sis-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1497178 - in /sis/site/trunk/content: release-announce.txt release-discuss.txt release-management.mdtext release-vote.txt
Date Thu, 27 Jun 2013 01:34:08 GMT
Author: smarru
Date: Thu Jun 27 01:34:08 2013
New Revision: 1497178

adding release management template based on airavata, still need to be fine tuned to SIS


Added: sis/site/trunk/content/release-announce.txt
--- sis/site/trunk/content/release-announce.txt (added)
+++ sis/site/trunk/content/release-announce.txt Thu Jun 27 01:34:08 2013
@@ -0,0 +1,12 @@
+Subject:  [ANNOUNCE] Apache SIS $VERSION Release
+The Apache SIS PMC is pleased to announce the immediate availability of the SIS $VERSION
+The release can be obtained from the Apache SIS download page -
+Release notes are available at -$VERSION/RELEASE_NOTES
+Apache SIS is a software framework providing API’s, sophisticated  server-side tools,
and graphical user interfaces to construct, execute, control and manage long running applications
and workflows on distributed computing resources. Apache SIS builds on general concepts of
service oriented computing, distributed messaging, and workflow composition and orchestration.
+For general information on Apache SIS, please visit the project website:

Added: sis/site/trunk/content/release-discuss.txt
--- sis/site/trunk/content/release-discuss.txt (added)
+++ sis/site/trunk/content/release-discuss.txt Thu Jun 27 01:34:08 2013
@@ -0,0 +1,20 @@
+Subject: [DISCUSS] Apache SIS ${version} RC{number}
+Discussion thread for vote on Apache SIS ${version} release candidate.
+If you have any questions or feedback or to post results of validating the release, please
reply to this thread. Once you verify the release, please post your vote to the VOTE thread.
+For reference, the Apache release guide  -
+Some tips to validate the release before you vote:
+* Download the binary version and run the 5 minute or 10 minute tutorial as described in
README and website.
+* Download the source files from compressed files and release tag and build (which includes
+* Verify the distribution for the required LICENSE and NOTICE files
+* Verify if all the staged files are signed and the signature is verifiable. 
+* Verify if the signing key in the project's KEYS file is hosted on a public server
+Thanks for your time in validating the release and voting,
+{Release Manger}
+(On Behalf of SIS PMC)

