如何完成一次Apache的版本釋出

了解Apache釋出的内容和流程

總的來說，Source Release是Apache關注的重點，也是釋出的必須内容；而Binary Release是可選項，Dubbo可以選擇是否釋出二進制包到Apache倉庫或者釋出到Maven中央倉庫。

請參考以下連結，找到更多關于ASF的釋出指南:

• Apache Release Guide
• Apache Release Policy
• Maven Release Info

本地建構環境準備

主要包括簽名工具、Maven倉庫認證相關準備

1. 安裝GPG，參見 https://www.gnupg.org/download/index.html
   • 如Mac OS

     $ brew install gpg
     $ gpg --version #檢查版本，應該為2.x           

2. 用gpg生成key
   • 根據提示，生成key

   $ gpg2 --full-gen-key
   gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
   This is free software: you are free to change and redistribute it.
   There is NO WARRANTY, to the extent permitted by law.
   
   Please select what kind of key you want:
      (1) RSA and RSA (default)
      (2) DSA and Elgamal
      (3) DSA (sign only)
      (4) RSA (sign only)
   Your selection? 1
   RSA keys may be between 1024 and 4096 bits long.
   What keysize do you want? (2048) 4096
   Requested keysize is 4096 bits
   Please specify how long the key should be valid.
            0 = key does not expire
         <n>  = key expires in n days
         <n>w = key expires in n weeks
         <n>m = key expires in n months
         <n>y = key expires in n years
   Key is valid for? (0) 
   Key does not expire at all
   Is this correct? (y/N) y
   
   GnuPG needs to construct a user ID to identify your key.
   
   Real name: Robert Burrell Donkin
   Email address: [email protected]
   Comment: CODE SIGNING KEY
   You selected this USER-ID:
       "Robert Burrell Donkin (CODE SIGNING KEY) <[email protected]>"
   
   Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
   You need a Passphrase to protect your secret key. # 填入密碼，以後打包過程中會經常用到           

   • 檢視key id

     $ gpg --list-keys
     pub   rsa4096/28681CB1 2018-04-26 # 28681CB1就是key id
     uid       [ultimate] liujun (apache-dubbo) <[email protected]>
     sub   rsa4096/D3D6984B 2018-04-26
     
     # 通過key id發送public key到keyserver
     $ gpg --keyserver pgpkeys.mit.edu --send-key 28681CB1
     # 其中，pgpkeys.mit.edu為随意挑選的keyserver，keyserver清單為：https://sks-keyservers.net/status/，因為互相之間是自動同步的，選任意一個都可以。           

   • 如果有多個public key，設定預設key

     ~/.gnupg/gpg.conf

     # If you have more than 1 secret key in your keyring, you may want to
     # uncomment the following option and set your preferred keyid.
     
     default-key 28681CB1           

3. 設定Apache中央倉庫
   • Dubbo項目的父pom為apache pom

     <parent>
       <groupId>org.apache</groupId>
       <artifactId>apache</artifactId>
       <version>19</version>
     </parent>           

   • 添加以下内容到.m2/settings.xml

     所有密碼請使用[maven-encryption-plugin](http://maven.apache.org/guides/mini/guide-encryption.html)加密後再填入
                

   <settings>
   ...
     <servers>
       <!-- To publish a snapshot of some part of Maven -->
       <server>
         <id>apache.snapshots.https</id>
         <username> <!-- YOUR APACHE LDAP USERNAME --> </username>
         <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password>
       </server>
       <!-- To stage a release of some part of Maven -->
       <server>
         <id>apache.releases.https</id>
         <username> <!-- YOUR APACHE LDAP USERNAME --> </username>
         <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password>
       </server>
      ...
         <!-- gpg passphrase used when generate key -->
        <server>
         <id>gpg.passphrase</id>
         <passphrase><!-- yourKeyPassword --></passphrase>
       </server>
     </servers>
   </settings>           

   ​

打包&上傳

1. 從主幹分支拉取新分支作為釋出分支，如現在要釋出2.6.4版本，則從2.6.x拉出新分支2.6.4-release，此後2.6.4 Release Candidates涉及的修改及打标簽等都在2.6.4-release分支進行，最終釋出完成後合入主幹分支。
2. 首先，在2.6.4-release分支驗證maven元件打包、source源碼打包、簽名等是否都正常工作

   $ mvn clean install -Papache-release
   $ mvn deploy
   # 将snapshot包推送到maven中央倉庫，處于staging狀态           

3. 用maven-release-plugin釋出
   • 先用dryRun驗證是否ok

     $ mvn release:prepare -Papache-release -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID -DdryRun=true           

