Google Git
Sign in
apache / openmeetings / cfb7848cffa8060ad1fa990d8fe24424bd9bb5cd / . / openmeetings-server / src / site / xdoc / ReleaseGuide.xml
blob: 62b117ed161fef8cd690e81644badec721233389 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<document xmlns="http://maven.apache.org/XDOC/2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
<properties>
<title>Release Guide</title>
<author email="dev@openmeetings.apache.org">Apache OpenMeetings Team</author>
</properties>
<body>
<section name="How to Build a Release of OpenMeetings">
<subsection name="Required tools">
<div>
<p>To build a binary release of OpenMeetings you need: </p>
<ul>
<li>JDK11</li>
<li>Apache Maven 3.5.0</li>
<li>Git Command line client</li>
<li>A text editor</li>
<li>You need to be online! The build process actively downloads needed libraries and dependencies.</li>
<li>Valid certficate to be able to enter <a href="https://securesigning.pki.digicert.com/csportal">https://securesigning.pki.digicert.com/csportal</a>
Please ask INFRA in case you need one.
</li>
</ul>
</div>
</subsection>
<subsection name="Prepare your Apache ID">
<div>
<ul>
<li><b>Every release package must be signed with a PGP/GPG key.</b><br />
So if you want to release a package your Apache Id must be
connected with a PGP key!
<br />
<br />
You might follow:
<br />
<a
href="http://www.apache.org/dev/new-committers-guide.html#security-and-pgp"
target="_blank">http://www.apache.org/dev/new-committers-guide.html#security-and-pgp
</a>
<br />
<br />
In short:
<ul>
<li>Create PGP key pairs (private + public) (and I recommend creating a Revoke Cert)</li>
<li>Upload the public key (either bei using the PGP Tool that you use
to create the key) or by using the web form to:
<a href="http://pgp.mit.edu/" target="_blank" rel="nofollow">http://pgp.mit.edu/</a>
</li>
<li>Add the fingerprint string (something like "BF13 CF11 F9C9 0CBE
4413 09AB 0055 16BF 93A3 0395") to your profile at
<a href="https://id.apache.org/" target="_blank" rel="nofollow">https://id.apache.org/</a>
</li>
<li>
Wait for 6-8 hours, the server will search for a public key based
on your fingerprint, if success it will create a file with your
name at:
<br />
<a href="https://people.apache.org/keys/committer/">https://people.apache.org/keys/committer/</a>
</li>
<li>
If that is "success" then add your key to:
<br />
<a href="https://github.com/apache/openmeetings/blob/master/KEYS">https://github.com/apache/openmeetings/blob/master/KEYS</a>
<br />
<br />
and follow the instructions in the file.
</li>
</ul>
</li>
<li><b>Maven</b><br/>
<ul>
<li>Ensure you able to login to <a href="https://repository.apache.org/">https://repository.apache.org</a></li>
<li>
Set up development environment as described here: <a href="http://www.apache.org/dev/publishing-maven-artifacts.html#dev-env">Setup development environment</a><br/>
Don't forget to secure passwords as described here: <a href="http://maven.apache.org/guides/mini/guide-encryption.html#How_to_create_a_master_password">Password Encryption</a>
</li>
</ul>
</li>
</ul>
</div>
</subsection>
<subsection name="Step1 - Prepare files">
<ul>
<li>
Check that all files:<br />
LICENSE, NOTICE.md, CHANGELOG.md, README.md<br />
are up to date and refer to the right version.