Added: sis/site/trunk/content/release-management.mdtext
--- sis/site/trunk/content/release-management.mdtext (added)
+++ sis/site/trunk/content/release-management.mdtext Thu Jun 27 01:34:08 2013
@@ -0,0 +1,256 @@
+Title: Release Process
+Notice:    Licensed to the Apache Software Foundation (ASF) under one
+           or more contributor license agreements.  See the NOTICE file
+           distributed with this work for additional information
+           regarding copyright ownership.  The ASF licenses this file
+           to you under the Apache License, Version 2.0 (the
+           "License"); you may not use this file except in compliance
+           with the License.  You may obtain a copy of the License at
+           .
+           .
+           Unless required by applicable law or agreed to in writing,
+           software distributed under the License is distributed on an
+           KIND, either express or implied.  See the License for the
+           specific language governing permissions and limitations
+           under the License.
+Releases are crucial aspects for an apache project and following the guidelines is very important.
The [Release FAQ][release-faq] describes the foundation wide policies. The following instructions
walkthrough SIS specific release steps. 
+<a name="release-setup"></a>
+###One time release management setup 
+This section describes release management configuration steps, if you have previously configured
these steps, jump directly to [Release Process](#release-process).
+Performing a release will require:
+* Generate, sign and upload gpg key, you can follow these [gpg instructions](#gpg-key).
+* Configure Maven and get access to Nexus Repo, more [maven & nexus instructions](#maven-nexus-setup).
+<a name="gpg-key"></a>
+#### Generate GPG key
+The releases have to be signed by public key cryptography signatures. Detailed instructions
on why releases have to be signed are provided on [Release Signing][release-signing] page.
+The popular software used Open Pretty Good Privacy (OpenPGP) is the GPG. The [GPG instructions][gpg-keys]
list out detailed steps on managing your keps.
+The steps can be summerized as: 
+* Generate 4096 bits RSA key pair using gpg: `gpg --gen-key`.
+* Export the public key: `gpg --list-sigs <Real Name> && gpg --armor -- export
<Real Name>`
+* Upload the public key to [SURFNET PGP][surfnet-pgp] or [MIT PGP][mit-pgp] servers.
+* Have your key signed by atleast three apache commiters, [key signing][key-sign] and [Henk
Penning][henk-trust] websites provide instructions.
+* Add the signed public key to the KEYS file on [SIS Dist SVN][sis-dist-svn].
+For reference, the steps to sign a key:
+* The person whom you know in person provides you his key, usually this happens at key signing
party where you can verify each others ID's. 
+* Fetch the key `gpg --keyserver <keyserver> --recv-keys <Key_ID>` an example
key server is
+* Sign the key `gpg --sign-key <Key_ID>`
+* Upload the key back to the server `gpg --keyserver <keyserver> --send-key <Key_ID>`
+<a name="maven-nexus-setup"></a>
+#### Maven Configuration & Nexus Setup
+* SIS requires Maven 3 or later to build and release
+* It is encouraged to use maven's password encryption capabilities and set the gpg password
+~/.m2/settings.xml. Detailed instructions are at [Publishing Maven Artifacts][maven-artificats]
+	* Make sure both the apache.snapshots.https and apache.releases.https are configured coreectly.

+* Performing release will require maven to run series of commands, the heapsize has to be
increased to avoid out of memory exceptions.
+* 		Bash Shell: `export MAVEN_OPTS="-Xmx1024m -XX:MaxPermSize=256m"`. 
+* 		C Shell: `setenv MAVEN_OPTS "-Xmx1024m -XX:MaxPermSize=256m"`.
+<a name="release-process"></a>
+#### Release Process
+1. Before performing the following release steps, ensure the [Release Setup](#release-setup)
steps have been performed.
+2. Ensure the source is ready for release. Verify:   
+     * Cleanup JIRA so the Fix Version in issues resolved since the last release includes
this release version correctly.
+     * Ensure all open issues are resolved before proceeding further, close all resolved
+     * Test and make sure the release passes all regression tests.
+     * Update RELEASE_NOTES with all the features added.
+     	 * The release notes can be obtained from JIRA, by clicking the version, and then configuring
the release notes to display text format and copying it.
+     	 * A suggested approach would be to reorganize the release notes as New Features, then
Improvements then Tasks and Sub Tasks and finally Bug Fixes.
+     * Review and update README, INSTALL files.
+     * Commit any changes back to svn.
+     * Update website/wiki with Roadmap or Release landing pages.
+3. Checkout a clean copy of the trunk to release using command line svn.
+    *Do not use Eclipse to do the checkout. The extra dot (.) files created by Eclipse throws
off the rat:check processing.*
+    	`svn co sis-trunk`
+4. Verify the source has the required license headers before trying to release: 
+		`mvn -P pedantic verify -DskipTests=true`
+5. Do a dry run of the release:prepare step:
+		`mvn -P apache-release release:prepare -DautoVersionSubmodules=true -DdryRun=true`
+    The dry run will not commit any changes back to SVN and gives you the opportunity to
verify that the release process will complete as expected. You will be prompted for the following
information :
+      * Release version
+      * SCM release tag
+      * New development version
+      * GPG Passprhase - On a Mac if the passphrase is stored in keychain, the passphrase
is not prompted. 
+    *If you cancel a release:prepare before it updates the pom.xml versions, then use the
release:clean goal to just remove the extra files that were created.*
+    The Maven release plugin checks for SNAPSHOT dependencies in pom's. It will not complete
the prepare goal until all SNAPSHOT dependencies are resolved.
+6. Verify that the release process completed as expected
+    * The release plugin will create pom.xml.tag files which contain the changes that would
have been committed to SVN. The only differences between pom.xml.tag and it's corresponding
pom.xml file should be the version number.
+    * If other formatting changes have been made you should review the changes and then commit
them `svn commit -m "fixing formatting for release"`  
+    * Check and make sure that the scm properties have the right version.
Sometimes the scm location can be the previous version not the next version.
+    * Verify signatures ([Verifying release signatures](#verify_signatures))
+7. Once any failures or required updates have been committed to svn, rollback the release
prepare files:  
+		`mvn -P apache-release release:rollback`
+8. Prepare the release: Run the "release:prepare" step for real this time. You'll be prompted
for the same version information.
+ 		`mvn -P apache-release release:prepare -DautoVersionSubmodules=true`
+    Backup (zip or tar) your local release candidate directory in case you need to rollback
the release after the next step is performed.
+9. Perform the release
+     * This step will create a maven staging repository and site for use in testing and voting.

