Currently all Release Managers have either MacOS or Linux workstations. The scripting/automation assumes one of these two platforms.
In addition to all the tools assumed to be installed for building OpenWhisk, you will also need the following packages installed:
You may want to fork the repo and then clone your fork. Setup to use the same GitHub workflows you use for other OpenWhisk repositories to which you contribute.
The scripts/automation in this project assume a local clone and create/use working directories and staging areas within that clone. Staging areas are listed in the .gitignore
for the repository to avoid accidential commits of generated artifacts.
The Apache distribution servers are managed by commiting/removing files from project-specific directory trees in an svn repository.
You can run the script tools/checkout_svn.sh to create a local checkout of these repositories at the path expected by the rest of the scripts.
All release artifacts are accompanied by cryptographic signatures according to Apache release policy.
You will need a PGP key pair. The key must have your username@apache.org as one of its associated user ids.
See https://www.apache.org/dev/release-signing.html for the technical requirements for your signing key and instructions on creating one if you don't already have an acceptable one.
Currently ASF recommends using a 4096 bit RSA key to sign releases.
Only a PMC member can commit changes to the KEYS file
Once you have your PGP key pair, append your public key to our KEYS file in your local svn clone and commit the change.
Our KEYS file is append only. Once a key has been used to sign a release it cannot be removed from the KEYS file.
The commands to export your key (depending on your PGP client) can be found at the very top of the KEYS file, and are also replicated below:
Developers: pgp -kxa <your name> and append it to KEYS (pgpk -ll <your name> && pgpk -xa <your name>) >> KEYS. (gpg --list-sigs <your name> && gpg --armor --export <your name>) >> KEYS.