Fork me on GitHub

Introduction

The Syncope team uses the Apache Nexus repository for releasing SNAPSHOT and release artifacts. More details on releasing artifacts and using Nexus can be found on the Maven website at http://maven.apache.org/developers/release/apache-release.html.

Prerequisites

Apache Subversion

Install Apache Subversion 1.7.0 or higher; binary packages for various platforms are available.

GPG

Install/Configure GPG - The artifacts that are deployed to the ASF central repository need to be signed. To do this you will need to have a public and private keypair. There is a very good guide that will walk you though this.

Apache Maven

Install Apache Maven 3.0.3 or higher; we strongly encourage our committers to install Apache Maven 3.1.1.

Maven allows you to encrypt your servers' passwords. We highly recommend that you follow this guide to set your master password and use it to encrypt your ASF password in the next section.

ASF settings

Using the instructions from the previous step encrypt your Sonatype password and add the following servers to your ~/.m2/settings.xml file. You may already have other servers in this file. If not just create the file.

<?xml version="1.0" encoding="UTF-8"?>
<settings>
  ...
  <servers>
    <server>
      <id>apache.snapshots.https</id>
      <username>{put your ASF username here}</username>
      <password>{put your encrypted password here}</password>
    </server>
    <server>
      <id>apache.releases.https</id>
      <username>{put your ASF username here}</username>
      <password>{put your encrypted password here}</password>
    </server>
  </servers>
  ...
  <profiles>
    <profile>
      <id>apache</id>
      <activation>
        <activeByDefault>false</activeByDefault>
      </activation>
      <properties>
        <mavenExecutorId>forked-path</mavenExecutorId>
        <gpg.keyname>your-gpg-keyname</gpg.keyname>
        <!-- optional -->
        <gpg.passphrase>your-gpg-passphrase</gpg.passphrase>
      </properties>
    </profile>
  </profiles>
  ...
</settings>

Release steps

Verify DBMSes and JEE containers

This is an optional step.
These verifications take some time and have quite strong environment requirements. However, it is of fundamental importance to go through these at least once for every major release.

For more information please take a look at build instructions.

Prepare the source for release

  1. Clean up JIRA so the Fix Version in issues resolved since the last release includes this release version correctly. Also, transition any Resolved issues to the Closed state.
  2. Update the CHANGES file, in a SVN working copy of the branch under release (currently 1_0_X or 1_1_X), based on the text release reports from JIRA.
  3. Commit any changes back to SVN:
    svn commit -m "Updating CHANGES for release"
  4. Update the downloads site page from a SVN working copy of the branch used for managing the web site (currenly 1_1_X):
    • add new release artifacts with base URL
      http://www.apache.org/dyn/closer.cgi/syncope/<version>/
    • move current release artifacts to 'Older Releases' section and change base URL to
      http://archive.apache.org/dist/syncope/
  5. Commit any changes back to SVN:
    svn commit -m "Updating downloads site page for release"

Prepare the release

  1. Do a dry run of the release:prepare step.
    mvn -P apache-release release:prepare -DdryRun=true
    The dry run will not commit any changes back to SVN and gives you the opportunity to verify that the release process will complete as expected.

    If you cancel a release:prepare before it updates the pom.xml versions, then use the release:clean goal to just remove the extra files that were created.

  2. Verify that the release process completed as expected:
    1. The release plugin will create pom.xml.tag files which contain the changes that would have been committed to SVN. The only differences between pom.xml.tag and its corresponding pom.xml file should be the version number.
    2. If other formatting changes have been made you should review the changes and then commit them:
      svn commit -m "Fixing formatting for release"
    3. Assuming the .tag files look OK you may proceed and do any other validation you feel necessary. The following list may be helpful:
      1. Check release.properties and make sure that the scm properties have the right version. Sometimes the scm location can be the previous version not the next version.
      2. Verify signatures: On Un*x platforms the following command can be executed:
        for file in `find . -type f -iname '*.asc'`
        do
          gpg --verify ${file} 
        done
        You'll need to look at the output to ensure it contains only good signatures:
        gpg: Good signature from ...
        gpg: Signature made ...
    4. Once any failures or required updates have been committed to svn, rollback the release prepare files:
      mvn -P apache-release release:rollback
  3. Run the release:prepare step for real this time. You'll be prompted for the same version information and optionally your GPG passphrase again.
    mvn -P apache-release release:prepare
  4. Backup (zip or tar) your local release candidate directory in case you need to rollback the release after the next step is performed.
    cd ..
    tar -czf <version>.tar.gz <version>/
    cd <version>

