Skip to main content

Become Apache Release Manager

Release managers shepherd a release from an initial community consensus to getting the compiled code package to final distribution, and may be involved in publicizing the release to the project's community and the ASF in general.

Tips: The Release Manager needs to have an Apache LDAP account, which means you need to become a Committer of the project before you can have an Apache LDAP account. All of the following words for tyrantlucifer will serve as an example of a userId in the document, and the release manager needs to use their own userId.

An Apache release is a set of valid, signed, artifacts, voted on by the appropriate PMC and distributed on the official ASF release infrastructure.

For a release, you go through the following steps:

  • Has code that complies with the software licensing requirements
  • Decides as a community to make a release, and designates a release manager
  • The release manager prepares and signs the proposed release materials
  • The PMC votes on whether to approve the release
  • If the vote passes, the release manager copies the artifacts to the distribution infrastructure.

The source code and build process must comply with the ASF legal and intellectual property requirements for a valid release, and the project must have the infrastructure in place to correctly sign the release artifacts.

Environment Preparationโ€‹

If this is the first time for a publisher to publish, you need to install the necessary environment, including the signature tool GnuPG and Maven repository certification-related preparations.

Install Gitโ€‹

Use to clone project source code locally.

Install GPGโ€‹

Used to generate a digital signature, leaving a trail of every action you take. Apache's maven and SVN repositories both use GPG signatures to verify the validity of files.

Download GnuPG binary releases from the official GnuPG website.

Note: The commands of 1. x and 2. x versions of GnuPG are slightly different. The following description takes 2.2.28 as an example. After the installation, the GPG command is added to the system environment variable and is available.

# Check the version, which should be 2. x
gpg --full-gen-key

Configure GPG KEYโ€‹

Create the Keyโ€‹
gpg --full-gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

As shown above, the options are:

  • 1
  • 4096
  • 0
  • y

In the process of configuring GPG, the key types selected are RSA and RSA (default), so the first option is 1, and the desired key size can be directly input the corresponding value. The third option is 0, indicating that the validity period of the key is never expired. Finally, input y to ensure that the above input is correct.

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: tyrantlucifer
Email address: tyrantlucifer@apache.org
Comment: The key of Apache SeaTunnel
You selected this USER-ID:
โ€œtyrantlucifer (The key of Apache SeaTunnel) <tyrantlucifer@apache.org>โ€

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a password to protect your private key.

As shown above, you will need to specify your personal information and encryption password for this key. You will need to fill in the following information:

  • Name
  • Email (Apache Email)
  • Comment for key
  • Password (Very important, don't forget)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

gpg: key 09****85 marked as ultimately trusted
public and secret key created and signed.

pub 4096R/0983DF85 2022-12-28
keys fingerprint = AE** FC** EC** 60** 72** 56** 05** AE** 09** DF**
uid tyrantlucifer (The key of Apache SeaTunnel) <tyrantlucifer@apache.org>
sub 4***R/B7****46 2022-12-28

Note: gpg keys, which need to be remembered and used in subsequent releases.

Verify Keyโ€‹
gpg --list-keys
/home/hadoop/.gnupg/pubring.gpg
-------------------------------
pub 4096R/0983DF85 2022-12-28
uid tyrantlucifer (The key of Apache SeaTunnel) <tyrantlucifer@apache.org>
sub 4***R/B7****46 2022-12-28

Tips: 0983DF85 is your public key abbreviation.

Upload the key to the public serverโ€‹

The public key is sent to the keyserver using the key id.

$ gpg --keyserver keyserver.ubuntu.com --send-key 0983DF85

keyserver.ubuntu.com specifies the selected keyserver. This is recommended because Apache Nexus uses this keyserver for verification.

Verify that the key is uploaded properlyโ€‹

You can use the following two methods to verify whether the key is uploaded properly:

  • Command line validation
gpg --keyserver keyserver.ubuntu.com --search-keys 0983DF85
  • Website verification OpenPGP Keyserver (ubuntu.com) Tips: This screenshot is the key that has been uploaded before. It is normal that the key generated in the previous step is inconsistent with that in the previous step.

Install SHASUMโ€‹

Used to generate signatures for files.

SVNโ€‹

Used to pull the Apache Release SVN repository. Apache uses svn to host the release of the project.