   • 驗證通過後，執行release:prepare

   $ mvn release:clean
   $ mvn release:prepare -Papache-release -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID
   # 執行完成後：1.生成source.zip包； 2.打出tag，并推送到github倉庫； 3.分支版本自動更新為2.6.4-SNAPSHOT，并将修改推送到github倉庫           

   • 執行release:perform，做正式釋出

     $ mvn -Prelease release:perform -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID
     # 所有artifacts釋出到配置的遠端maven中央倉庫，處于staging狀态           

準備Apache釋出

1. 準備svn本機環境（Apache使用svn托管項目的釋出内容）
2. 将dubbo checkout到本地目錄

   $ svn checkout https://dist.apache.org/repos/dist/dev/incubator/dubbo
   # 假定本地目錄為 ~/apache/incubator/dubbo           

3. 目前釋出版本為2.6.4，建立目錄

   $ cd ~/apache/incubator/dubbo # dubbo svn根目錄
   $ mkdir 2.6.4           

4. 添加public key到 KEYS 檔案。KEYS主要是讓參與投票的人在本地導入，用來校驗sign的正确性
5. 拷貝Dubbo根目錄下的source.zip包到svn本地倉庫dubbo/2.6.4
6. 生成sha512簽名

   $ shasum -a 512 dubbo-incubating-2.6.4-source-release.zip >> dubbo-incubating-2.6.4-source-release.zip.sha512           

7. 如果有binary release要同時釋出

   # 到dubbo項目distribution的module下，執行：
   $ mvn install
   # target目錄下，拷貝bin-release.zip以及bin-release.zip.asc到svn本地倉庫dubbo/2.6.4
   # 參考第6步，生成sha512簽名           

8. 送出到Apache svn

   $ svn status
   $ svn commit -m 'prepare for 2.6.4 RC1'           

驗證Release Candidates

證環節包含但不限于以下内容和形式：

1. Check signatures and hashes are good

sha512 dubbo-incubating-${release_version}-bin-release.zip.sha512
sha512 dubbo-incubating-${release_version}-source-release.zip.sha512           

1. unzip dubbo-incubating-${release_version}-source-release.zip to the default directory and check the following:

• Directory with

  incubator

  in name

  dubbo-incubating-${release_version}-bin-release

• DISCLAIMER file exists
• LICENSE and NOTICE file exists and contents are good
• All files and no binary files exist
• All files has standard ASF License header
• Can compile from source
• All unit tests can pass

  mvn clean test # This will run all unit tests
  # you can also open rat and style plugin to check if every file meets requirements.
  mvn clean install -Drat.skip=false -Dcheckstyle.skip=false           

• Release candidates match with corresponding tags, you can find tag link and hash in vote email.

進入投票

投票分兩個階段：

1. Dubbo社群投票，發起投票郵件到[email protected]。在社群開發者Review，并統計到3個同意發版的binding票後，即可進入下一階段的投票。
2. Apache社群投票，發起投票郵件到[email protected]。在Apache PMC Review，并統計到3個統一發版的binding票後，即可進行正式釋出。

郵件模闆：

Hello Dubbo Community,

This is a call for vote to release Apache Dubbo (Incubating) version 2.6.4.

The release candidates:
https://dist.apache.org/repos/dist/dev/incubator/dubbo/2.6.4/

Git tag for the release:
https://github.com/apache/incubator-dubbo/tree/dubbo-2.6.4

Hash for the release tag:
afab04c53edab38d52275d2a198ea1aff7a4f41e

Release Notes:
https://github.com/apache/incubator-dubbo/releases/tag/untagged-4775c0a22c60fca55118

The artifacts have been signed with Key : 28681CB1, which can be found in the keys file:
https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS

The vote will be open for at least 72 hours or until necessary number of votes are reached.

Please vote accordingly:

[ ] +1 approve 
[ ] +0 no opinion 
[ ] -1 disapprove with the reason

Thanks,
The Apache Dubbo (Incubating) Team           

正式釋出

1. 送出 https://dist.apache.org/repos/dist/dev/incubator/dubbo 目錄下的釋出包到 https://dist.apache.org/repos/dist/release/incubator/dubbo/ ，完成正式釋出。
2. 發郵件到[email protected]和[email protected]，通知社群釋出完成。

完成Maven Convenient Binary釋出（可選）

apache.repository.org

nexus倉庫的權限已經申請，參見

jira

。

之前釋出到maven倉庫的atifacts都處于staging狀态，用Apache

id登入apache.repository.org

，完成釋出。