实操经验 | Apache 基金会顶级项目版本管理和发布流程

本文主要是介绍实操经验 | Apache 基金会顶级项目版本管理和发布流程,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

前言

前段时间,Apache SeaTunnel经过几个月的迭代和架构升级,终于迎来第一个正式2.3.0版本,我也有幸作为本次的Release Manager,体验了一把从0到1的Apache发版流程,不得不说Apache基金会在项目的版本管理这块有着完善的规范和严谨的流程,整个发版过程周期很长,其中也踩了不少的坑,俗话说好记性不如烂笔头,所以笔者写了一篇文章来记录整个过程(以Apache SeaTunnel为例),希望这篇文章能够让小白快速入门Apache项目版本管理和发布。

Tips: Release Manager需要有Apache LDAP账号,也就意味着你需要首先成为项目的Committer才有资格

环境准备

GIT

用于clone项目源代码到本地

GPG

用于生成数字签名,为你的每一次操作留下痕迹

SHASUM

用于为文件生成签名

SVN

用于拉取Apache Release SVN仓库

MAVEN

用于编译项目

物料准备

配置GPG KEY

新建key
gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.gpg: 已创建目录‘/home/hadoop/.gnupg’
gpg: 新的配置文件‘/home/hadoop/.gnupg/gpg.conf’已建立
gpg: 警告:在‘/home/hadoop/.gnupg/gpg.conf’里的选项于此次运行期间未被使用
gpg: 钥匙环‘/home/hadoop/.gnupg/secring.gpg’已建立
gpg: 钥匙环‘/home/hadoop/.gnupg/pubring.gpg’已建立
请选择您要使用的密钥种类:(1) RSA and RSA (default)(2) DSA and Elgamal(3) DSA (仅用于签名)(4) RSA (仅用于签名)
您的选择? 1
RSA 密钥长度应在 1024 位与 4096 位之间。
您想要用多大的密钥尺寸?(2048)4096
您所要求的密钥尺寸是 4096 位
请设定这把密钥的有效期限。0 = 密钥永不过期<n>  = 密钥在 n 天后过期<n>w = 密钥在 n 周后过期<n>m = 密钥在 n 月后过期<n>y = 密钥在 n 年后过期
密钥的有效期限是?(0) 0
密钥永远不会过期
以上正确吗?(y/n)y

如上所示,选择项分别为:

  • 1
  • 4096
  • 0
  • y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"真实姓名:tyrantlucifer
电子邮件地址:tyrantlucifer@apache.org
注释:The key of Apache SeaTunnel
您选定了这个用户标识:“tyrantlucifer (The key of Apache SeaTunnel) <tyrantlucifer@apache.org>”更改姓名(N)、注释(C)、电子邮件地址(E)或确定(O)/退出(Q)?o
您需要一个密码来保护您的私钥。

如上所示,你需要为这个key指定个人信息以及加密密码,需要填写

  • 姓名
  • 邮箱(Apache邮箱)
  • key注释
  • 密码(很重要,不要忘记,要记住哟

file

我们需要生成大量的随机字节。这个时候您可以多做些琐事(像是敲打键盘、移动
鼠标、读写硬盘之类的),这会让随机数字发生器有更好的机会获得足够的熵数。
我们需要生成大量的随机字节。这个时候您可以多做些琐事(像是敲打键盘、移动
鼠标、读写硬盘之类的),这会让随机数字发生器有更好的机会获得足够的熵数。
gpg: 密钥 0983DF85 被标记为绝对信任
公钥和私钥已经生成并经签名。gpg: 正在检查信任度数据库
gpg: 需要 3 份勉强信任和 1 份完全信任,PGP 信任模型
gpg: 深度:0 有效性:  1 已签名:  0 信任度:0-,0q,0n,0m,0f,1u
pub   4096R/0983DF85 2022-12-28
密钥指纹 = AE63 FC40 ECCD 600D 724B  5625 05FD AE73 0983 DF85
uid                  tyrantlucifer (The key of Apache SeaTunnel) <tyrantlucifer@apache.org>
sub   4096R/B7023D46 2022-12-28
验证key
gpg --list-keys
/home/hadoop/.gnupg/pubring.gpg
-------------------------------
pub   4096R/0983DF85 2022-12-28
uid                  tyrantlucifer (The key of Apache SeaTunnel) <tyrantlucifer@apache.org>
sub   4096R/B7023D46 2022-12-28