Pull the release and dev repositories to the localโ€‹

mkdir -p ~/seatunnel-release-prepare/dev
mkdir -p ~/seatunnel-release-prepare/release
cd ~/seatunnel-release-prepare/dev
svn --username=${APACHE LDAP username} co https://dist.apache.org/repos/dist/dev/seatunnel
cd ~/seatunnel-release-prepare/release
svn --username=${APACHE LDAP username} co https://dist.apache.org/repos/dist/release/seatunnel

Upload the key to the dev and release repositoriesโ€‹

Tips: You only need to do this when you release this project for the first time.

cd ~/seatunnel-release-prepare/dev/seatunnel
gpg -a --export ${GPG USERNAME} >> KEYS
svn add KEYS
svn --username=${APACHE LDAP USERNAME} commit -m "Add ${APACHE LDAP USERNAME} GPG key"

Committer not have permission of release folder, You should find a PMC member to help you add this KEYS file to release folder.

cd ~/seatunnel-release-prepare/release/seatunnel
gpg -a --export ${GPG USERNAME} >> KEYS
svn add KEYS
svn --username=${APACHE LDAP USERNAME} commit -m "Add ${APACHE LDAP USERNAME} GPG key"

MAVENโ€‹

Used to compile the project.

Configure mavenโ€‹

Create a master passwordโ€‹
mvn --encrypt-master-password <apache password>
Configure the master passwordโ€‹

Add the file ${user.home}/.m2/settings-security.xml to configure the password created in the previous step.

<settingsSecurity>
<master><!-- Fill in the password printed in the previous step --></master>
</settingsSecurity>
Encrypt the Apache LDAP passwordโ€‹
mvn --encrypt-password <apache password>
Add new profileโ€‹

Edit the configuration file of your local maven environment, the general path is ~/.m2/setting.xml, and add the following xml file:

<settings>
<servers>
<server>
<id>apache.snapshots.https</id>
<username> <!-- APACHE LDAP USERNAME --> </username>
<password> <!-- APACHE LDAP ENCRYPTED PASSWORD, Password encrypted in the previous step --> </password>
</server>
<server>
<id>apache.releases.https</id>
<username> <!-- APACHE LDAP USERNAME --> </username>
<password> <!-- APACHE LDAP ENCRYPTED PASSWORD, Password encrypted in the previous step --> </password>
</server>
<server>
<id>gpg.passphrase</id>
<passphrase><!-- GPG KEY PASSWORD --></passphrase>
</server>
</servers>
</settings>

Tips: If you get a 403 forbidden error during the maven release step, and you are absolutely sure that you used the correct password, when you are using your own laptop, you can skip password encryption and use the original password value.

Project version preparationโ€‹

Branch preparationโ€‹

mkdir -p ~/seatunnel-release-prepare
cd ~/seatunnel-release-prepare
git clone git@github.com:apache/seatunnel.git
cd seatunnel
git checkout -b ${RELEASE.VERSION}-release

Update release-noteโ€‹

vim release-note.md
git add release-note.md
git commit -m "[Release][${RELEASE.VERSION}][release-note] Add release-note"
git push

Precompiled testโ€‹

mvn release:prepare -Prelease -Darguments="-DskipTests -Dskip.spotless=true" -DdryRun=true -Dusername=${GITHUB USERNAME}

Compileโ€‹

before this step, you need edit the .gitignore file, delete seatunnel-examples first.

mvn release:clean
mvn release:prepare -Prelease -Darguments="-DskipTests -Dskip.spotless=true" -DpushChanges=false -Dusername=${GITHUB USERNAME}

After this step, the code has changed, and it not match our project's code style requirement, so you need run this command to fix code style and commit change.

./mvnw spotless:apply
git commit -am "fix code style"

Submit source codeโ€‹

git push
git push origin --tags

Deploy jar packagesโ€‹

  • Upload jar packages
mvn release:perform -Prelease -Darguments="-DskipTests -Dskip.spotless=true" -Dusername=${GITHUB USERNAME}

Note: During the execution of this command, ensure that the IP address remains constant; otherwise, multiple unusable repositories might appear in stagingRepositories.

Upload to SVNโ€‹

Upload source code and binary packages to the dev repositoryโ€‹

Copy source code and binary packagesโ€‹

mkdir -p ~/seatunnel-release-prepare/dev/seatunnel/${RELEASE.VERSION}
cp -f ~/seatunnel-release-prepare/seatunnel/seatunnel-dist/target/*.tar.gz ~/seatunnel-release-prepare/dev/seatunnel/${RELEASE.VERSION}
cd ~/seatunnel-release-prepare/dev/seatunnel/${RELEASE.VERSION}

Generate signatureโ€‹

shasum -a 512 apache-seatunnel-${RELEASE.VERSION}-src.tar.gz >> apache-seatunnel-${RELEASE.VERSION}-src.tar.gz.sha512
shasum -b -a 512 apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz >> apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz.sha512

Generate GPG signatureโ€‹

gpg --armor --detach-sig apache-seatunnel-${RELEASE.VERSION}-src.tar.gz
gpg --armor --detach-sig apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz

Check file signatureโ€‹

shasum -c apache-seatunnel-${RELEASE.VERSION}-src.tar.gz.sha512
shasum -c apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz.sha512

Check digital signaturesโ€‹

step1: Import (Release Manager does not need to do this step)

curl https://dist.apache.org/repos/dist/dev/seatunnel/KEYS >> KEYS
gpg --import KEYS
gpg --edit-key "${GPG username of releaser}"
> trust

