vavrtom commented on a change in pull request #36: QPID-8361: [Broker-J] Create a developer guide for Qpid Broker-J URL: https://github.com/apache/qpid-broker-j/pull/36#discussion_r326036035
########## File path: doc/developer-guide/src/main/markdown/release-instructions.md ########## @@ -0,0 +1,193 @@ +# Releasing Qpid Broker-J + +This document summarizes the steps of release process for Qpid Broker-J + +<!-- toc --> + +- [Pre-Requirements](#pre-requirements) + * [PGP](#pgp) + * [Maven](#maven) + * [Java](#java) + * [Git](#git) +- [Release Steps](#release-steps) + +<!-- tocstop --> + +## Pre-Requirements + +The release process is based on [Apache Release Policy](http://www.apache.org/dev/release.html), + [Release Signing](http://www.apache.org/dev/release-signing.html) and + [Publishing of Maven Documents](http://www.apache.org/dev/publishing-maven-artifacts.html#dev-env). + +### PGP + +Release artifacts needs to be signed. GNU Privacy Guard from [OpenPGP](https://www.openpgp.org) is used to sign on + Apache. Please, refer [Release Signing](http://www.apache.org/dev/release-signing.html) about PGP public key + cryptography. The document provides basic information about release signing and contains links to various resources + about PGP public key cryptography and how to use GNU Privacy Guard to generate and sign the PGP keys. Install + [GNU Privacy Guard](http://www.gnupg.org), generate keys following steps provided here and upload public keys to + keyservers . After publishing keys, login into <https://id.apache.org> and enter PGP key fingerprint(s), + then the corresponding keys will be made available under <https://people.apache.org/keys/> within a few hours. + Additionally, qpid project requires adding a public key into <https://dist.apache.org/repos/dist/release/qpid/KEYS>. + +### Maven + +Maven is used to build and manage Qpid Java project. 3.x version of maven needs to be installed and the development + environment should be setup as described at + [Publishing of Maven Artifacts](http://www.apache.org/dev/publishing-maven-artifacts.html#dev-env). + +Please, note that repository id (server id) in `setting.xml` should be **apache.releases.https**. Using different id + would result in failures to publish release artifacts into staging maven repo. + + +### Java + +JDK 1.8 is required to compile java classes. Install latest 1.8 JDK. At the moment of writing this document JDK version +1.8.0_192 was the latest one. + +### Git + +Sources are kept in a Git repository. Thus a git client is required. + +## Release Steps + +1. Checkout Qpid Broker-J Sources + * For new major/minor release; checkout sources master + + git clone https://gitbox.apache.org/repos/asf/qpid-broker-j.git qpid-broker-j + * For bugfix release + * if support branch does not exist, cut the support branch and set the correct version in maven. + For example, here are the commands to cut branch '8.0.x' + + git clone https://gitbox.apache.org/repos/asf/qpid-broker-j.git qpid-broker-j + cd ./qpid-broker-j + git checkout -b 8.0.x + git push -u origin 8.0.x + * if branch exists, checkout branch sources + + git clone -b 8.0.x https://gitbox.apache.org/repos/asf/qpid-broker-j.git 8.0.x + cd 8.0.x +2. Run RAT tool to verify that all source files have license headers + + mvn apache-rat:check +3. Add license headers to the files which do not have licenses. Update RAT excludes if required. +4. Check that images don't have a non-free ICC profile. + + find . -regextype posix-extended -iregex '.*\.(jpg|png|ico|tif)' -exec sh -c 'identify -verbose "$0" | grep -i copyright && echo "$0"' {} \; +5. Check that build completes successfully using profile **apache-release** + + mvn clean install -Papache-release -DskipTests + The gpg plugin will prompt for the password of PGP signing key. If password is asked for every release artifact, + then gpg2 should be configured to use. The easiest way to configure gpg2 is to add an active profile with pgp + plugin settings into `settings.xml` as illustrated in [maven settings example](examples/maven-settings.md). +6. Verify third party licenses + + mvn -Pdependency-check prepare-package -DskipTests + The check should finish successfully. Otherwise, dependencies with not complaint licenses should be resolved Review comment: Typo in word 'complaint' ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org