Tips: 0983DF85就是你的公钥缩写

上传key到公共服务器
gpg --keyserver keyserver.ubuntu.com --send-key 0983DF85
验证key是否正常上传
  1. 命令行验证
gpg --keyserver keyserver.ubuntu.com --search-keys 0983DF85
  1. 网站验证

    OpenPGP Keyserver (ubuntu.com)

file

file

Tips: 该截图是我之前已经上传好的key,和上一步骤生成的key不一致是正常的

配置maven

创建主密码
mvn --encrypt-master-password <apache password>
新建文件~/.m2/settings-security.xml
<settingsSecurity><master><!-- 这里填入上一步输出的密码 --></master>
</settingsSecurity>
加密Apache LDAP 密码
mvn --encrypt-password <apache password>
新增配置

编辑你本地maven环境的配置文件,一般路径为~/.m2/setting.xml,添加

<settings><servers><server><id>apache.snapshots.https</id><username> <!-- APACHE LDAP USERNAME --> </username><password> <!-- APACHE LDAP ENCRYPTED PASSWORD,上一步加密的密码 --> </password></server><server><id>apache.releases.https</id><username> <!-- APACHE LDAP USERNAME --> </username><password> <!-- APACHE LDAP ENCRYPTED PASSWORD,上一步加密的密码 --> </password></server><server><id>gpg.passphrase</id><passphrase><!-- GPG KEY PASSWORD --></passphrase></server></servers>
</settings>

项目版本准备

分支准备

mkdir -p ~/seatunnel-release-prepare
cd ~/seatunnel-release-prepare
git clone git@github.com:apache/seatunnel.git
cd seatunnel
git checkout -b ${RELEASE.VERSION}-release

更新release-note

vim release-note.md
git add release-note.md
git commit -m "[Release][${RELEASE.VERSION}][release-note] Add release-note"
git push

预编译测试

mvn release:prepare -Prelease -Darguments="-DskipTests" -DdryRun=true -Dusername=${GITHUB USERNAME}

编译

mvn release:clean
mvn release:prepare -Prelease -Darguments="-DskipTests" -DpushChanges=false -Dusername=${GITHUB USERNAME}

提交代码

git push
git push origin --tags

部署jar包

  1. 上传jar包
mvn release:perform -Prelease -Darguments="-DskipTests" -Dusername=${GITHUB USERNAME}
  1. 关闭stage仓库

    https://repository.apache.org/#stagingRepositories

file

上传SVN

拉取release和dev仓库到本地

mkdir -p ~/seatunnel-release-prepare/dev
mkdir -p ~/seatunnel-release-prepare/release
cd ~/seatunnel-release-prepare/dev
svn --username=${APACHE LDAP username} co https://dist.apache.org/repos/dist/dev/seatunnel
cd ~/seatunnel-release-prepare/release
svn --username=${APACHE LDAP username} co https://dist.apache.org/repos/dist/release/seatunnel

上传key到dev和release仓库

Tips: 只有第一次发版的Release Manager才需要做这一步

cd ~/seatunnel-release-prepare/dev/seatunnel
gpg -a --export ${GPG USERNAME} >> KEYS
svn add KEYS
svn --username=${APACHE LDAP USERNAME} commit -m "Add ${APACHE LDAP USERNAME} GPG key"
cd ~/seatunnel-release-prepare/release/seatunnel
gpg -a --export ${GPG USERNAME} >> KEYS
svn add KEYS
svn --username=${APACHE LDAP USERNAME} commit -m "Add ${APACHE LDAP USERNAME} GPG key"

上传源码包和二进制包到dev仓库

  1. 复制源码包和二进制包

     mkdir -p ~/seatunnel-release-prepare/dev/${RELEASE.VERSION}cp -f ~/seatunnel-release-prepare/seatunnel/seatunnel-dist/target/*.tar.gz ~/seatunnel-release-prepare/dev/${RELEASE.VERSION}cd ~/seatunnel-release-prepare/dev/${RELEASE.VERSION}
  2. 生成签名

     shasum -a 512 apache-seatunnel-${RELEASE.VERSION}-src.tar.gz >> apache-seatunnel-${RELEASE.VERSION}-src.tar.gz.sha512shasum -b -a 512 apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz >> apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz.sha512
  3. 生成GPG签名

     gpg --armor --detach-sig apache-seatunnel-${RELEASE.VERSION}-src.tar.gzgpg --armor --detach-sig apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz
  4. 检查文件签名

     shasum -c apache-seatunnel-${RELEASE.VERSION}-src.tar.gz.sha512shasum -c apache-seatunnel-${RELEASE.VERSION}-bin.tar.gz.sha512
  5. 检查数字签名

