This is an automated email from the ASF dual-hosted git repository.
xingfudeshi pushed a commit to branch docusaurus
in repository https://gitbox.apache.org/repos/asf/incubator-seata-website.git
The following commit(s) were added to refs/heads/docusaurus by this push:
new 0e607ab2918 Add "Verify Release Candidates" section to the Release
Guide (#1064)
0e607ab2918 is described below
commit 0e607ab2918255e42f51591488ccad009c0b5338
Author: Jiangke Wu <[email protected]>
AuthorDate: Mon Jan 26 16:53:23 2026 +0800
Add "Verify Release Candidates" section to the Release Guide (#1064)
---
.../developers/release-guide/release-guide_dev.md | 89 +++++++++++++++++++---
.../developers/release-guide/release-guide_dev.md | 88 ++++++++++++++++++---
2 files changed, 157 insertions(+), 20 deletions(-)
diff --git
a/i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md
b/i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md
index 21f52a09b6b..34aeaab5f84 100644
---
a/i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md
+++
b/i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md
@@ -304,9 +304,78 @@ Create a release note through [New release ·
apache/incubator-seata (github.com
Mark it as "Set as a pre-release". After the overall vote passes, set it as
"Set as the latest release".
-### 3. Voting Stage
-#### 3.1 Community Internal Voting
+
+### 3. Verify Release Candidates
+
+A full check list can be found
[here](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist)
+
+First, download the Release Candidate to your local environment from the
following address:
+
+```
+https://dist.apache.org/repos/dist/dev/incubator/seata/${release_version}/
+```
+
+Then, proceed to the validation phase, which includes but is not limited to
the following items and formats:
+
+#### Check information such as signatures and hashes
+
+##### Verify the SHA-512 hash
+
+```sh
+$ shasum -c apache-seata-${release_version}-incubating-bin.tar.gz.sha512
+$ shasum -c apache-seata-${release_version}-incubating-src.tar.gz.sha512
+```
+#### Check the GPG signature
+
+If this is your first time verifying, you will need to import the public key
first.
+
+```sh
+ $ curl https://downloads.apache.org/incubator/seata/KEYS >> KEYS # Download
the public key to your local machine
+ $ gpg --import KEYS # Import the public keys
+ $ gpg --edit-key xxx # Replace 'xxx' with your Apache ID
+ > trust # Type the 'trust' command to trust user xxx
+ ```
+Then, use the following command to verify the signature
+
+ ```sh
+gpg --verify apache-seata-${release_version}-incubating-src.tar.gz.asc
apache-seata-${release_version}-incubating-src.tar.gz
+gpg --verify apache-seata-${release_version}-incubating-bin.tar.gz.asc
apache-seata-${release_version}-incubating-bin.tar.gz
+ ```
+#### Verify the contents of the source package
+
+Extract the archive`apache-seata-${release_version}-incubating-src.tar.gz`,
and perform the following checks:
+
+- Directory with 'incubating' in name
+ `apache-seata-${release_version}-incubating-src`
+- DISCLAIMER exists
+- LICENSE and NOTICE exists and contents are good
+- All files and no binary files exist
+- All files has standard ASF License header
+- Can compile from source
+- All unit tests can pass
+ ```sh
+ ./mvnw clean package -DskipTests=true
+ ```
+- Release candidates match with corresponding tags, you can find tag link and
hash in vote email.
+ - check the version number in pom.xml are the same
+ - check there are no extra files or directories in the source package, for
example, no empty directories or useless log files.Pay special attention to
line break consistency, which can be checked using the command:`diff -r rc_dir
tag_dir`
+ - check the top n tag commits, dive into the related files and check if the
source package has the same changes
+
+#### Verify the contents of the binary package
+
+Extract the archive`apache-seata-${release_version}-incubating-bin.tar.gz`,
and perform the following checks:
+
+* Check signatures are good
+* 'incubating' in name
+* LICENSE and NOTICE exists and contents are good
+
+Note: If the binary package includes third-party dependencies, it is necessary
to update the LICENSE file by adding the licenses of those third-party
dependencies. If a third-party dependency is licensed under Apache 2.0 and its
project includes a NOTICE file, the NOTICE file must also be updated
accordingly.
