Introduction

The Syncope team uses the Apache Nexus repository for releasing SNAPSHOT and release artifacts.
More details on releasing Maven artifacts at The Apache Software Foundation.

Prerequisites

GIT

Install GIT; binary packages for various platforms are available.

GPG

Install/Configure GPG - The artifacts that are deployed to the ASF central repository need to be signed. To do this you will need to have a public and private keypair. There is a very good guide that will walk you though this.

Apache Maven

Install Apache Maven 3.0.3 or higher; we strongly encourage our committers to install the latest Apache Maven version available.

Maven allows you to encrypt your servers' passwords. We highly recommend that you follow this guide to set your master password and use it to encrypt your ASF password in the next section.

ASF settings

Using the instructions from the previous step encrypt your Apache Nexus repository password and add the following servers to your ~/.m2/settings.xml file. You may already have other servers in this file, if not just create the file.

<?xml version="1.0" encoding="UTF-8"?>
<settings>
  ...
  <servers>
    <server>
      <id>apache.snapshots.https</id>
      <username>{put your ASF username here}</username>
      <password>{put your encrypted password here}</password>
    </server>
    <server>
      <id>apache.releases.https</id>
      <username>{put your ASF username here}</username>
      <password>{put your encrypted password here}</password>
    </server>
  </servers>
  ...
  <profiles>
    <profile>
      <id>apache</id>
      <activation>
        <activeByDefault>false</activeByDefault>
      </activation>
      <properties>
        <mavenExecutorId>forked-path</mavenExecutorId>
        <gpg.keyname>your-gpg-keyname</gpg.keyname>
        <!-- optional -->
        <gpg.passphrase>your-gpg-passphrase</gpg.passphrase>
      </properties>
    </profile>
  </profiles>
  ...
</settings>

Release steps

In the following, read

$VERSION

the version being released

$SYNCOPE_RELEASE_DIR

the working directory containing the GIT clone repository for the branch under release

$SYNCOPE_SITE_DIR

the working directory containing the GIT clone repository for the branch for site management

Prepare the source for release

  1. Clean up JIRA so the Fix Version in issues resolved since the last release includes this release version correctly. Also, transition any Resolved issues to the Closed state.
  2. From $SYNCOPE_RELEASE_DIR, update the CHANGES file, based on the text release reports from JIRA, then commit and push:
    git commit -m "Updating CHANGES for release" CHANGES
    git push
  3. From $SYNCOPE_SITE_DIR, update the src/site/xdoc/downloads.xml site page by changing the relevant URLs, then commit and push:
    git commit -m "Updating downloads site page for release" src/site/xdoc/downloads.xml
    git push

Prepare the release

Perform the steps below from $SYNCOPE_RELEASE_DIR.

  1. Set release version
    mvn -T 1C -P all,docker,skipTests versions:set -DnewVersion=$VERSION
    mvn -T 1C -P all,docker,skipTests versions:commit
  2. In the root pom.xml, replace
    <tag>HEAD</tag>
    with
    <tag>syncope-$VERSION</tag>
    then set
    <project.build.outputTimestamp>2021-07-16T09:00:00Z</project.build.outputTimestamp>
    to the current date and time (for reproducible builds).
  3. Build artifacts for release
    mvn -T 1C -P apache-release,all,docker,skipTests -DbuildNumber=syncope-$VERSION
  4. Create release tag
    git commit -a -m "prepare release syncope-$VERSION"
    git tag syncope-$VERSION -a -m "copy for tag syncope-$VERSION"
    git push --tags
  5. Set next version
    mvn -T 1C -P all,docker,skipTests versions:set -DnewVersion=$VERSION+1-SNAPSHOT
    mvn -T 1C -P all,docker,skipTests versions:commit
  6. In the root pom.xml, replace
    <tag>syncope-$VERSION</tag>
    with
    <tag>HEAD</tag>
  7. Finally
    git commit -a -m "prepare for next development iteration"
  8. Verify signatures: On Un*x platforms the following command can be executed:
    
    for file in `find . -type f -iname '*.asc'`
    do
      gpg --verify ${file} 
    done
    You'll need to look at the output to ensure it contains only good signatures:
    
    gpg: Good signature from ...
    gpg: Signature made ...
  9. Create a release.properties file in the root directory, with content:
    scm.url=scm:git:https://gitbox.apache.org/repos/asf/syncope.git
    scm.tag=syncope-$VERSION
  10. Backup (zip or tar) your local release candidate directory in case you need to rollback the release after the next step is performed.
    