+     		`mvn release:perform -Papache-release`
+     * If your local OS userid doesn't match your Apache userid, then you'll have to also
override the value provided by the OS to Maven for the site-deploy step to work:[your_apache_uid]
--This is known to work for Linux, but not for Mac and unknown for Windows--.
+10. Verify the Nexus release artifacts
+    * Verify the HTML links in site are correct
+    * Verify the staged artifacts in the nexus repo     
+        *
+        * Staging repositories (under Build Promotion) --> Name column --> org.apache.sis
+        * Navigate through the artifact tree and make sure that all javadoc, sources, tests,
jars, ... have .asc (GPG signature) and .md5 files. See
+    * Close the nexus staging repo
+        *
+        * Staging repositories (under Build Promotion) --> Name column --> org.apache.sis
+        * Click checkbox for the open staging repo (org.apache.sis-XXX) and press Close in
the menu bar.
+11.  Sign the binary artifacts
+        * $ `cd modules/distribution/target`
+        * $ `gpg -ab apache-sis-*${project.version}*-bin.tar.gz`
+        * $ `gpg -ab apache-sis-*${project.version}*`
+        * $ `gpg --print-md SHA512 apache-sis-*${project.version}*-bin.tar.gz > apache-sis-*${project.version}*-bin.tar.gz.sha`
+        * $ `gpg --print-md SHA512 apache-sis-*${project.version}* > apache-sis-*${project.version}*`
+        * $ `gpg --print-md MD5 apache-sis-*${project.version}*-bin.tar.gz > apache-sis-*${project.version}*-bin.tar.gz.md5`
+        * $ `gpg --print-md MD5 apache-sis-*${project.version}* > apache-sis-*${project.version}*`
+12. Stage the source and binary artifacts to the dist development repository
+	* Checkout SIS development dist area:
+			`svn co sis-dev-dist`
+	* Create the directory for ${project.version} and RC{number} within it. The RC number corresponds
to the current release attempt. 
+	* Copy the source and binaries into dist area.
+		* Copy the source and binaries into the development dist RC area created above.
+		* Sources and signed artificats can be downloaded from staging repo${project.version}.
+		* Source artifacts should include sis-{project.version}, sis-{project.version},
sis-{project.version}, sis-{project.version}
+		* Binaries and gpg signed artificats from step 11.
+        * Verify they are downloadable from${project.version}/RC{number}.
+13. Put the release candidate up for a vote
+     1. Create a VOTE email thread on dev@ to record votes as replies, like [this](release-vote.txt)
+     2. Create a DISCUSS email thread on dev@ for any vote questions, [this](release-discuss.txt)
+     3. Perform a review of the release and cast your vote. For elaborate instructions, please
consult [Apache Release FAQ][release-faq].
+     4. A -1 vote does not necessarily mean that the vote must be redone, however it is usually
a good idea to rollback the release if a -1 vote is received. See - Recovering from a vetoed
+     5. After the vote has been open for at least 72 hours, has at least three +1 PMC votes
and no -1 votes, then post the results to the vote thread by -
+         * reply to the initial email and prepend to the original subject "[RESULT]"
+         * Include a list of everyone who voted +1, 0 or -1.
+14. Finalizing a release
+    1. The artificats in the repository are not yet mirrored and available for maven to download.
Promote the staged nexus artifacts, but releasing them.   
+        *
