This is a how to document for creating Apache Jackrabbit releases. It documents the current release process and needs to be updated as we move forward.
Jackrabbit releases are created based on user demand and the availability of fixes and other requested changes. Any committer can declare their plan to cut a release by sending a “Apache Jackrabbit x.y.z release plan” message to the dev@ list. The plan should refer to Jira for the list of fixes to be included in the release and give a rough estimate of the release schedule. It’s OK to revise the plan if needed. Optimally, link to the candidate release notes.
If you’re not a committer, you can send a message to the mailing list asking for a new release to be made. Including the list of specific fixes you need and a short rationale of why you need the release.
You need to be a Jackrabbit committer to prepare and perform a release, but anyone is welcome to help test the release candidates and comment on the release plans.
You should have a code signing key that is included in the Jackrabbit KEYS file. See Appendix A at the end of this page for more details.
Upload the artifacts to https://dist.apache.org/repos/dist/dev/jackrabbit/ (instructions at the end of the build)
cd /path/to/jackrabbit-dev scp -r /path/to/jackrabbit/target/checkout/target/$version $version svn add $version svn commit -m "Apache Jackrabbit $version release candidate" $version
Start the vote thread, wait 72 hours. See the vote template generated by the Maven build.
If the vote is successful
[ "x$version" = "x" ] || svn move -m "Apache Jackrabbit $version" \ https://dist.apache.org/repos/dist/dev/jackrabbit/$version \ https://dist.apache.org/repos/dist/release/jackrabbit/$version
Update the Jackrabbit web site to point to the new release.
The release is built using the Maven release plugin (if your platform is Windows with Cygwin, see Appendix C). See the Performing a Maven Project Release guide for more details. Make sure you have added the pgp key information in you maven settings file, especially if you have more than one key installed locally. See Appendix B for the details.
In case you don’t feel comfortable to keep the passwords in the file ~/.m2/settings.xml forever, you need to set it now temporarily.
There have been some problems with certain combinations of Java and Maven versions. A known combinations where releasing was successful is Java 7 with Maven 3.2.2. In case you get an exception “Proxy Error” in the release:perform, see the Apache Services Status Page, however it has been reported that the status page is not always accurate. In case you get an error with respect to API incompatibilities, try with an older Maven version or enforce use of a newer release plugin, such as with mvn org.apache.maven.plugins:maven-release-plugin:2.5.3:prepare.
After this is done, you can remove the passwords from the file ~/.m2/settings.xml if you don’t want to keep it there.
Follow these instructions to generate your code signing key and to add it to the Jackrabbit KEYS file.
The Jackrabbit KEYS file is managed in https://dist.apache.org/repos/dist/release/jackrabbit/KEYS. To modify the file, first checkout the dist directory:
svn checkout https://dist.apache.org/repos/dist/release/jackrabbit
See instructions on how to append your key to the file (or, as an alternative, the beginning of the KEYS file).
Commit the change using:
svn commit -m "Add code signing key" KEYS
See the changes on http://www.apache.org/dist/jackrabbit/KEYS (you may need to wait a few minutes).
You can (but don’t need to) get your key linked to the Apache web of trust. Once other people have signed your key, you can update the KEYS file with the signatures you’ve received.
You need to change the ~/.m2/settings.xml file as follows. PGP key id: this is the second part of your key in the KEYS file. For example, this is “F07CA77B” if the first line of your key in the KEYS file is “pub 4096R/F07CA77B 2014-07-31”. In case you are not comfortable to keep passwords and key passphrases in human readable files, you can add them just before doing the release, and remove them just after the release. Instead of using the “gpg.passphrase” tag, you can try using <gpg.executable>gpg2</gpg.executable> (this should prompt you for the passphrase). For the server svn passwords, you could use the Maven password encryption.
<settings> <profiles> <profile> <id>apache-release</id> <properties> <gpg.keyname><!-- PGP key id, see above --></gpg.keyname> <gpg.passphrase><!-- PGP key passphrase --></gpg.passphrase> </properties> </profile> ... </profiles> <servers> <!-- To deploy a Jackrabbit snapshot --> <server> <id>apache.snapshots.https</id> <username><!-- Apache svn user name --></username> <password><!-- Apache svn password --></password> </server> <!-- To stage a Jackrabbit release --> <server> <id>apache.releases.https</id> <username><!-- Apache svn user name --></username> <password><!-- Apache svn password --></password> </server> ... </servers> </settings>
The Subversion support in the release plugin assumes platform-specific path delimiters, and thus does not work properly if the “svn” executable is the Cygwin version. The easiest workaround for this problem is to install a Windows-native SVN version as well, and to modify the PATH variable for the mvn invocation so that it’s found instead of the Cygwin variant.