    cd ..
    tar -czf $VERSION.tar.gz $VERSION/
    cd $VERSION

Perform the release

  1. Staging artifacts
    
    svn co https://dist.apache.org/repos/dist/dev/syncope syncope-dist-dev
    cd syncope-dist-dev              
    mkdir $VERSION                  
    cd $VERSION
                                        
    cp $SYNCOPE_RELEASE_DIR/target/syncope-*-source-release.zip .
    cp $SYNCOPE_RELEASE_DIR/target/syncope-*-source-release.zip.asc .
    cp $SYNCOPE_RELEASE_DIR/standalone/target/syncope-standalone-*-distribution.zip .
    cp $SYNCOPE_RELEASE_DIR/standalone/target/syncope-standalone-*-distribution.zip.asc .
                  
    for file in `find . -type f -iname '*.asc'`
    do
      gpg --verify ${file} 
    done
              
    for file in `find . -name '*.deb' -or -name '*.jar' -or -name '*.zip' -or -name '*.nbm'`; do
     openssl sha512 $file | sed 's/.*= //' > $file.sha512
    done
    
    cd ..
    svn add $VERSION
    svn commit -m "Staging artifacts for $VERSION vote"
  2. Staging site
    
    unzip $SYNCOPE_RELEASE_DIR/target/syncope-$VERSION-source-release.zip
    cd syncope-$VERSION        
    mvn -PskipTests,all
    
    cd standalone/target/standalone/apache-tomcat-* && chmod 755 bin/*.sh && ./bin/startup.sh
    curl -o /tmp/openapi.json http://localhost:9080/syncope/rest/openapi.json
    curl -o /tmp/keymaster-openapi.json http://localhost:9080/syncope/rest/keymaster/openapi.json
    ./bin/shutdown.sh && cd -
    
    cd syncope-$VERSION                            
    svn checkout https://svn.apache.org/repos/asf/syncope/site/ site
    
    cd $SYNCOPE_SITE_DIR
    mvn -P site -Dsite.deploymentBaseUrl=file:///<absolute path to/site>/$VERSION
    
    cd <absolute path to/site>/$VERSION
    
    mkdir -p rest/$MAJOR_VERSION
    mv /tmp/openapi.json rest/$MAJOR_VERSION/
    mv /tmp/keymaster-openapi.json rest/$MAJOR_VERSION/
    cp -r $SYNCOPE_RELEASE_DIR/core/starter/target/swagger-ui/META-INF/resources/webjars/swagger-ui/*/* rest/$MAJOR_VERSION/
    sed 's/rest\/openapi.json/openapi.json/' $SYNCOPE_RELEASE_DIR/core/starter/target/classes/META-INF/resources/index.html | \
      sed 's/\/rest\/keymaster\//keymaster-/' > rest/$MAJOR_VERSION/index.html
    mkdir -p docs/$MAJOR_VERSION
    cp $SYNCOPE_SITE_DIR/target/generated-docs/getting-started.* docs/$MAJOR_VERSION/
    cp $SYNCOPE_SITE_DIR/target/generated-docs/reference-guide.* docs/$MAJOR_VERSION/
    cp -r $SYNCOPE_SITE_DIR/target/generated-docs/images docs/$MAJOR_VERSION/
    cd docs
    ln -s 4.0/reference-guide.html .
    ln -s 4.0/getting-started.html .
    ln -s 4.0/images/ .
    cd ../apidocs
    mkdir $MAJOR_VERSION
    mv * $MAJOR_VERSION/
    cd ../..
    svn add $VERSION
    # if releasing from 4_0_X              
    svn copy apidocs/3.0 $VERSION/apidocs/
    svn copy rest/3.0 $VERSION/rest/
    svn copy docs/3.0 $VERSION/docs/
    # else if releasing from 3_0_X
    svn copy apidocs/4.0 $VERSION/apidocs/
    svn copy rest/4.0 $VERSION/rest/
    svn copy docs/4.0 $VERSION/docs/              
    
    svn commit -m "Staging site for release"
  3. From $SYNCOPE_RELEASE_DIR execute (this step will create a maven staging repository):
    mvn -P apache-release release:perform -Darguments="-P all,docker,skipTests -DbuildNumber=syncope-$VERSION" [-Duser.name=<your_apache_uid>]

    If your local OS userid doesn't match your Apache userid, then you'll have to also override the value provided by the OS to Maven for the site-deploy step to work. This is known to work for Linux, but not for Mac and unknown for Windows.

    1. Verify the staged artifacts in the Nexus repository:
      1. https://repository.apache.org/index.html
      2. Enterprise --> Staging
      3. Staging tab --> Name column --> org.apache.syncope
      4. Navigate through the artifact tree and make sure that all binary, javadoc, sources, and tests jars, as well as pomss, ... have .asc (GPG signature) and files
        The syncope-$VERSION-source-release.zip should likewise have signature and checksum files.
    2. Close the Nexus staging repo:
      1. https://repository.apache.org/index.html
      2. Enterprise --> Staging
      3. Staging tab --> Name column --> org.apache.syncope
      4. Right click on the open org.apache.syncope-XXX staging repo and select Close.

