理解Apache发布的内容和流程

总的来说，Source Release是Apache关注的重点，也是发布的必须内容；而Binary Release是可选项，Dubbo可以选择是否发布二进制包到Apache仓库或者发布到Maven中央仓库。

请参考以下链接，找到更多关于ASF的发布指南:

Apache Release GuideApache Release PolicyMaven Release Info本地构建环境准备

主要包括签名工具、Maven仓库认证相关准备

安装GPG，参见 如Mac OS

$ brew install gpg$ gpg --version #检查版本，应该为2.x

用gpg生成key根据提示，生成key

$ gpg2 --full-gen-keygpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only)Your selection? 1RSA keys may be between 1024 and 4096 bits long.What keysize do you want? (2048) 4096Requested keysize is 4096 bitsPlease specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n yearsKey is valid for? (0) Key does not expire at allIs this correct? (y/N) yGnuPG needs to construct a user ID to identify your key.Real name: Robert Burrell DonkinEmail address: rdonkin@apache.orgComment: CODE SIGNING KEYYou selected this USER-ID: "Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? OYou need a Passphrase to protect your secret key. # 填入密码，以后打包过程中会经常用到

查看key id

$ gpg --list-keyspub rsa4096/28681CB1 2018-04-26 # 28681CB1就是key iduid [ultimate] liujun (apache-dubbo) <liujun@apache.org>sub rsa4096/D3D6984B 2018-04-26# 通过key id发送public key到keyserver$ gpg --keyserver pgpkeys.mit.edu --send-key 28681CB1# 其中，pgpkeys.mit.edu为随意挑选的keyserver，keyserver列表为：，因为相互之间是自动同步的，选任意一个都可以。

如果有多个public key，设置默认key~/.gnupg/gpg.conf

# If you have more than 1 secret key in your keyring, you may want to# uncomment the following option and set your preferred keyid.default-key 28681CB1

设置Apache中央仓库Dubbo项目的父pom为apache pom

<parent> <groupId>org.apache</groupId> <artifactId>apache</artifactId> <version>19</version></parent>

添加以下内容到.m2/settings.xml

所有密码请使用[maven-encryption-plugin]()加密后再填入<settings>... <servers> <!-- To publish a snapshot of some part of Maven --> <server> <id>apache.snapshots.https</id> <username> <!-- YOUR APACHE LDAP USERNAME --> </username> <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password> </server> <!-- To stage a release of some part of Maven --> <server> <id>apache.releases.https</id> <username> <!-- YOUR APACHE LDAP USERNAME --> </username> <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password> </server> ... <!-- gpg passphrase used when generate key --> <server> <id>gpg.passphrase</id> <passphrase><!-- yourKeyPassword --></passphrase> </server> </servers></settings>

打包&上传从主干分支拉取新分支作为发布分支，如现在要发布2.6.4版本，则从2.6.x拉出新分支2.6.4-release，此后2.6.4 Release Candidates涉及的修改及打标签等都在2.6.4-release分支进行，最终发布完成后合入主干分支。首先，在2.6.4-release分支验证maven组件打包、source源码打包、签名等是否都正常工作

$ mvn clean install -Papache-release$ mvn deploy# 将snapshot包推送到maven中央仓库，处于staging状态

用maven-release-plugin发布先用dryRun验证是否ok

$ mvn release:prepare -Papache-release -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID -DdryRun=true

验证通过后，执行release:prepare

$ mvn release:clean$ mvn release:prepare -Papache-release -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID# 执行完成后：1.生成source.zip包； 2.打出tag，并推送到github仓库； 3.分支版本自动升级为2.6.4-SNAPSHOT，并将修改推送到github仓库

执行release:perform，做正式发布

$ mvn -Prelease release:perform -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID# 所有artifacts发布到配置的远程maven中央仓库，处于staging状态

准备Apache发布准备svn本机环境（Apache使用svn托管项目的发布内容）将dubbo checkout到本地目录

$ svn checkout  假定本地目录为 ~/apache/incubator/dubbo

当前发布版本为2.6.4，新建目录

$ cd ~/apache/incubator/dubbo # dubbo svn根目录$ mkdir 2.6.4

添加public key到KEYS文件。KEYS主要是让参与投票的人在本地导入，用来校验sign的正确性拷贝Dubbo根目录下的source.zip包到svn本地仓库dubbo/2.6.4生成sha512签名

$ shasum -a 512 dubbo-incubating-2.6.4-source-release.zip >> dubbo-incubating-2.6.4-source-release.zip.sha512

如果有binary release要同时发布

# 到dubbo项目distribution的module下，执行：$ mvn install# target目录下，拷贝bin-release.zip以及bin-release.zip.asc到svn本地仓库dubbo/2.6.4# 参考第6步，生成sha512签名

提交到Apache svn

$ svn status$ svn commit -m 'prepare for 2.6.4 RC1'

验证Release Candidates

证环节包含但不限于以下内容和形式：

Check signatures and hashes are good

sha512 dubbo-incubating-${release_version}-bin-release.zip.sha512sha512 dubbo-incubating-${release_version}-source-release.zip.sha512

unzip dubbo-incubating-${release_version}-source-release.zip to the default directory and check the following:Directory with incubator in name dubbo-incubating-${release_version}-bin-releaseDISCLAIMER file existsLICENSE and NOTICE file exists and contents are goodAll files and no binary files existAll files has standard ASF License headerCan compile from sourceAll unit tests can pass

mvn clean test # This will run all unit tests# you can also open rat and style plugin to check if every file meets requirements.mvn clean install -Drat.skip=false -Dcheckstyle.skip=false

Release candidates match with corresponding tags, you can find tag link and hash in vote email.进入投票

投票分两个阶段：

Dubbo社区投票，发起投票邮件到dev@dubbo.apache.org。在社区开发者Review，并统计到3个同意发版的binding票后，即可进入下一阶段的投票。Apache社区投票，发起投票邮件到general@apache.org。在Apache PMC Review，并统计到3个统一发版的binding票后，即可进行正式发布。

邮件模板：

Hello Dubbo Community,This is a call for vote to release Apache Dubbo (Incubating) version 2.6.4.The release candidates: tag for the release: for the release tag:afab04c53edab38d52275d2a198ea1aff7a4f41eRelease Notes: artifacts have been signed with Key : 28681CB1, which can be found in the keys file: vote will be open for at least 72 hours or until necessary number of votes are reached.Please vote accordingly:[ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove with the reasonThanks,The Apache Dubbo (Incubating) Team

正式发布提交目录下的发布包到，完成正式发布。发邮件到dev@dubbo.apache.org和general@apache.org，通知社区发布完成。完成Maven Convenient Binary发布（可选）

apache.repository.org nexus仓库的权限已经申请，参见jira。

之前发布到maven仓库的atifacts都处于staging状态，用Apache id登录apache.repository.org，完成发布。

作者：中间件小哥