如何完成一次Apache的版本發佈

摘要： 理解Apache發佈的內容和流程 總的來講，Source Release是Apache關注的重點，也是發佈的必須內容；而Binary Release是可選項，Dubbo能夠選擇是否發佈二進制包到Apache倉庫或者發佈到Maven中央倉庫。

理解Apache發佈的內容和流程
總的來講，Source Release是Apache關注的重點，也是發佈的必須內容；而Binary Release是可選項，Dubbo能夠選擇是否發佈二進制包到Apache倉庫或者發佈到Maven中央倉庫。

請參考如下連接，找到更多關於ASF的發佈指南:

Apache Release Guide
Apache Release Policy
Maven Release Info
本地構建環境準備
主要包括簽名工具、Maven倉庫認證相關準備

安裝GPG，參見 https://www.gnupg.org/downloa...

如Mac OS

$ brew install gpg
$ gpg --version #檢查版本，應該爲2.x
用gpg生成key

根據提示，生成key
$ gpg2 --full-gen-key
gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.

0 = key does not expire
  <n>  = key expires in n days
  <n>w = key expires in n weeks
  <n>m = key expires in n months
  <n>y = key expires in n years

Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Robert Burrell Donkin
Email address: rdonkin@apache.org
Comment: CODE SIGNING KEY
You selected this USER-ID:

"Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key. # 填入密碼，之後打包過程當中會常常用到
查看key id

$ gpg --list-keys
pub rsa4096/28681CB1 2018-04-26 # 28681CB1就是key id
uid [ultimate] liujun (apache-dubbo) <liujun@apache.org>
sub rsa4096/D3D6984B 2018-04-26

經過key id發送public key到keyserver

$ gpg --keyserver pgpkeys.mit.edu --send-key 28681CB1

其中，pgpkeys.mit.edu爲隨意挑選的keyserver，keyserver列表爲：https://sks-keyservers.net/st...，由於相互之間是自動同步的，選任意一個均可以。

若是有多個public key，設置默認key

~/.gnupg/gpg.conf

If you have more than 1 secret key in your keyring, you may want to

uncomment the following option and set your preferred keyid.

default-key 28681CB1
設置Apache中央倉庫

Dubbo項目的父pom爲apache pom

<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
<version>19</version>
</parent>
添加如下內容到.m2/settings.xml

全部密碼請使用maven-encryption-plugin加密後再填入
<settings>
...
<servers>

<!-- To publish a snapshot of some part of Maven -->
<server>
  <id>apache.snapshots.https</id>
  <username> <!-- YOUR APACHE LDAP USERNAME --> </username>
  <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password>
</server>
<!-- To stage a release of some part of Maven -->
<server>
  <id>apache.releases.https</id>
  <username> <!-- YOUR APACHE LDAP USERNAME --> </username>
  <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password>
</server>

...

<!-- gpg passphrase used when generate key -->
 <server>
  <id>gpg.passphrase</id>
  <passphrase><!-- yourKeyPassword --></passphrase>
</server>

</servers>
</settings>
​

打包&上傳
從主幹分支拉取新分支做爲發佈分支，如如今要發佈2.6.4版本，則從2.6.x拉出新分支2.6.4-release，此後2.6.4 Release Candidates涉及的修改及打標籤等都在2.6.4-release分支進行，最終發佈完成後合入主幹分支。
首先，在2.6.4-release分支驗證maven組件打包、source源碼打包、簽名等是否都正常工做

$ mvn clean install -Papache-release
$ mvn deploy

將snapshot包推送到maven中央倉庫，處於staging狀態

用maven-release-plugin發佈

先用dryRun驗證是否ok

$ mvn release:prepare -Papache-release -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID -DdryRun=true
驗證經過後，執行release:prepare
$ mvn release:clean
$ mvn release:prepare -Papache-release -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID

執行完成後：1.生成source.zip包； 2.打出tag，並推送到github倉庫； 3.分支版本自動升級爲2.6.4-SNAPSHOT，並將修改推送到github倉庫

執行release:perform，作正式發佈

$ mvn -Prelease release:perform -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID

全部artifacts發佈到配置的遠程maven中央倉庫，處於staging狀態

準備Apache發佈
準備svn本機環境（Apache使用svn託管項目的發佈內容）
將dubbo checkout到本地目錄

$ svn checkout https://dist.apache.org/repos...

假定本地目錄爲 ~/apache/incubator/dubbo

當前發佈版本爲2.6.4，新建目錄

$ cd ~/apache/incubator/dubbo # dubbo svn根目錄
$ mkdir 2.6.4
添加public key到KEYS文件。KEYS主要是讓參與投票的人在本地導入，用來校驗sign的正確性
拷貝Dubbo根目錄下的source.zip包到svn本地倉庫dubbo/2.6.4
生成sha512簽名

$ shasum -a 512 dubbo-incubating-2.6.4-source-release.zip >> dubbo-incubating-2.6.4-source-release.zip.sha512
若是有binary release要同時發佈

到dubbo項目distribution的module下，執行：

$ mvn install

target目錄下，拷貝bin-release.zip以及bin-release.zip.asc到svn本地倉庫dubbo/2.6.4

參考第6步，生成sha512簽名

提交到Apache svn

$ svn status
$ svn commit -m 'prepare for 2.6.4 RC1'
驗證Release Candidates
證環節包含但不限於如下內容和形式：

Check signatures and hashes are good
sha512 dubbo-incubating-${release_version}-bin-release.zip.sha512
sha512 dubbo-incubating-${release_version}-source-release.zip.sha512
unzip dubbo-incubating-&dollar;{release_version}-source-release.zip to the default directory and check the following:
Directory with incubator in name

dubbo-incubating-${release_version}-bin-release

DISCLAIMER file exists
LICENSE and NOTICE file exists and contents are good
All files and no binary files exist
All files has standard ASF License header
Can compile from source
All unit tests can pass

mvn clean test # This will run all unit tests

you can also open rat and style plugin to check if every file meets requirements.

mvn clean install -Drat.skip=false -Dcheckstyle.skip=false
Release candidates match with corresponding tags, you can find tag link and hash in vote email.
進入投票
投票分兩個階段：

Dubbo社區投票，發起投票郵件到dev@dubbo.apache.org。在社區開發者Review，並統計到3個贊成發版的binding票後，便可進入下一階段的投票。
Apache社區投票，發起投票郵件到general@apache.org。在Apache PMC Review，並統計到3個統一發版的binding票後，便可進行正式發佈。
郵件模板：

Hello Dubbo Community,

This is a call for vote to release Apache Dubbo (Incubating) version 2.6.4.

The release candidates:
https://dist.apache.org/repos...

Git tag for the release:
https://github.com/apache/inc...

Hash for the release tag:
afab04c53edab38d52275d2a198ea1aff7a4f41e

Release Notes:
https://github.com/apache/inc...

The artifacts have been signed with Key : 28681CB1, which can be found in the keys file:
https://dist.apache.org/repos...

The vote will be open for at least 72 hours or until necessary number of votes are reached.

Please vote accordingly:

[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reason

Thanks,
The Apache Dubbo (Incubating) Team
正式發佈
提交https://dist.apache.org/repos...://dist.apache.org/repos/dist/release/incubator/dubbo/，完成正式發佈。
發郵件到dev@dubbo.apache.org和general@apache.org，通知社區發佈完成。
完成Maven Convenient Binary發佈（可選）
apache.repository.org nexus倉庫的權限已經申請，參見jira。

以前發佈到maven倉庫的atifacts都處於staging狀態，用Apache id登陸apache.repository.org，完成發佈。