    1. 导入(Release Manager不需要做这一步)

      curl https://dist.apache.org/repos/dist/dev/seatunnel/KEYS >> KEYS
      gpg --import KEYS
      gpg --edit-key "${GPG username of releaser}"> trustPlease decide how far you trust this user to correctly verify other users' keys
      (by looking at passports, checking fingerprints from different sources, etc.)1 = I don't know or won't say2 = I do NOT trust3 = I trust marginally4 = I trust fully5 = I trust ultimatelym = back to the main menuYour decision? 5> save
    2. 检查gpg数字签名

      gpg --verify apache-seatunnel-${RELEASE.VERSION}-src.tar.gz.asc apache-seatunnel-${RELEASE.VERSION}-src.tar.gz
      gpg --verify apache-seatunnel-${RELEASE.VERSION}-seatunnel-bin.tar.gz.asc apache-seatunnel-${RELEASE.VERSION}-seatunnel-bin.tar.gz
  6. 提交所有文件至dev仓库

     svn add *svn --username=${APACHE LDAP USERNAME} commit -m "release ${RELEASE.VERSION}"

邮件发起投票

dev@seatunnel.apache.org投票

发起投票
[VOTE] Release Apache SeaTunnel 2.3.0Hello SeaTunnel Community,This is a call for vote to release Apache SeaTunnel () version 2.3.0Release notes:
https://github.com/apache/seatunnel/blob/2.3.0/release-note.mdThe release candidates:
https://dist.apache.org/repos/dist/dev/seatunnel/2.3.0 Git tag for the release:
https://github.com/apache/seatunnel/tree/2.3.0Maven 2 staging repository:
https://repository.apache.org/content/repositories/orgapacheseatunnel-1015/org/apache/seatunnel/Release Commit ID:
https://github.com/apache/seatunnel/commit/d7280abbe9e72262640836182a7f090a5706988aKeys to verify the Release Candidate: 
https://downloads.apache.org/seatunnel/KEYSThe vote will be open for at least 72 hours or until necessary numbers of votes are reached.Please vote accordingly:[ ] +1 approve[ ] +0 no opinion[ ] -1 disapprove with the reasonChecklist for reference:[ ] Download links are valid.[ ] Checksums and PGP signatures are valid.[ ] Source code artifacts have correct names matching the current release.[ ] LICENSE and NOTICE files are correct for each SeaTunnel repo.[ ] All files have license headers if necessary.[ ] No compiled archives bundled in source archive.More detail checklist please refer:
https://cwiki.apache.org/confluence/display/Release+Checklist--Best Regards
Chao Tian
关闭投票
[VOTE] Release Apache SeaTunnel() 2.3.0Hi SeaTunnel Community,Thanks, everyone, I will close this vote thread and the results will be tallied.Best wishes!
Chao Tian
归票
[RESULT] [VOTE] Release Apache SeaTunnel() 2.3.0Hi SeaTunnel community,This vote now closes since 72 hours have passed.The vote PASSES with3 (+1 binding) votes from the IPMC,
David,
Guo Wei,
Calvin Kirs  6 (+1 non-binding) votes from the developer from the communityJun Gao, 
TaoZex, 
hailin0,
Peng Yuan,
Zongwen Li,
Guangdong Liu
and no further 0 or -1 votes.The vote thread: https://lists.apache.org/thread/98oc6q6vghlg8qpfyf5yttzy925tfp9g Thanks for your participation, I will now bring the vote to
[general@apache.org](mailto:general@apache.org) <mailto:
[general@apache.org](mailto:general@apache.org)> to get
approval by the IPMC.
If this vote passes also, the release is accepted and will be published.Best wishes,
Chao Tian