+Additionally, if a dependency is dual/multiple licensed, you only need to
include the most permissive one. You may refer to this article: [ASF
Third-Party License Policy](https://apache.org/legal/resolved.html)
+
+### 4. Voting Stage
+
+#### 4.1 Community Internal Voting
**The vote must last at least 72 hours and receive at least 3 +1 binding
votes**
@@ -380,7 +449,7 @@ To learn more about Apache Seata , please see
https://seata.apache.org/
```
-#### 3.1.2 Complete the vote
+#### 4.1.2 Complete the vote
Send a vote passed email:
@@ -411,7 +480,7 @@ Thank you for reviewing and voting for our release
candidate.
We will soon launch the second stage of voting.
```
-#### 3.2.1 Voting in the Incubator
+#### 4.2.1 Voting in the Incubator
Similar to community voting, but you need to add links to the community vote
thread to prove consensus was reached within the community.
@@ -491,7 +560,7 @@ Checklist for reference:
To learn more about Apache Seata , please see https://seata.apache.org/
```
-#### 3.2.2 Announce the Incubator vote result
+#### 4.2.2 Announce the Incubator vote result
After 72 hours, if there are at least 3 passing votes and no opposing votes,
send an email as follows:
@@ -524,7 +593,7 @@ announcement soon.
```
-### 3.2.3 Vote Interruption
+### 4.2.3 Vote Interruption
If issues are found during the voting process, such as license problems or
bugs that need to be fixed before release, the vote must be interrupted.
@@ -541,9 +610,9 @@ Describe the reason for cancellation: such as missing
licenses, or bugs in the v
Note: After cancelling a vote in the Incubator, a new vote must start again
from within the community.
-# 4. Complete the Release
+# 5. Complete the Release
-### 4.1 Release the Version
+### 5.1 Release the Version
1. From Apache Nexus repository, select the previously closed
**orgapacheseata-XXX** and click the `Release` icon to publish.
@@ -555,7 +624,7 @@ Note: After cancelling a vote in the Incubator, a new vote
must start again from
4. Update the documentation for version x.x.x on the Seata official website,
and add download links for the binary and source packages.
-### 4.2 Announce the Release
+### 5.2 Announce the Release
Send an email to `[email protected]`
@@ -580,7 +649,7 @@ Resources:
- Mailing list: [email protected]
```
-### 4.3 Archiving Old Versions
+### 5.3 Archiving Old Versions
After releasing a new version, the previous version must be archived to ensure
that only the latest version of the same maintenance branch is retained in the
[download](https://downloads.apache.org/incubator/seata/) directory. Archived
versions are automatically synchronized to the
[archive](https://archive.apache.org/dist/incubator/seata/) when a new release
is published. Therefore, it is sufficient to delete older versions from the
[download](https://downloads.apache.org/incubator/seat [...]
```yaml
diff --git
a/i18n/zh-cn/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md
b/i18n/zh-cn/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md
index 97c44db57a3..1d8e4d86e9f 100644
---
a/i18n/zh-cn/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md
+++
b/i18n/zh-cn/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md
@@ -304,9 +304,77 @@ git push upstream(seata仓库repo) vx.x.x
并设置为Set as a pre-release 整体投票通过后再设置为Set as the latest release
-### 3.投票阶段
+### 3.验证Release Candidates
-#### 3.1 社区内部投票
+详细的检查列表请参考官方的[check