Perform the release

  1. Staging site
    • 1_1_X
      svn checkout https://svn.apache.org/repos/asf/syncope/site/ site
      svn checkout https://svn.apache.org/repos/asf/syncope/tags/syncope-<version> syncope-<version>
      
      cd syncope-<version>
      mvn clean install
      mvn -P site -Dsite.deploymentBaseUrl=file:///<absolute path to ../site/<version>
      
      cd ../site/<version>
      rm -rf syncope-console syncope-client syncope-archetype syncope-core syncope-build-tools syncope-common syncope-standalone project-reports.html apidocs/1.html
      
      cd ..
      svn add <version>
      svn copy apidocs/1.0 <version>/apidocs/
      svn commit -m "Staging site for release"
    • 1_0_X
      svn checkout https://svn.apache.org/repos/asf/syncope/site/ site
      svn checkout https://svn.apache.org/repos/asf/syncope/tags/syncope-<version> syncope-<version>
                        
      cd syncope-<version>
      mvn clean install
      mvn -f parent/pom.xml -P site -Dsite.deploymentBaseUrl=file:///<absolute path to ../site/<version>
                        
      cd ../site/<version>
      rm -rf images css syncope-console syncope-client syncope-archetype syncope-core syncope-build-tools syncope-hibernate-enhancer syncope-quality project-reports.html apidocs/1.html
      
      cd ../..
      svn checkout https://svn.apache.org/repos/asf/syncope/branches/1_1_X syncope-1_1_X
      
      cd syncope-1_1_X
      mvn -P site -Dsite.deploymentBaseUrl=file:///<absolute path to ../site/<version>
      
      cd ../site/<version>
      rm -rf syncope-console syncope-client syncope-archetype syncope-core syncope-build-tools syncope-common syncope-standalone project-reports.html apidocs/1.html apidocs/1.1
      
      cd ..
      svn add <version>
      svn copy apidocs/1.1 <version>/apidocs/
      svn commit -m "Staging site for release"
  2. From the directory where you have launched release:prepare execute (this step will create a maven staging repository):
    mvn -P apache-release release:perform [-Duser.name=<your_apache_uid>]

    If your local OS userid doesn't match your Apache userid, then you'll have to also override the value provided by the OS to Maven for the site-deploy step to work. This is known to work for Linux, but not for Mac and unknown for Windows.

    1. Verify the staged artifacts in the Nexus repository:
      1. https://repository.apache.org/index.html
      2. Enterprise --> Staging
      3. Staging tab --> Name column --> org.apache.syncope
      4. Navigate through the artifact tree and make sure that all binary, javadoc, sources, and tests jars, as well as poms, ... have .asc (GPG signature) and .md5 files (see Repository FAQ and Detached Signatures).
        The syncope-<version>-source-release.zip (for 1_1_X) or syncope-root-<version>-source-release.zip (for 1_0_X) should likewise have signature and checksum files.
    2. Close the nexus staging repo:
      1. https://repository.apache.org/index.html
      2. Enterprise --> Staging
      3. Staging tab --> Name column --> org.apache.syncope
      4. Right click on the open org.apache.syncope-XXX staging repo and select Close.

