Blog: 如何准备Apache Release

 2 years ago
source link: https://dubbo.apache.org/zh/blog/2018/09/02/%E5%A6%82%E4%BD%95%E5%87%86%E5%A4%87apache-release/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client


如何准备Apache Release

Sunday, September 02, 2018


总的来说,Source Release是Apache关注的重点,也是发布的必须内容;而Binary Release是可选项,Dubbo可以选择是否发布二进制包到Apache仓库或者发布到Maven中央仓库。





详细文档请参见这里, Mac OS下配置如下

$ brew install gpg
$ gpg --version #检查版本,应该为2.x



$ gpg --full-gen-key
gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
  (1) RSA and RSA (default)
  (2) DSA and Elgamal
  (3) DSA (sign only)
  (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
        0 = key does not expire
     <n>  = key expires in n days
     <n>w = key expires in n weeks
     <n>m = key expires in n months
     <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Robert Burrell Donkin
Email address: [email protected]
You selected this USER-ID:
   "Robert Burrell Donkin (CODE SIGNING KEY) <[email protected]>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key. # 填入密码,以后打包过程中会经常用到

查看key id

$ gpg --list-keys
pub   rsa4096/28681CB1 2018-04-26 # 28681CB1就是key id
uid       [ultimate] liujun (apache-dubbo) <[email protected]>
sub   rsa4096/D3D6984B 2018-04-26

# 通过key id发送public key到keyserver
$ gpg --keyserver pgpkeys.mit.edu --send-key 28681CB1
# 其中,pgpkeys.mit.edu为随意挑选的keyserver,keyserver列表为:https://sks-keyservers.net/status/,为相互之间是自动同步的,选任意一个都可以。

如果有多个public key,设置默认key。修改~/.gnupg/gpg.conf

# If you have more than 1 secret key in your keyring, you may want to
# uncomment the following option and set your preferred keyid.
default-key 28681CB1

如果有多个public key, 也可以删除无用的key:

### 先删除私钥,再删除公钥
$ gpg --yes --delete-secret-keys [email protected]   ###老的私钥,指明邮箱即可
$ gpg --delete-keys 1808C6444C781C0AEA0AAD4C4D6A8007D20DB8A4

PS: 最新版本经过实测,本地没有gpg.conf这个文件,因此如果在执行过程中遇到签名失败,可以参考这个文章:https://blog.csdn.net/wenbo20182/article/details/72850810 或 https://d.sb/2016/11/gpg-inappropriate-ioctl-for-device-errors


Dubbo项目的父pom为Apache pom(2.7.0以上版本需要,2.6.x发布版本不需要此操作)


添加以下内容到.m2/settings.xml 所有密码请使用maven-encryption-plugin加密后再填入

   <!-- To publish a snapshot of some part of Maven -->
     <username> <!-- YOUR APACHE LDAP USERNAME --> </username>
     <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password>
   <!-- To stage a release of some part of Maven -->
     <username> <!-- YOUR APACHE LDAP USERNAME --> </username>
     <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password>
     <!-- gpg passphrase used when generate key -->
     <passphrase><!-- yourKeyPassword --></passphrase>


从主干分支拉取新分支作为发布分支,如现在要发布${release_version}版本,则从2.6.x拉出新分支${release_version}-release,此后${release_version} Release Candidates涉及的修改及打标签等都在${release_version}-release分支进行,最终发布完成后合入主干分支。


$ mvn clean install -Prelease
$ mvn deploy




$ mvn release:prepare -Prelease -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID-DdryRun=true


$ mvn release:clean
$ mvn release:prepare -Prelease -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID -DpushChanges=false

执行release插件时,如果指定了-DpushChanges=true, 插件会自动提交到远端的GitHub仓库中,此时就需要输入GitHub的密码,注意不是输入web页面的登录密码,而是一个Personal access tokens,获取方式详见这里

这里有一点要注意的是tag, 在执行过程中,需要选择发布的artifactId, 下一个版本artifactId以及发布版本的tag, tag默认的是dubbo-parent-xxxx,需要改成dubbo-xxxx


  1. source-release.zipbin-release.zip包已经生成在dubbo-distribution目录下,请解压并检查文件是否完整
  2. 本地已经打出相应的tag,同时新增一个commit,名叫[maven-release-plugin] prepare release dubbo-x.x.x
  3. 分支版本自动升级为${release_version+1}-SNAPSHOT,同时新增一个commit,名叫[[maven-release-plugin] prepare for next development iteration

如果指定了-DpushChanges=true, 则本地提交会自动推送到远端的GitHub仓库。根据经验,建议不要指定为true,请设置为false,待本地检查通过之后再手动提交


$ mvn -Prelease release:perform -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=YOUR GITHUB ID


  • 在deploy执行过程中,有可能因为网络等原因被中断,如果是这样,可以重新开始执行。
  • deploy执行到maven仓库的时候,请确认下包的总量是否正确。多次出现了包丢失的情况,特别是dubbo-parent包。


  1. 准备svn本机环境(Apache使用svn托管项目的发布内容)

  2. 将dubbo checkout到本地目录

    $ svn checkout https://dist.apache.org/repos/dist/dev/incubator/dubbo
    # 假定本地目录为 ~/apache/incubator/dubbo
  3. 当前发布版本为${release_version},新建目录