list](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist)
+
+首先,从以下地址下载要发布的Release Candidate到本地环境:
+
+```
+https://dist.apache.org/repos/dist/dev/incubator/seata/${release_version}/
+```
+
+然后,开始验证环节,验证包含但不限于以下内容和形式
+
+#### 检查签名和hash等信息
+
+##### 检查sha512哈希
+
+```sh
+$ shasum -c apache-seata-${release_version}-incubating-bin.tar.gz.sha512
+$ shasum -c apache-seata-${release_version}-incubating-src.tar.gz.sha512
+```
+
+#### 检查gpg签名
+
+如果是第一次检查,需要首先导入公钥。
+
+```sh
+ $ curl https://downloads.apache.org/incubator/seata/KEYS >> KEYS # 下载公钥到本地
+ $ gpg --import KEYS # 导入公钥
+ $ gpg --edit-key xxx # xxx为你的apache id,如xingfudeshi
+ > trust # 输入 trust 命令,信任xxx用户
+ ```
+然后使用如下命令检查签名
+
+ ```sh
+gpg --verify apache-seata-${release_version}-incubating-src.tar.gz.asc
apache-seata-${release_version}-incubating-src.tar.gz
+gpg --verify apache-seata-${release_version}-incubating-bin.tar.gz.asc
apache-seata-${release_version}-incubating-bin.tar.gz
+ ```
+#### 检查源码包的文件内容
+
+解压缩`apache-seata-${release_version}-incubating-src.tar.gz`,进行如下检查:
+
+- 目录名称中包含 'incubating'
+ `apache-seata-${release_version}-incubating-src`
+- 存在DISCLAIMER文件
+- 存在LICENSE和NOTICE文件,且内容正确
+- 所有文件存在,且不包含二进制文件
+- 所有文件均带有符合ASF标准的许可证声明头
+- 能够从源代码编译
+- 所有单元测试均可通过
+ ```sh
+ ./mvnw clean package -DskipTests=true
+ ```
+- 确保发布候选版本与对应的标签一致,可在投票邮件中找到标签链接和哈希值。
+ - 检查pom.xml中的版本号是否一致
+ - 检查源代码包中是否有多余的文件或目录(例如空目录或无用的日志文件),此处需特别注意换行符是否一致,可以用`diff -r rc_dir
tag_dir`命令来检查
+ - 检查标签最新的n个提交,深入查看相关文件并确认源代码包是否包含相同的修改
+
+#### 检查二进制包的文件内容
+
+解压缩`apache-seata-${release_version}-incubating-bin.tar.gz`,进行如下检查:
+
+* 检查签名是否正确有效
+* 名称中包含"incubating"
+* 存在LICENSE和NOTICE文件,且内容无误
+
+注意,如果二进制包里面引入了第三方依赖,则需要更新LICENSE,加入第三方依赖的LICENSE,如果第三方依赖的LICENSE是Apache
2.0,并且对应的项目中包含了NOTICE,还需要更新NOTICE文件。
+同时,如果一个依赖项是双重/多重许可的,只需选择最宽松的一个。
可以参考这篇文章:[ASF第三方许可政策](https://apache.org/legal/resolved.html)
+
+### 4.投票阶段
+
+#### 4.1 社区内部投票
**投票持续至少 72 小时并获得 3 个+1 binding票**
@@ -381,7 +449,7 @@ To learn more about Apache Seata , please see
https://seata.apache.org/
```
-#### 3.1.2 完成投票
+#### 4.1.2 完成投票
发布投票通过邮件
@@ -414,7 +482,7 @@ We will soon launch the second stage of voting.
-#### 3.2.1 孵化器中投票
+#### 4.2.1 孵化器中投票
与社区投票类似,但是需要增加社区投票相关的thread链接,以证明已在社区内达成一致
@@ -494,7 +562,7 @@ Checklist for reference:
To learn more about Apache Seata , please see https://seata.apache.org/
```
-#### 3.2.2 公示孵化器投票结果
+#### 4.2.2 公示孵化器投票结果
72 小时后,若至少有 3 票通过而没有反对票,则参考如下邮件进行发送结果
@@ -527,7 +595,7 @@ announcement soon.
```
-### 3.2.3 投票中断
+### 4.2.3 投票中断
如出现在投票过程中验证不通过,如license,或者版本存在bug等,经评估需要修复后才能发版,那么需要中断本次投票
标题:`[CANCEL][VOTE] Release Apache Seata (incubating) x.x.x(RoundN)`
@@ -543,9 +611,9 @@ I'm cancelling this vote:
注: 孵化器中投票终止后,新的投票需要从社区内部重新开始
-# 4.完成发布
+# 5.完成发布
-### 4.1 release 版本
+### 5.1 release 版本
1. 从Apache Nexus 仓库, 选择之前进行close过的的 **orgapacheseata-XXX** 点击 `Release` 图标发布
@@ -557,7 +625,7 @@ I'm cancelling this vote:
4. 将x.x.x的文档更新至seata官网中,并补充对应binary和source的下载链接
-### 4.2 版本公示
+### 5.2 版本公示
发送邮件至 `[email protected]`
@@ -582,7 +650,7 @@ Resources:
- Mailing list: [email protected]
```
-### 4.3 归档老版本
+### 5.3 归档老版本
发布新版本后,需要将上一个版本归档,确保在[download](https://downloads.apache.org/incubator/seata/)
只保留同一维护分支的最新版本。Archive
版本在发布新版本时会自动同步到[归档](https://archive.apache.org/dist/incubator/seata/)。因此,只需要删除[download](https://downloads.apache.org/incubator/seata/)
中老的版本即可,参考命令如下:
```yaml
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