general@apache.org投票

发起投票
[VOTE] Release Apache SeaTunnel() 2.3.0Hello IPMC, This is an official vote for the Apache
SeaTunnel() 2.3.0  that we have been working toward.To learn more about Apache SeaTunnel(), please see:https://seatunnel.apache.orgThe Apache SeaTunnel () community has voted and approved the release.Vote thread:https://lists.apache.org/thread/98oc6q6vghlg8qpfyf5yttzy925tfp9gResult thread:https://lists.apache.org/thread/6c0463dsoh8r0gmvqo67lttgy4o40xstRelease changes:https://github.com/apache/seatunnel/blob/2.3.0/release-note.mdThe release candidates:https://dist.apache.org/repos/dist/dev/seatunnel/2.3.0Maven 2 staging repository:https://repository.apache.org/content/repositories/orgapacheseatunnel-1015/org/apache/seatunnel/Git tag for the release:https://github.com/apache/seatunnel/tree/2.3.0Release Commit ID:https://github.com/apache/seatunnel/commit/d7280abbe9e72262640836182a7f090a5706988aKeys to verify the Release Candidate:https://downloads.apache.org/seatunnel/KEYSGPG user ID:tyrantluciferThe vote will be open for at least 72 hours or until necessary numbers
of votes are reached.Please vote accordingly:[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reasonChecklist for reference:[ ] Download links are valid.
[ ] Checksums and PGP signatures are valid.
[ ] DISCLAIMER is included.
[ ] Source code artifacts have correct names matching the current release.
[ ] LICENSE and NOTICE files are correct for each SeaTunnel repo.
[ ] All files have license headers if necessary.
[ ] No compiled archives bundled in source archive.More detail checklist please refer:
https://cwiki.apache.org/confluence/display/Release+ChecklistThe following votes are carried over from the SeaTunnel dev mailing list:+1(binding)
David,
William-Guowei,
Calvin KirsBest Regards,
Chao Tian
关闭投票
[VOTE] Release Apache SeaTunnel() 2.3.0Hi IPMC,Thanks, everyone, I will close this vote thread and the results will be tallied.Best wishes!
Chao Tian
归票
[RESULT] [VOTE] Release Apache SeaTunnel() 2.3.0Hi SeaTunnel community,This vote now closes since 72 hours have passed.The vote PASSES with3 (+1 binding) votes from the IPMC,
David,
Guo Wei,
Calvin Kirs  6 (+1 non-binding) votes from the developer from the communityJun Gao, 
TaoZex, 
hailin0,
Peng Yuan,
Zongwen Li,
Guangdong Liu
and no further 0 or -1 votes.The vote thread: https://lists.apache.org/thread/98oc6q6vghlg8qpfyf5yttzy925tfp9g Thanks for your participation, I will now bring the vote to
[general@apache.org](mailto:general@apache.org) <mailto:
approval by the IPMC.
If this vote passes also, the release is accepted and will be published.Best wishes,
Chao Tian

正式发版

从dev仓库移动文件至release仓库

svn mv https://dist.apache.org/repos/dist/dev/seatunnel/${RELEASE.VERSION} https://dist.apache.org/repos/dist/release/seatunnel/

发布maven仓库

file

发送通知邮件

dev@seatunnel.apache.org

Hi all,We are glad to announce the release of Apache SeaTunnel() ${RELEASE.VERSION}.Once again I would like to express my thanks to your help.SeaTunnel: SeaTunnel() is a distributed, high-performance data integration platform for the synchronization and transformation of massive
data (offline & real-time).Apache SeaTunnel() website: http://seatunnel.apache.org/Downloads: https://seatunnel.apache.org/download/Release Notes:https://github.com/apache/seatunnel/blob/${RELEASE.VERSION}/release-note.mdDocuments: https://seatunnel.apache.org/docs/${RELEASE.VERSION}/intro/aboutTwitter: https://twitter.com/ASFSeaTunnelSeaTunnel() Resources:
- GitHub: https://github.com/apache/seatunnel
- Issue: https://github.com/apache/seatunnel/issues
- Mailing list: dev@seatunnel.apache.org- Apache SeaTunnel() Team

总结

作为一名Apache Release Manager需要做的前期准备工作有很多且很繁琐,需要更多的耐心和细心,由于所有的仓库都在国外,任何一个步骤都会可能因为网络延迟而失败,但不要因此气馁,唯有不断的尝试才能走向最终的胜利,希望本篇文章能够帮助到初次发版的Release Manager,让大家少走弯路。

本文由 白鲸开源科技 提供发布支持!

