - mvn -Psigned_release release:perform -DdryRun=true >> > > > >>>> -Darguments="-DskipTests" >> > > > >>>> >> > > > >>>> where 'signed_release' is defined in the maven settings.xml >> file >> > as >> > > in >> > > > >>>> Suneel's example here: >> > > > >>>> https://gist.github.com/smarthi/ac1b5058f05ab17d2f84862940ec >> 4eba >> > > > >>>> >> > > > >>>> Please vote as follows: >> > > > >>>> >> > > > >>>> +1 -- Accept this candidate release branch >> > > > >>>> -1 -- Don't accept this candidate release branch because.... >> > > > >>>> >> > > > >>>> This vote will run for 72 hours. >> > > > >>>> >> > > > >>>> Thanks! >> > > > >>>> >> > > > >>>> Ellison Anne >> > > > >>>> >> > > > >>>> _____ >> > > > >>>> >> > > > >>>> Release Checklist: >> > > > >>>> >> > > > >>>> - Checksums and PGP signatures are valid. >> > > > >>>> - Build is successful including automated tests. >> > > > >>>> - DISCLAIMER is correct, filenames include "incubating". >> > > > >>>> - Top-level LICENSE and NOTICE are correct >> > > > >>>> - All source files have license headers where appropriate, RAT >> > > checks >> > > > >>>> pass >> > > > >>>> - The provenance of all source files is clear (ASF or software >> > > grants) >> > > > >>>> - Dependencies licenses are ok as per http://apache.org/legal/ >> > > > >>>> - Release consists of source code only, no binaries. >> > > > >>>> >> > > > >>>> Apache Release Documentation: >> > > > >>>> >> > > > >>>> - Apache Release Guide: http://www.apache.org/dev/ >> > > release-publishing >> > > > >>>> - Apache Release Policy: http://www.apache.org/dev/rele >> ase.html >> > > > >>>> - Apache Incubator Release Guidelines: http://incubator. >> > > > >>>> apache.org/guides/releasemanagement.html >> > > > >>>> <http://incubator.apache.org/guides/releasemanagement.html> >> > > > >>>> - Apache Incubator Release Policy: http://incubator. >> > > > >>>> apache.org/incubation/Incubation_Policy.html#Releases >> > > > >>>> <http://incubator.apache.org/incubation/Incubation_Policy. >> > > > html#Releases >> > > > >>>> > >> > > > >>>> - For Maven Release: http://www.apache.org/dev/publ >> ishing-maven- >> > > > >>>> artifacts.html >> > > > >>>> >> > > > >>>> >> > > > > >> > > > >> > > >> > >> > >