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

Your decision? 5

> save

step2: Check the gpg digital signature

gpg --verify apache-seatunnel-${RELEASE.VERSION}-src.tar.gz.asc apache-seatunnel-${RELEASE.VERSION}-src.tar.gz
gpg --verify apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz.asc apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz

Commitโ€‹

Commit all files to the dev repository.

cd ..
svn add ${RELEASE.VERSION}
svn --username=${APACHE LDAP USERNAME} commit -m "release ${RELEASE.VERSION}"

Vote by mailโ€‹

dev@seatunnel.apache.org Votingโ€‹

Voting initiateโ€‹

[VOTE] Release Apache SeaTunnel 2.3.8 (RC1)

Hello SeaTunnel Community,

This is a call for vote to release Apache SeaTunnel version 2.3.8 (RC1)

Release notes:
https://github.com/apache/seatunnel/blob/2.3.8/release-note.md

The release candidates:
https://dist.apache.org/repos/dist/dev/seatunnel/2.3.8

Git tag for the release:
https://github.com/apache/seatunnel/tree/2.3.8

Docker image
https://hub.docker.com/layers/apache/seatunnel/2.3.8/images/sha256-7ba69f18989b73afb159884c2e8717ff548087c334794fd4a13439726ce974d3?context=explore

Maven 2 staging repository:
https://repository.apache.org/content/repositories/orgapacheseatunnel-1120/org/apache/seatunnel/

Release Commit ID:
https://github.com/apache/seatunnel/commit/860463186a4ae954496c223dd2055e6fc195b8d2

Keys to verify the Release Candidate:
https://downloads.apache.org/seatunnel/KEYS

The vote will be open for at least 72 hours or until necessary numbers of
votes are reached.

Please vote accordingly:

[ ] +1 approve

[ ] +0 no opinion

[ ] -1 disapprove with the reason

Checklist for reference:

[ ] Download links are valid.

[ ] Checksums and PGP signatures are valid.

[ ] Source code artifacts have correct names matching the current release.

[ ] LICENSE and NOTICE files are correct for each SeaTunnel repo.

[ ] All files have license headers if necessary.

[ ] No compiled archives bundled in source archive.


โ€”

Best Regards
Naijie Liu

Voting closeโ€‹

[RESULT] [VOTE] Release Apache SeaTunnel 2.3.8 (RC1)

Hi SeaTunnel community,

This vote now closes since 72 hours have passed.

There are 6 approving votes, 4 of which are binding:
- Jia Fan (binding)
- Guangdong Liu (binding)
- hailin0 (binding)
- David (binding)
- Mohammad Arshad
- User name 6

There are 2 (+0 no opinion) vote
- User name 7
- User name 8

There are no disapproving votes

The vote passes with 4 binding +1 votes and 2 non-binding +1 votes

The vote thread:

https://lists.apache.org/thread/xf18yy6nw03m38k4rjn1tk1bjw84rqlz

I will publish the release and make an announcement once it is done.

โ€”

Best Regards
Naijie Liu

Only the PMC membere has binding vote.

How to get vote email thread link:
open this page https://lists.apache.org/list.html?dev@seatunnel.apache.org, find the vote email thread. and click the link copy icon.

Official Releaseโ€‹

Moving filesโ€‹

Moving files from the dev repository to the release repository. This step only PMC member has permission.

svn mv https://dist.apache.org/repos/dist/dev/seatunnel/${RELEASE.VERSION} https://dist.apache.org/repos/dist/release/seatunnel/

Generate website documentโ€‹

https://github.com/apache/seatunnel-website?tab=readme-ov-file#39-add-a-new-version-for-documents

Release Maven Repositoryโ€‹

Send notification emailโ€‹

dev@seatunnel.apache.org announce@apache.org

Please note that you should send emails in plain text mode, otherwise they will be rejected by Apache's email server.

Hi all,

We are glad to announce the release of Apache SeaTunnel 2.3.8.

Once again I would like to express my thanks to your help.

SeaTunnel: SeaTunnel is a distributed, high-performance data integration tool for the synchronization and transformation of massive
data (offline & real-time).

Apache SeaTunnel website:

http://seatunnel.apache.org/

Downloads:

https://seatunnel.apache.org/download/

Release Notes:

https://github.com/apache/seatunnel/blob/2.3.8/release-note.md

Documents:

https://seatunnel.apache.org/docs/2.3.8/about/

Twitter:

https://twitter.com/ASFSeaTunnel

SeaTunnel Resources:
- GitHub: https://github.com/apache/seatunnel
- Issue: https://github.com/apache/seatunnel/issues
- Mailing list: dev@seatunnel.apache.org

- Apache SeaTunnel Team

Something After Releaseโ€‹

Update github repo releasesโ€‹

Update project snapshot versionโ€‹

some PR for refer