这篇关于实操经验 | Apache 基金会顶级项目版本管理和发布流程的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/1123594

相关文章

Security OAuth2 单点登录流程

单点登录(英语:Single sign-on,缩写为 SSO),又译为单一签入,一种对于许多相互关连,但是又是各自独立的软件系统,提供访问控制的属性。当拥有这项属性时,当用户登录时,就可以获取所有系统的访问权限,不用对每个单一系统都逐一登录。这项功能通常是以轻型目录访问协议(LDAP)来实现,在服务器上会将用户信息存储到LDAP数据库中。相同的,单一注销(single sign-off)就是指

Spring Security基于数据库验证流程详解

Spring Security 校验流程图 相关解释说明(认真看哦) AbstractAuthenticationProcessingFilter 抽象类 /*** 调用 #requiresAuthentication(HttpServletRequest, HttpServletResponse) 决定是否需要进行验证操作。* 如果需要验证,则会调用 #attemptAuthentica

这15个Vue指令,让你的项目开发爽到爆

1. V-Hotkey 仓库地址: github.com/Dafrok/v-ho… Demo: 戳这里 https://dafrok.github.io/v-hotkey 安装: npm install --save v-hotkey 这个指令可以给组件绑定一个或多个快捷键。你想要通过按下 Escape 键后隐藏某个组件,按住 Control 和回车键再显示它吗?小菜一碟: <template

如何用Docker运行Django项目

本章教程,介绍如何用Docker创建一个Django,并运行能够访问。 一、拉取镜像 这里我们使用python3.11版本的docker镜像 docker pull python:3.11 二、运行容器 这里我们将容器内部的8080端口,映射到宿主机的80端口上。 docker run -itd --name python311 -p

高效+灵活,万博智云全球发布AWS无代理跨云容灾方案!

摘要 近日,万博智云推出了基于AWS的无代理跨云容灾解决方案,并与拉丁美洲,中东,亚洲的合作伙伴面向全球开展了联合发布。这一方案以AWS应用环境为基础,将HyperBDR平台的高效、灵活和成本效益优势与无代理功能相结合,为全球企业带来实现了更便捷、经济的数据保护。 一、全球联合发布 9月2日,万博智云CEO Michael Wong在线上平台发布AWS无代理跨云容灾解决方案的阐述视频,介绍了

综合安防管理平台LntonAIServer视频监控汇聚抖动检测算法优势

LntonAIServer视频质量诊断功能中的抖动检测是一个专门针对视频稳定性进行分析的功能。抖动通常是指视频帧之间的不必要运动,这种运动可能是由于摄像机的移动、传输中的错误或编解码问题导致的。抖动检测对于确保视频内容的平滑性和观看体验至关重要。 优势 1. 提高图像质量 - 清晰度提升:减少抖动,提高图像的清晰度和细节表现力,使得监控画面更加真实可信。 - 细节增强:在低光条件下,抖

Android实现任意版本设置默认的锁屏壁纸和桌面壁纸(两张壁纸可不一致)

客户有些需求需要设置默认壁纸和锁屏壁纸  在默认情况下 这两个壁纸是相同的  如果需要默认的锁屏壁纸和桌面壁纸不一样 需要额外修改 Android13实现 替换默认桌面壁纸: 将图片文件替换frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.*  (注意不能是bmp格式) 替换默认锁屏壁纸: 将图片资源放入vendo

在cscode中通过maven创建java项目

在cscode中创建java项目 可以通过博客完成maven的导入 建立maven项目 使用快捷键 Ctrl + Shift + P 建立一个 Maven 项目 1 Ctrl + Shift + P 打开输入框2 输入 "> java create"3 选择 maven4 选择 No Archetype5 输入 域名6 输入项目名称7 建立一个文件目录存放项目,文件名一般为项目名8 确定

软考系统规划与管理师考试证书含金量高吗?

2024年软考系统规划与管理师考试报名时间节点: 报名时间:2024年上半年软考将于3月中旬陆续开始报名 考试时间:上半年5月25日到28日,下半年11月9日到12日 分数线:所有科目成绩均须达到45分以上(包括45分)方可通过考试 成绩查询:可在“中国计算机技术职业资格网”上查询软考成绩 出成绩时间:预计在11月左右 证书领取时间:一般在考试成绩公布后3~4个月,各地领取时间有所不同

安全管理体系化的智慧油站开源了。

AI视频监控平台简介 AI视频监控平台是一款功能强大且简单易用的实时算法视频监控系统。它的愿景是最底层打通各大芯片厂商相互间的壁垒,省去繁琐重复的适配流程,实现芯片、算法、应用的全流程组合,从而大大减少企业级应用约95%的开发成本。用户只需在界面上进行简单的操作,就可以实现全视频的接入及布控。摄像头管理模块用于多种终端设备、智能设备的接入及管理。平台支持包括摄像头等终端感知设备接入,为整个平台提