Fork me on GitHub

How To Create A Release

Prerequisites for release managers

You need to be a Jackrabbit committer to prepare and perform a release, but anyone is welcome to help test the release candidates and comment on the release plans.

You should have a code signing key that is included in the Jackrabbit KEYS file. See Appendix A at the end of this page for more details.

You also need to tell Maven your Subversion credentials needed for deploying artifacts to the Nexus server at See Appendix B for the required settings.

Release management tasks

  1. Make sure that an appropriate version for the release is entered in Jira and that all the related issues have been resolved.

  2. Create or update a file in the root folder of the project to be released. When done, commit the file. See previous release notes for examples of what to include. The release note report in Jira is a useful source of required information.

  3. Build and deploy the release artifacts with Maven (see below).

    The release is built using the Maven release plugin. See the Releasing a Maven project guide for more details. Make sure you have added the pgp key information in you maven settings file, especially if you have more than one key installed locally. See Appendix B for the details.

    Releasing the maven artifact works best when operating on the subversion checkout of the project. Using git svn does not work.

    1. (optional, prepare your environment. e.g.: $ export version=1.0.0)
    2. Execute mvn clean deploy -Papache-release -Dmaven.deploy.skip=true. This tests if the release would work.
    3. Execute mvn release:prepare. This will update the POM files and tag the release in svn (btw: specifying the release version on the commandline doesn’t update the module poms anymore lately).
    4. Execute mvn release:perform -Papache-release. This will build the tagged release and deploy the artifacts to a new staging repository on After the build, login to and you should see it there.
    The non-Maven release artifacts are automatically copied to `/.../target/checkout/target/$version`
  4. Close the staged repository on
    Use Apache Jackrabbit Filevault Package Maven Plugin ${version} RC as comment.

  5. Upload the artifacts to via SVN

    svn co dist-dev-filevault-plugin
    cd dist-dev-filevault-plugin
    cp -r /path/to/jackrabbit/filevault-package-maven-plugin/target/checkout/target/$version $version
    svn add $version
    svn commit -m "Apache Jackrabbit Filevault Package Maven Plugin $version release candidate" $version
  6. Start the vote thread, wait 72 hours. See the vote.txt template generated by the Maven build.

  7. If the vote fails (easy case first):

    1. remove the release tag from svn

    svn rm$version

    1. delete the RC from
    2. and drop the staged repository
    3. done
  8. If the vote is successful, close the vote by publishing the results

  9. copy the release candidate from dev/jackrabbit to release/jackrabbit in, and delete any older releases from the same branch (they’re automatically archived):

    svn move -m "Apache Jackrabbit Filevault $version" \$version \$version
  10. release the staged repository for synchronization to Maven central.

  11. mark the version as released in Jira: Jira Project Home -> Project Summary -> Administer Project.

    Under Versions, you’ll see all the defined project versions. From the settings menu, choose Release on the version.

  12. Close all the issues included in the release: Jira Project Home -> Change Log -> Choose the released version.

    From the issue list you have the option to bulk update all of the included issues. Just Transition Issues from Resolved to Closed and you are done!

  13. Update the Jackrabbit web site to point to the new release.

  14. Deploy the recent plugin site (see src/site/

  15. Send the release announcement once the web site have been synced.

Appendix A: Create and add your key to the Jackrabbit KEYS file

Follow these instructions to generate your code signing key and to add it to the Jackrabbit KEYS file.

  1. Generate a code signing key using your _@apache.org_ address as the email and CODE SIGNING KEY as the comment.

  2. The Jackrabbit KEYS file is managed in To modify the file, first checkout the dist directory:

    svn checkout
  3. See the beginning of the KEYS file for instructions on how to append your key to the file.

  4. Once you’ve committed the changes, update the KEYS file on

    umask 002; svn update /www/
  5. You are DONE, but to see the changes on you must wait 2 hours

You should get your key linked to the Apache web of trust. Once other people have signed your key, you can update the KEYS file with the signatures you’ve received.

