Samza Release Procedure

Releasing Samza involves the following steps:

  • Send a [DISCUSS] to Example
  • Create the Release Candidate
  • Send a [VOTE] to Example
  • Wait till the [VOTE] completes and send [RESULT][VOTE]. Example
  • Publish source tarball to Apache SVN
  • Publish website documents for new release
  • Write a blog post on Apache Blog (Note: Apache blog editor is primitive. You have to provide HTML formatted document.)

The following sections will be focusing on creating the release candidate, publish the source tarball, and publish website documents.

Steps to release Samza binary artifacts

Before you start, here are a few prerequisite steps that would be useful later:

And before you proceed, do the following steps:

  • create a branch $VERSION from the latest master branch
  • update the s.t. the following property is $VERSION w/o the suffix ‘-SNAPSHOT’: version=$VERSION

Validate that all Samza source files have proper license information in their header.

./gradlew check

To release to a local Maven repository:

./gradlew clean publishToMavenLocal

To build a tarball suitable for an ASF source release (and its accompanying MD5 file):

First, clean any non-checked-in files from git (this removes all such files without prompting):

git clean -fdx

Alternatively, you can make a fresh clone of the repository to a separate directory:

git clone samza-release
cd samza-release

Then build the tarball:

./gradlew clean sourceRelease

Then sign it:

gpg --sign --armor --detach-sig build/distribution/source/apache-samza-*.tgz

Make a signed git tag for the release candidate:

git tag -s release-$VERSION-rc0 -m "Apache Samza $VERSION release candidate 0"

Push the release tag to remote repository:

git push origin release-$VERSION-rc0

Edit $HOME/.gradle/ and add your GPG key information:

signing.keyId=01234567                          # Your GPG key ID, as 8 hex digits
signing.secretKeyRingFile=/path/to/secring.gpg  # Normally in $HOME/.gnupg/secring.gpg
signing.password=YourSuperSecretPassphrase      # Plaintext passphrase to decrypt key
nexusUsername=yourname                          # Your username on Apache's LDAP
nexusPassword=password                          # Your password on Apache's LDAP

Putting your passwords there in plaintext is unfortunately unavoidable. The nexus plugin supports asking for them interactively, but unfortunately there's a Gradle issue which prevents us from reading keyboard input (because we need org.gradle.jvmargs set).

Build binary artifacts and upload them to the staging repository:

# Set this to the oldest JDK which we are currently supporting for Samza.
# If it's built with Java 8, the classes won't be readable by Java 7.
export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_20.jdk/Contents/Home
./gradlew clean uploadArchives

Go to repository web interface, log in with Apache LDAP credentials, go to “Staging Repositories”, select the org.apache.samza repository just created, and close it. This may take a minute or so. When it finishes, the UI shows a staging repository URL. This can be used in a project that depends on Samza, to test the release candidate.

If the VOTE has successfully passed on the release candidate, you can log in to the repository web interface (same as above) and “release” the org.apache.samza repository listed under “Staging Repositories”.

Steps to Upload Source Tarball to Apache SVN

Check out the following Apache dist SVN to local:

svn checkout samza-dist

Create the new version's sub-directory and add the source tarball, MD5, and asc files from the previous step to the new directory:

cd samza-dist mkdir $VERSION cp ${SAMZA_SRC_ROOT}/build/distribution/source/apache-samza-$VERSION-src.tgz $VERSION cp ${SAMZA_SRC_ROOT}/build/distribution/source/apache-samza-$VERSION-src.tgz.MD5 $VERSION cp ${SAMZA_SRC_ROOT}/build/distribution/source/apache-samza-$VERSION-src.tgz.asc $VERSION svn add $VERSION

Commit to Apache release SVN

svn ci -m “Releasing Apache Samza $VERSION Source Tarballs”

Check the download link here to make sure that the mirror site has picked up the new release. The third-party mirrors may take upto 24 hours to pick-up the release. In order to ensure that the release is available in public mirrors, wait for the release jars to show up in maven central. A full list of mirrors can be found here. Do not publish the website or any public document until the release jars are available for download.

Steps to Update Public Document

Please refer to docs/, specifically “Release-new-version Website Checklist” section.