+        * Staging repositories (under Build Promotion) --> Name column --> org.apache.sis
+        * Click checkbox of the closed staging repo (org.apache.sis-XXX) and select Release.
+    2. Checkin the source and binary artifcats into distribution svn which will be pulled
by all mirrors within 24 hours. The dist/dev svn is not mirrored, but the dist/release is.
+        * `svn copy${project.version}/RC{number}${project.version}  -m "Committing SIS Source
and Binary Release for ${}-${project.version}`
+    3. Update the staged website
+        *  Update the downloads page to add new version using the mirrored URLs
+        *  Modify the URL for the prior release to the archived URL for the release
+    4.  Publish the website
+        *  WAIT 24hrs after committing releases for mirrors to replicate
+        *  Publish updates to the download page
+    5.  Delete the prior versions
+        *  Navigate to the release directories checked out in the prior steps
+        *  Delete the prior release artifacts using the svn delete command
+        *  Commit the deletion
+15. Update the JIRA versions page to close all issues, mark the version as "released", and
set the date to the date that the release was approved. You may also need to make a new release
entry for the next release.
+16. Announcing the release
+       * Make a news announcement on the SIS homepage.
+       * Make an announcement about the release on the,,
+       * Sample announce [email](release-announce.txt).
+####Recovering from a vetoed release
+1. Reply to the initial vote email and prepend to the original subject -
+     [CANCELED]
+3. Delete the svn tag created by the release:perform step -
+       $ svn del${project.version} -m "deleting
tag from rolled back release"
+4. Revert the svn to old version `mvn -P apache-release release:rollback`
+5.  Delete the build artifacts on people & www           
+     *  $ rm -rfv /www/${project.version}
+6. Drop the nexus staging repo
+    1.
+    2. Enterprise --> Staging
+    3. Staging tab --> Name column --> org.apache.sis
+    4. Right click on the closed staging repo (org.apache.sis-XXX) and select Drop.
+7. Remove the staged site
+8. Make the required updates that caused the vote to be canceled during the next release
+<a name="verify_signatures"></a>
+####Verifying release signatures
+On unix platforms and mac's download all source and binary artifacts into a new directory
and cd to the download directory.
+      for file in `find . -type f -iname '*.asc'`
+      do
+          gpg --verify ${file} 
+      done
+The output will indicate the You'll need to look at the output to ensure it contains only
good signatures -
+gpg: Good signature from ...
+gpg: Signature made ...

Added: sis/site/trunk/content/release-vote.txt
--- sis/site/trunk/content/release-vote.txt (added)
+++ sis/site/trunk/content/release-vote.txt Thu Jun 27 01:34:08 2013
@@ -0,0 +1,34 @@
+Subject: [VOTE] Apache SIS ${version} RC{number}
+Apache SIS PMC is pleased to call for a vote on the following Apache SIS ${version} release
candidate artifacts:
+Detailed change log/release notes:
+All Release Artifacts:
+PGP release keys (signed using {ReleaseManagerKey}):
+Specific URL's:
+SVN source tag ($revision_number):
+Source release:
+Binary Artifacts:
+Maven staging repo:
+Please verify the artifacts and vote. The vote will be open for 72 hours.
+[ ] +1  approve
+[ ] +0  no opinion
+[ ] -1  disapprove (and reason why)

View raw message