Appendix B: Maven settings

    <!-- To deploy a Jackrabbit snapshot -->
      <username> <!-- YOUR APACHE SVN USERNAME --> </username>
      <password> <!-- YOUR APACHE SVN PASSWORD --> </password>

    <!-- To stage a Jackrabbit release -->
      <username> <!-- YOUR APACHE SVN USERNAME --> </username>
      <password> <!-- YOUR APACHE SVN PASSWORD --> </password>

    <!-- used for gpg code signing key -->
    <!-- see: -->
        <id> <!-- YOUR KEYNAME --> </id>
        <passphrase> <!-- CLEAR OR ENCRYPTED TEXT --> </passphrase>
                <gpg.keyname> <!-- YOUR KEYNAME --> </gpg.keyname>

Appendix C: Announce Mail Template

Note: Copy paste the current release notes; only include the changes of this release.

Subject: [ANNOUNCE] Apache Jackrabbit FileVault Package Maven Plugin $version released

The Apache Jackrabbit community is pleased to announce the release of
Apache Jackrabbit FileVault Package Maven Plugin $version. The release is available for download at:

See the full release notes below for details about this release:

Release Notes -- Apache Jackrabbit FileVault Package Maven Plugin -- Version $version

The Apache Jackrabbit FileVault package maven plugin is an Apache maven plugin that simplifies the creation of
content package maven artifacts. The content packages can later be used to install content into a JCR repository
using the Apache Jackrabbit FileVault packaging runtime.

Changes in Jackrabbit FileVault Package Maven Plugin $version

#### Bug Fixes
* [JCRVLT-218] Repository structure package satisfies too aggressively
* [JCRVLT-219] Internal ancestors not used for dependency validation
* [JCRVLT-222] analyze-classes goal should be marked as ignored for m2e
* [JCRVLT-237] Fix description on how import-package manifests are generated
* [JCRVLT-241] Goal analyze-classes: Dependencies with type "bundle" not correctly considered
* [JCRVLT-242] Link for the web access of Jackrabbit's FileVault Package source repository is wrong
* [JCRVLT-244] Package Maven Plugin: Fix resource leaks in integration tests
* [JCRVLT-245] Package Maven Plugin: ProjectBuilder.verifyPackageProperty swaps expected/actual value
* [JCRVLT-253] Problems with Configuration inside an Execution with Filters

#### Improvements
* [JCRVLT-217] Create tests for JCRVLT-207 (HTL) as soon as plugin is released
* [JCRVLT-224] Use filevault-core instead of copy-pasting code
* [JCRVLT-231] Clarify repositoryStructurePackages parameter
* [JCRVLT-234] Remove irrelevant @Parameter annotations on field in classes which are not mojos
* [JCRVLT-236] Package Maven Plugin: Improve packageType param documentation
* [JCRVLT-238] Remove classesDirectory parameter
* [JCRVLT-243] VaultMojo: extend javadoc for all complex type parameters
* [JCRVLT-252] Package Maven Plugin: Update to htl-maven-plugin 1.1.2

#### New Features
* [JCRVLT-230] Allow to give an explicit directory as source for META-INF/vault
* [JCRVLT-239] Package Maven Plugin: Add "accessControlHandling" property
* [JCRVLT-240] Package Maven Plugin: Support for package thumbnails

Release Contents
This release consists of a single source archive packaged as a zip file.
The archive can be unpacked with the jar tool from your JDK installation.
See the [README](./ file for instructions on how to build this release.

The source archive is accompanied by SHA1 and MD5 checksums and a PGP
signature that you can use to verify the authenticity of your download.
The public key used for the PGP signature can be found at

About Apache Jackrabbit
Apache Jackrabbit is a fully conforming implementation of the Content
Repository for Java Technology API (JCR). A content repository is a
hierarchical content store with support for structured and unstructured
content, full text search, versioning, transactions, observation, and

For more information, visit

About The Apache Software Foundation
Established in 1999, The Apache Software Foundation provides organizational,
legal, and financial support for more than 100 freely-available,
collaboratively-developed Open Source projects. The pragmatic Apache License
enables individual and commercial users to easily deploy Apache software;
the Foundation's intellectual property framework limits the legal exposure
of its 2,500+ contributors.

For more information, visit

Apache Jackrabbit, Jackrabbit, Apache, the Apache feather logo, and the Apache
Jackrabbit project logo are trademarks of The Apache Software Foundation.