</li>
<li>
Check site is <tt>green</tt> here <a href="https://whimsy.apache.org/site/project/openmeetings">https://whimsy.apache.org/site/project/openmeetings</a>
</li>
<li>
Ensure All contributed translations are imported to our codebase<br/>
(More info and examples <a href="https://github.com/solomax/om-poeditor">are here</a>))
</li>
<li>
Update following files in OM documentation:<br/>
<tt>openmeetings-server/src/site/xdoc/index.xml</tt><br/>
<tt>openmeetings-server/src/site/xdoc/NewsArchive.xml</tt><br/>
<tt>openmeetings-server/src/site/xdoc/downloads.xml</tt><br/>
<div class="bd-callout bd-callout-danger">
<div class="h4">Download links in NewsArchive.xml and README.md should be updated</div>
</div>
</li>
<li>Switch to the necessary branch:
<source>git checkout master</source>
</li>
<li>Create temporary local branch
<source>git checkout -b release-5.0.1</source>
</li>
<li>Update versions of all modules
<source>mvn versions:set -DgenerateBackupPoms=false -DnewVersion=5.0.1</source>
</li>
<li>Update final SCM URL located at <tt>pom.xml</tt> and <tt>openmeetings-server/pom.xml</tt>
<source><![CDATA[
<scm>
<url>https://github.com/apache/openmeetings.git</url>
SET https://github.com/apache/openmeetings/tree/5.0.1
]]></source>
</li>
<li>
Create a TAG and commit it to the Git<br/>
<source>
git commit -a -m "5.0.1 Release Candidate 1"
git tag -s 5.0.1-RC1 -m "5.0.1 Release Candidate 1 tag"
git push origin 5.0.1-RC1
</source>
</li>
<li>
<p>Deploy release artifacts to Maven</p>
<source>mvn clean &amp;&amp; mvn deploy -Pdeploy,rc</source>
</li>
<li>
<p>Run the command: </p>
<source>mvn clean &amp;&amp; mvn install -PallModules,rc</source>
</li>
<li>
<p>Test building the source on windows and OSx or Linux</p>
<p>Test running the binary's</p>
</li>
<li>
<p>
Commit artifacts you have created with KEYS file to the
<tt>https://dist.apache.org/repos/dist/dev/openmeetings/</tt>
Proposed file structure for "Release Candidate 1" of 5.0.1 will be:
</p>
<source>
5.0.1
5.0.1/rc1
5.0.1/rc1/src
5.0.1/rc1/src/apache-openmeetings-5.0.1-src.zip
5.0.1/rc1/src/apache-openmeetings-5.0.1-src.tar.gz
5.0.1/rc1/src/apache-openmeetings-5.0.1-src.zip.sha
5.0.1/rc1/src/apache-openmeetings-5.0.1-src.zip.asc
5.0.1/rc1/src/apache-openmeetings-5.0.1-src.tar.gz.sha
5.0.1/rc1/src/apache-openmeetings-5.0.1-src.tar.gz.asc
5.0.1/rc1/bin
5.0.1/rc1/bin/apache-openmeetings-5.0.1.zip
5.0.1/rc1/bin/apache-openmeetings-5.0.1.tar.gz
5.0.1/rc1/bin/apache-openmeetings-5.0.1.zip.sha
5.0.1/rc1/bin/apache-openmeetings-5.0.1.zip.asc
5.0.1/rc1/bin/apache-openmeetings-5.0.1.tar.gz.sha
5.0.1/rc1/bin/apache-openmeetings-5.0.1.tar.gz.asc
5.0.1/rc1/CHANGELOG
</source>
<p><b>NOTE</b> KEYS file is located at https://www.apache.org/dist/openmeetings/KEYS and should be just updated</p>
</li>
</ul>
</subsection>
<subsection name="Step2 - VOTE and RESULT emails">
<p>
Send a "VOTE" to the developer mailing list including links to release artifacts.<br />
A VOTE always contains two parts:<br />
Send an email to the developer mailing list with the subject line:<br />
[VOTE] Apache OpenMeetings x.xx release<br />
An example for such an email:
<a href="https://mail-archives.apache.org/mod_mbox/openmeetings-dev/201701.mbox/%3CCAJmbs8jZ7EiXoeBbG4ynvg30FPx2nAOJMypE2Qp-v-c63ayO9A%40mail.gmail.com%3E">example Vote email</a>
<a href="https://s.apache.org/vote-2.0.0RC4">example Vote email (Incubator)</a>
<br />
After the vote is over, send a "RESULT" email to the list with the subject line:<br />
[RESULT][VOTE] Apache OpenMeetings x.xx release<br />
An example for such an email:
<a
href="https://mail-archives.apache.org/mod_mbox/openmeetings-dev/201701.mbox/%3CCAJmbs8gyvHuarzdVma%2BF6ap7RHBhhVciZp5Oi5JogQdLR6o0NA%40mail.gmail.com%3E">example Result email</a>
<br />
Votes on whether a package is ready to be released use majority approval -- i.e., at
least three PMC members must vote affirmatively for release, and there must be more
positive than negative votes. Releases may not be vetoed. Before voting +1 PMC members
are required to download the signed source code package, compile it as provided, and
test the resulting executable on their own platform, along with also verifying that
the package meets the requirements of the ASF policy on releases.