Vote the release

  1. Create a VOTE email thread on syncope-dev to record votes as replies, e.g.:
    To: dev@syncope.apache.org
    Subject: [VOTE] Apache Syncope $VERSION
    
    I've created a $VERSION release, with the following artifacts up for a vote:
    
    GIT source tag (XXXXXXXXXXXXXXXX):
    https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=XXXXXXXXXXXXXXXX
    
    List of changes:
    https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;h=XXXXXXXXXXXXXXXX;hb=YYYYYYYYYYYYYYYYYYYYY              
    
    Staging artifacts:
    https://dist.apache.org/repos/dist/dev/syncope/$VERSION
    
    Maven staging repo:
    https://repository.apache.org/content/repositories/orgapachesyncope-ZZZZ/
    
    Staging site:
    http://syncope.apache.org/$VERSION/
    
    PGP release keys (signed using ABCDEFG):
    https://downloads.apache.org/syncope/KEYS
    
    Vote will be open for 72 hours.
    
    [ ] +1  approve
    [ ] +0  no opinion
    [ ] -1  disapprove (and reason why)
  2. Perform a review of the release and cast your vote; more details on Apache releases.
  3. A -1 vote does not necessarily mean that the vote must be redone, however it is usually a good idea to rollback the release if a -1 vote is received (see "Recovering from a vetoed release").
  4. After the vote has been open for at least 72 hours, has at least three +1 PMC votes and no -1 votes, then post the results to the vote thread:
    To: dev@syncope.apache.org
    Subject: [RESULT] [VOTE] Apache Syncope $VERSION
    
    Hi all,
    after 72 hours, the vote for Syncope $VERSION [1] *passes*
    with ... PMC + ... non-PMC votes.
    
    +1 (PMC / binding)
    * ...
    
    +1 (non binding)
    * ... (or <none>)
    
    0
    * ... (or <none>)
    
    -1
    * ... (or <none>)
    
    Thanks to everyone participating.
    
    I will now copy this release to Syncope' dist directory and promote the artifacts to the central Maven repository.
    
    Best regards.
    
    [1] <link to syncope-dev ML archives for the related [VOTE] thread>

Finalize the release

  1. Promote the staged Nexus artifacts:
    1. https://repository.apache.org/index.html
    2. Enterprise --> Staging
    3. Staging tab --> Name column --> org.apache.syncope
    4. Right click on the closed org.apache.syncope-XXX staging repo and select Release.
  2. Add the distribution artifacts to the distribution area
    
    svn mv -m "Moving the voted release artifacts to dist/release" \
    https://dist.apache.org/repos/dist/dev/syncope/$VERSION
    https://dist.apache.org/repos/dist/release/syncope/
    
    svn rm -m "Cleaning up older releases" \
    https://dist.apache.org/repos/dist/release/syncope/$OLD_VERSION/
  3. Add appropriate release notes to Releases wiki page based on the HTML release reports from JIRA
  4. Update the JIRA versions page to mark the version as Released, and set the date to the date that the release was approved. You may also need to make a new release entry for the next release.
  5. Promote the staging site
    
    svn co https://svn.apache.org/repos/asf/syncope/site/
    cd site
    svn rm *.html apidocs rest css images img js fonts docs xref*
    svn mv $VERSION/* .
    svn rm $VERSION
    svn commit -m "Promoting the staging site"
  6. Deploy the updated Docker images to DockerHub by adjusting the GIT tag name then running the dedicated Jenkins job.

Announce the release

After the mirrors have had time to update (24 hours to be on the safe side), make an announcement about the release on the user, dev, and announce@apache.org lists as per the Apache Announcement Mailing Lists page

Recovering from a vetoed release

  1. Reply to the initial vote email prepending [CANCELED] to the original subject.

  2. Rollback the version upgrades in trunk by either:

    1. restore the $VERSION.tar.gz and run
      mvn -P apache-release release:rollback
    2. or manually revert the version numbers in the branch under release to the prior version and commit
  3. Delete the GIT tag created by the release:perform step:

    git tag -d $VERSION && git push origin
  4. Delete the staging site:

    svn remove https://svn.apache.org/repos/asf/syncope/site/$VERSION -m "Deleting staging site from rolled back release"
  5. Drop the Nexus staging repo:

    1. https://repository.apache.org/index.html
    2. Enterprise --> Staging
    3. Staging tab --> Name column --> org.apache.syncope
    4. Right click on the closed org.apache.syncope-XXX staging repo and select Drop.
  6. Make the required updates that caused the vote to be canceled.
  7. Spin another release attempt!