+1 Tested: PARTIAL 1. Run devRun using the release commit 2. Checked health endpoint and made successful api calls 3. Built and run a jar from the release commit 4. Checked health end with the build jar and made successful api calls
Thanks Adam/Adam On Tue, Jul 22, 2025 at 12:34 AM Adam Monsen <meonk...@apache.org> wrote: > Hello everyone, > > We are proud to present Apache Fineract 1.12.1, with the artifacts below > up for a vote. Releases are important for a number of reasons: They put a > stamp of approval on a set of code changes and they build momentum for > future improvements. > > 1.12.1 is very similar to 1.12.0--we just had to fix some build and test > issues (thank you Ádám Sághy). > > Release notes and ChangeLog > <https://cwiki.apache.org/confluence/display/FINERACT/1.12.1+-+Apache+Fineract> > (help still needed w/summary please) > > Source and binary artifacts <https://adammonsen.com/tmp/1.12.1/> (yes, > this is the correct URL -- we are waiting for ASF infra to assist with > uploading the release to the staging area in subversion. That's OK, this is > why we have checksums and keys, so these files can be considered immutable > in a way any/all of us can verify) > > Tagged as 1.12.1 > > Committer PGP keys, including the key I used to sign the release > <https://dist.apache.org/repos/dist/dev/fineract/KEYS> (note this KEYS > file is duplicated in the /release/ area, but that KEYS file is not yet > updated -- I need a PMC member to do this for me) > > Note that this release contains source and binary artifacts. > > This vote will be open for 72 hours: > > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Please indicate if you are a binding vote (member of the PMC). > > Please also indicate with "Tested: YES/NO/PARTIAL" if you have locally > built and/or tested these artifacts and/or a clone of the code checked out > to the release commit, following the form: > > Tested: YES ... Verified integrity and signatures of release artifacts > locally, built from source, ran jar/war: Did everything mentioned in the > current release candidate verification guidance ( see below ). If you did > more than that, please specify. > > Tested: NO ... No testing performed on release candidate, e.g. relying on > testing performed by other contributors and/or output of GitHub Actions, > while exercising my right to vote. > > Tested: PARTIAL ... Please specify. > > Cheers, > Adam Monsen > > > ADDENDUM - release candidate verification guidance > Here's a recap of the rough steps to verify the rc (release candidate): > > 1. download the rc artifacts and verify their integrity > 2. run a build using only the source tarball and the recommended JDK > 3. start up a Fineract server using the war in the binary tarball > > I'll give examples of these steps below. These are meant to be run > interactively, that is: Copy+pasted or manually typed in on your own > machine. The steps assume Bash shell on Linux (and a few common utilities: > gpg, diff, tar...) but are hopefully clear enough to use as general > guidance on other systems as well. If you're able to use Bash on macOS or > Windows these commands should work the same. > signatures and checksums > > version=1.12.1# source artifact signature and checksum verification steps > src=apache-fineract-$version-src.tar.gz# upon success: prints "Good > signature" and returns successful exit code# upon failure: prints "BAD > signature" and returns error exit code > gpg --verify $src.asc# upon success: prints nothing and returns successful > exit code# upon failure: prints checksum differences and returns error exit > code > gpg --print-md SHA512 $src | diff - $src.sha512 > # binary artifact signature and checksum verification steps and outputs are > similar > bin=apache-fineract-$version-binary.tar.gz > gpg --verify $bin.asc > gpg --print-md SHA512 $bin | diff - $bin.sha512 > > build from source > > tar -xzf $src# note mismatch in exploded dir name!cd > apache-fineract-src-$version# bare minimum build! > gradle build -x test -x doc > > run from binary > Explode the binary tarball and run the jar with Java and/or run the war > with Tomcat. > > Ensure http://localhost:8080/fineract-provider/actuator/health works and > that you are able to make API calls against > http://localhost:8080/fineract-provider/api/v1 . > >