</p>
</subsection>
<subsection name="Step3 - Sign web start application">
<p>If VOTEs positive: Sign screen sharing web application and re-pack the release</p>
<ul>
<li>Go to the folder you check out your $BRANCHORTAG</li>
<li>
<p>Run the command: </p>
<source>
cd openmeetings-screenshare
mvn clean install -Prc,release
</source>
</li>
<li>Go to <a href="https://securesigning.pki.digicert.com/csportal">https://securesigning.pki.digicert.com/csportal</a></li>
<li>Select "Signing Sets"</li>
<li>Select "Add signing set"</li>
<li>Enter "Signing set name" (must include "Apache OpenMeetings" and version) for ex. "Apache OpenMeetings 5.0.1-RELEASE"</li>
<li>Enter "Version" for ex. "5.0.1-RELEASE"</li>
<li>Select "Java Signing Sha256" as "Signing service"</li>
<li>Select "Upload files" and add all <b>jar</b> files from <tt>target/jnlp</tt></li>
<li>Select "Sign now"</li>
<li>Select "Type of signing" -> "Production"</li>
<li>Select "Sign"</li>
<li>Select "Download set"</li>
<li>Open binary artifacts of OM created on previous step (both <b>tar.gz</b> and <b>zip</b>)</li>
<li>Replace jar files inside artifacts <tt>webapps/openmeetings/screenshare</tt> with the signed ones</li>
<li>
Re-create artifact signatures
<p>Create sha512sum checksums</p>
<source>
#On OSX you might use this command to make a SHA checksum and store it to a file
shasum -a 512 -r apache-openmeetings-XXX-src.zip >apache-openmeetings-XXX-src.zip.sha512
</source>
<source>
<![CDATA[
#To create SHA hashes On Ubuntu:
for f in `ls -1 *.tar.gz *.zip`; do sha512sum $f > $f.sha512; done
#To check SHA hashes On Ubuntu:
for f in `ls -1 *.tar.gz *.zip`; do sha512sum -c $f.sha512; done
]]>
</source>
<p>
Create signatures with the your KEY for every file, the KEY must be available at:<br />
<a href="https://github.com/apache/openmeetings/blob/master/KEYS">
https://github.com/apache/openmeetings/blob/master/KEYS
</a>
</p>
<source>
<![CDATA[
#To create signatures On Ubuntu:
for f in `ls -1 *.tar.gz *.zip`; do gpg --armor --output $f.asc --detach-sig $f; done
#To check signatures On Ubuntu:
for f in `ls -1 *.tar.gz *.zip`; do gpg --verify $f.asc; done
]]>
</source>
</li>
</ul>
<p>NOTE: "Type of signing" can be selected as "Test" to check everything works as expected</p>
</subsection>
<subsection name="Step4 - Create release tag">
<p>Release tag based on RCXX should finally be created</p>
<source>
<![CDATA[
git checkout 5.0.0-M1-RC1
git tag 5.0.0-M1
git push origin 5.0.0-M1
]]>
</source>
</subsection>
<subsection name="Step5 - Distribute and announce">
<p>If VOTEs positive: Upload the release </p>
<ul>
<li>Upload Artifacts with signatures created on the previous steps to
https://dist.apache.org/repos/dist/release/openmeetings/CURRENT_VERSION
</li>
<li>Close staging repo:
<ul>
<li>Go to: <a href="https://repository.apache.org/#stagingRepositories">Staging Repositories</a></li>
<li>Select openmeetings staging repo and Close it with valid message:<br/>
for ex. "The VOTE about 3.1.2 release was successful"
</li>
<li>Select openmeetings staging repo and Release it with valid message:<br/>
for ex. "The VOTE about 3.1.2 release was successful"
</li>
</ul>
</li>
<li>
Wait 24 hours (until all Apache mirrors have synced the packages)
and send an announcement to the mailing list + blog and any other
channel.
</li>
<li>
Email announcements should have the subject line:<br />
[ANNOUNCE] Apache OpenMeetings x.xx released
</li>
<li>
Update release section of DOAP file <tt>openmeetings-site/doap.rdf (https://github.com/apache/openmeetings-site/blob/asf-site/doap.rdf)</tt>
</li>
<li>
Add a section to <a href="downloads.html">downloads</a> website.<br />
Make sure that the binary packages are linked using the mirror URL as base path (
<b>not</b> http://www.apache.org/dist):<br />
Mirror URL:
<a href="http://www.apache.org/dyn/closer.lua/openmeetings/">http://www.apache.org/dyn/closer.lua/openmeetings/</a>
</li>
<li>
Release candidates should be deleted from <tt>https://dist.apache.org/repos/dist/dev/openmeetings/</tt><br/>
Old releases should be deleted from <tt>https://dist.apache.org/repos/dist/release/openmeetings/</tt>
</li>
</ul>
</subsection>
</section>
</body>
</document>