Vote the release

  1. Create a VOTE email thread on syncope-dev to record votes as replies, e.g.:
    To: dev@syncope.apache.org
    Subject: [VOTE] Apache Syncope <version>
    
    I've created a <version> release, with the following artifacts up for a vote:
    
    SVN source tag (r9999999):
    https://svn.apache.org/repos/asf/syncope/tags/<version>/
    
    List of changes:
    https://svn.apache.org/repos/asf/syncope/tags/<version>/CHANGES
    
    Maven staging repo:
    https://repository.apache.org/content/repositories/orgapachesyncope-YYY/
    
    Source release (checksums and signatures are available at the same location):
    https://repository.apache.org/content/repositories/orgapachesyncope-YYY/org/apache/syncope/syncope/<version>/syncope-<version>-source-release.zip
    
    Staging site:
    http://syncope.apache.org/<version>/
    
    PGP release keys (signed using ABCDEFG):
    http://www.apache.org/dist/syncope/KEYS
    
    Vote will be open for 72 hours.
    
    [ ] +1  approve
    [ ] +0  no opinion
    [ ] -1  disapprove (and reason why)
  2. Create a DISCUSS email thread on syncope-dev for any vote questions, e.g.:
    To: dev@syncope.apache.org
    Subject: [DISCUSS] Apache Syncope <version>
    
    Discussion thread for vote on <version> release, with SVN source tag (r9999999).
    
    For more information on the release process, check out http://www.apache.org/dev/release.html
    
    Some of the things to check before voting are:
    - does "mvn apache-rat:check" pass on the source
    - can you build the contents of source release zip and SVN tag
    - do all of the staged jars/wars/zips contain the required LICENSE and NOTICE files
    - are all of the staged jars/wars/zips signed and the signature verifiable
    - is the signing key in the project's KEYS file and on a public server (i.e. http://www.apache.org/dist/syncope/)
                
  3. Perform a review of the release and cast your vote. For more details on Apache releases see http://www.apache.org/dev/release.html.
  4. A -1 vote does not necessarily mean that the vote must be redone, however it is usually a good idea to rollback the release if a -1 vote is received (see "Recovering from a vetoed release").
  5. After the vote has been open for at least 72 hours, has at least three +1 PMC votes and no -1 votes, then post the results to the vote thread:
    To: dev@syncope.apache.org
    Subject: [RESULT] [VOTE] Apache Syncope <version>
    
    Hi all,
    after 72 hours, the vote for Syncope <version> [1] *passes*
    with ... PMC + ... non-PMC votes.
    
    +1 (PMC / binding)
    * ...
    
    +1 (non binding)
    * ... (or <none>)
    
    0
    * ... (or <none>)
    
    -1
    * ... (or <none>)
    
    Thanks to everyone participating.
    
    I will now copy this release to Syncope' dist directory and promote the artifacts to the central Maven repository.
    
    Best regards.
    
    [1] <link to syncope-dev ML archives for the related [VOTE] thread>

Finalize the release

  1. Promote the staged nexus artifacts:
    1. https://repository.apache.org/index.html
    2. Enterprise --> Staging
    3. Staging tab --> Name column --> org.apache.syncope
    4. Right click on the closed org.apache.syncope-XXX staging repo and select Release.
  2. Add the distribution artifacts to the distribution area (execute the commands below preferably on people.apache.org)
    • 1_1_X
      svn co https://dist.apache.org/repos/dist/dev/syncope syncope-dist-dev
      cd syncope-dist-dev
      
      wget -e robots=off -nH --cut-dirs=7 -np --no-check-certificate -m -A *.zip*  -R .asc.sha1,.asc.md5 \
      https://repository.apache.org/content/repositories/releases/org/apache/syncope/syncope/<version>/
      wget -e robots=off -nH --cut-dirs=7 -np --no-check-certificate -m -A *.zip*  -R .asc.sha1,.asc.md5 \
      https://repository.apache.org/content/repositories/releases/org/apache/syncope/syncope-standalone/<version>/
      
      rm <version>/syncope-*asc.asc
      
      svn add <version>
      svn commit -m "Promoting the voted release artifacts to dist-dev area"
      
