blob: bb4f240e026b76ef16f43475ed496f076ace7527 [file]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<document>
<properties>
<title>One time release setup</title>
<author email="dev@uima.apache.org">
Apache UIMA Documentation Team</author>
</properties>
<body>
<section name="One time setup instructions for releasing Apache UIMA">
<p>
Here you will find information on how to set up various tools
and configurations needed when releasing Apache UIMA&#0153; artifacts.
</p>
<p>First, be sure you've done the general
<a href="one-time-setup.html">one-time-setup</a>.
</p>
<p>The rest of the setup is taken from various other sources around Apache
(links below).</p>
<ul>
<li>
<b><code>Settings.xml</code></b> file:
<p>Create and/or update your Maven settings.xml file (located where your local repo is).
Follow <a target="_blank" rel="noopener"
href="https://maven.apache.org/developers/committer-settings.html">these instructions</a> (but
ignore the last line about needing to be a member of group <code>apcvs</code> and <code>maven</code>).
Use Maven's <a target="_blank" rel="noopener" href="https://maven.apache.org/guides/mini/guide-encryption.html">
password encryption capabilities</a> to encrypt your LDAP password, used to log on to
the server for uploading things to the Apache Nexus Repositories (both SNAPSHOTs and Staging).
</p>
<p>Your settings file should <b>not</b> contain your GPG passphrase, to avoid the security
risk inherent in having this in a file stored on your machine. Instead, it should have lines
like these:
<pre style="font-size:70%">
&lt;gpg.useagent>true&lt;/gpg.useagent>
&lt;!--gpg.passphrase>&lt;/gpg.passphrase--> &lt;!-- don't put passphrase in file -->
</pre>
</p>
<p>These lines go in your settings.xml file, inside a &lt;profile> that is active when the signing is needed
(you can just make it active always, too), inside a &lt;properties> element, like so:
<pre style="font-size:70%">&lt;properties>
&lt;gpg.useagent>true&lt;/gpg.useagent>
...
&lt;/properties></pre>
</p>
<p>Here is a sample settings.xml profile:
<pre style="font-size:70%">&lt;settings xmlns="https://maven.apache.org/POM/4.0.0"
xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://maven.apache.org/POM/4.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
&lt;profiles>
&lt;profile>
&lt;id>local-build-configuration&lt;/id>
&lt;!-- Use &lt;activeProfiles>
&lt;activeProfile>local-build-configuration&lt;/activeProfile>
&lt;/activeProfiles>
outside of the &lt;profile> element. See example at bottom.
&lt;properties>
&lt;uima-maven-build-eclipse-home>C:/p/eclipse/3.5/eclipse&lt;/uima-maven-build-eclipse-home>
&lt;uimaWebsiteDistributionUrl>file:///c:/a/uimaWebsite/&lt;/uimaWebsiteDistributionUrl>
&lt;gpg.useagent>true&lt;/gpg.useagent>
&lt;/properties>
&lt;/profile>
&lt;/profiles>
&lt;!-- activeProfiles - a list of profiles that are active for all builds -->
&lt;activeProfiles>
&lt;activeProfile>local-build-configuration&lt;/activeProfile>
&lt;/activeProfiles>
&lt;/settings></pre>
</p>
</li>
<li>
Create (if you haven't already) your GPG keys; see
<a target="_blank" rel="noopener"
href="https://apache.org/dev/openpgp.html">Making GPG Keys</a>.
The UIMA project KEYS file is stored in SVN in the trunk/uima-website/docs/KEYS file.
Please add your exported public key to the bottom of this file, and commit the change.
<p>
Also, checkout and update the KEYS file at the top level of our release distribution, located
at https://dist.apache.org/repos/dist/release/uima/KEYS.
</p>
</li>
<li>You need to have a recent GPG client installed;
the recent ones support the capability to have a window pop up
when
the passphrase is needed - so you never need to put the passphrase into a file. And,
they remember this, so if you're signing a bunch of things, you only need to put in the
passphrase once (it forgets/resets after a few minutes).
I've found <a target="_blank" rel="noopener" href="https://www.gpg4win.org/">https://www.gpg4win.org/</a>
has this kind of support, for Windows XP.
See the main gpg site
<a target="_blank" rel="noopener" href="https://www.gnupg.org/">https://www.gnupg.org/</a> for references
to other implementations.
</li>
<li>
You need a current version of the SVN client, Subversion (1.6) installed and on your shell's path.
See <a target="_blank" rel="noopener" href="https://subversion.apache.org/">https://subversion.apache.org/</a>
At least one person has had success using the client from <a target="_blank" rel="noopener"
href="https://www.collab.net/downloads/subversion/">Collabnet</a> on Windows.
</li>
<li>You need Java 1.5. (Our builds should be done with 1.5 to catch any accidental use of 1.6-only
methods).</li>
<li>Set the environmental variable <code>MAVEN_OPTS</code> to "-Xmx800m -XX:MaxPermSize=256m"
(these may be too large, but they currently work).</li>
<li>Download and install Maven 3.0-beta-1 (or later), and set it up to be on the PATH.</li>
</ul>
</section>
</body>
</document>