      svn mkdir -m "Creating root dir for new release" https://dist.apache.org/repos/dist/release/syncope/<version>
      
      svn mv -m "Moving the voted release artifacts to dist/release (source)" \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-<version>-source-release.zip \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-<version>-source-release.zip.asc \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-<version>-source-release.zip.md5 \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-<version>-source-release.zip.sha1 \
      https://dist.apache.org/repos/dist/release/syncope/<version>
        
      svn mv -m "Moving the voted release artifacts to dist/release (standalone)" \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-standalone-<version>-distribution.zip \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-standalone-<version>-distribution.zip.asc \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-standalone-<version>-distribution.zip.md5 \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-standalone-<version>-distribution.zip.sha1 \
      https://dist.apache.org/repos/dist/release/syncope/<version>
      
      svn rm -m "Cleaning up older releases" https://dist.apache.org/repos/dist/dev/syncope/<version>
      
      svn co https://dist.apache.org/repos/dist/release/syncope syncope-dist-release
      cd syncope-dist-release
      svn rm <any older release artifact (if present)>
      svn commit -m "Cleaning up older releases"
    • 1_0_X
      svn co https://dist.apache.org/repos/dist/dev/syncope syncope-dist-dev
      cd syncope-dist-dev
      
      wget -e robots=off -nH --cut-dirs=7 -np --no-check-certificate -m -A *.zip*  -R .asc.sha1,.asc.md5 \
      https://repository.apache.org/content/repositories/releases/org/apache/syncope/syncope-root/<version>/
      
      rm <version>/syncope-*asc.asc
      
      svn add <version>
      svn commit -m "Promoting the voted release artifacts to dist-dev area"
      
      svn mv -m "Moving the voted release artifacts to dist/release" \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-<version>-source-release.zip \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-<version>-source-release.zip.asc \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-<version>-source-release.zip.md5 \
      https://dist.apache.org/repos/dist/dev/syncope/<version>/syncope-<version>-source-release.zip.sha1 \
      https://dist.apache.org/repos/dist/release/syncope/<version>
      
      svn co https://dist.apache.org/repos/dist/release/syncope syncope-dist-release
      cd syncope-dist-release
      svn rm <any older release artifact (if present)>;
      svn commit -m "Cleaning up older releases"
  3. Add appropriate release notes to Releases wiki page based on the HTML release reports from JIRA
  4. Update the Create new project wiki page to point to the new release artifacts
  5. Update the JIRA versions page to mark the version as Released, and set the date to the date that the release was approved. You may also need to make a new release entry for the next release.
  6. Promote the staging site
    svn co https://svn.apache.org/repos/asf/syncope/site/
    cd site
    svn rm *.html apidocs css images img js
    svn mv <version>/* .
    svn rm <version>
    svn commit -m "Promoting the staging site"

Announce the release

After the mirrors have had time to update (24 hours to be on the safe side), make an announcement about the release on the user, dev, and announce@apache.org lists as per the Apache Announcement Mailing Lists page

Recovering from a vetoed release

  1. Reply to the initial vote email prepending [CANCELED] to the original subject.

  2. Rollback the version upgrades in trunk by either:

    1. restore the <version>.tar.gz and run
      mvn -P apache-release release:rollback
    2. or manually revert the versions in the branch under release to the prior version and commit
  3. Delete the svn tag created by the release:perform step:

    svn remove https://svn.apache.org/repos/asf/syncope/tags/<version> -m "Deleting tag from rolled back release"
  4. Delete the staging site:

    svn remove https://svn.apache.org/repos/asf/syncope/site/<version> -m "Deleting staging site from rolled back release"
  5. Drop the nexus staging repo:

    1. https://repository.apache.org/index.html
    2. Enterprise --> Staging
    3. Staging tab --> Name column --> org.apache.syncope
    4. Right click on the closed org.apache.syncope-XXX staging repo and select Drop.
  6. Make the required updates that caused the vote to be canceled.
  7. Spin another release attempt!