    $ cd ~/apache/incubator/dubbo # dubbo svn根目录
    $ mkdir ${release_version}
  4. 添加public key到KEYS文件并提交到SVN仓库(第一次做发布的人需要做这个操作,具体操作参考KEYS文件里的说明)。KEYS主要是让参与投票的人在本地导入,用来校验sign的正确性

    $ gpg -a --export your_key_id >> KEYS
  5. 拷贝distribution/target下的source相关的包到svn本地仓库dubbo/${release_version}

  6. 生成sha512签名


    $ shasum -a 512 apache-dubbo-${release_version}-source-release.zip >> apache-dubbo-${release_version}-source-release.zip.sha512


    $ shasum -b -a 512 apache-dubbo-${release_version}-bin-release.zip >> apache-dubbo-${release_version}-bin-release.zip.sha512
  7. 如果有binary release要同时发布


  8. 提交到Apache svn

    $ svn status
    $ svn commit -m 'prepare for ${release_version} RC1'

验证Release Candidates

详细的检查列表请参考官方的check list

首先,从一下地址下载要发布的Release Candidate到本地环境:





$ shasum -c apache-dubbo-${release_version}-source-release.zip.sha512
$ shasum -c apache-dubbo-${release_version}-bin-release.zip.sha512



 $ curl https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS >> KEYS # download public keys to local directory
 $ gpg --import KEYS # import keys
 $ gpg —edit-key liujun
   > trust # type trust command


gpg --verify apache-dubbo-2.6.3-source-release.zip.asc apache-dubbo-2.6.3-source-release.zip
gpg --verify apache-dubbo-2.6.3-bin-release.zip.asc apache-dubbo-2.6.3-bin-release.zip



  • Directory with ‘incubating’ in name apache-dubbo-${release_version}-source-release
  • DISCLAIMER exists
  • LICENSE and NOTICE exists and contents are good
  • All files and no binary files exist
  • All files has standard ASF License header
  • Can compile from source
  • All unit tests can pass
    mvn clean test # This will run all unit tests
    # you can also open rat and style plugin to check if every file meets requirements.
    mvn clean test -Drat.skip=false -Dcheckstyle.skip=false
  • Release candidates match with corresponding tags, you can find tag link and hash in vote email.
    • check the version number in pom.xml are the same
    • check there are no extra files or directories in the source package, for example, no empty directories or useless log files,这里需要注意换行符是否一致
      diff -r a rc_dir tag_dir
    • check the top n tag commits, dive into the related files and check if the source package has the same changes



  • Check signatures are good
  • ‘incubating’ in name
  • LICENSE and NOTICE exists and contents are good

注意,如果二进制包里面引入了第三方依赖,则需要更新LICENSE,加入第三方依赖的LICENSE,如果第三方依赖的LICENSE是Apache 2.0,并且对应的项目中包含了NOTICE,还需要更新NOTICE文件


  1. Dubbo社区投票,发起投票邮件到[email protected]。在社区开发者Review,经过至少72小时并统计到3个同意发版的binding票后(只有PMC的票才是binding),即可进入下一阶段的投票。
  2. Apache社区投票,发起投票邮件到[email protected]。经过至少72小时并统计到3个同意发版的binding票后(只有IPMC Member的票才是binding),即可进行正式发布。


Hello Dubbo Community,

This is a call for vote to release Apache Dubbo (Incubating) version 2.6.2.

The release candidates:

Git tag for the release:

Hash for the release tag:

Release Notes:

The artifacts have been signed with Key : 28681CB1, which can be found in the keys file:

The vote will be open for at least 72 hours or until necessary number of votes are reached.

Please vote accordingly:

[ ] +1 approve 
[ ] +0 no opinion 
[ ] -1 disapprove with the reason

The Apache Dubbo (Incubating) Team


Hello all,

This is a call for vote to release Apache Dubbo (Incubating) version 2.6.4.

The Apache Dubbo community has voted on and approved a proposal to release
Apache Dubbo (Incubating) version 2.6.4.

We now kindly request the Incubator PMC members review and vote on this
incubator release.

Apache Dubbo™  is a high-performance, java based, open source
RPC framework. Dubbo offers three key functionalities, which include
interface based remote call, fault tolerance & load balancing, and
automatic service registration & discovery.

Dubbo community vote and result thread:
A minor issue also can be found in the above thread.

The release candidates (RC1):

Git tag for the release (RC1):

Hash for the release tag:

Release Notes:

The artifacts have been signed with Key : 7955FB6D1DD21CF7, which can be
found in the keys file:

Look at here for how to verify this release candidate:

The vote will be open for at least 72 hours or until necessary number of
votes are reached.

Please vote accordingly:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reason

The Apache Dubbo (Incubating) Team


We’ve received 3 +1 binding votes and one +1 non-binding vote:

+1 binding, Ian Luo
+1 binding, Huxing Zhang
+1 binding, Jun Liu

+1 non-binding, Jerrick

I will create a new vote thread in Apache community now.

Best regards,
The Apache Dubbo (Incubating) Team
  1. dev目录下的发布包添加到release目录下,KEYS有更新的,也需要同步更新。
  2. 删除dev目录下的发布包
  3. 删除release目录下上一个版本的发布包,这些包会被自动保存在这里
  4. 发布GitHub上的release notes
  5. 修改GitHub的Readme文件,将版本号更新到最新发布的版本
  6. 在官网下载页面上添加最新版本的下载链接。最新的下载链接应该类似这样. 同时更新以前版本的下载链接,改为类似这样. 具体可以参考过往的下载链接
  7. 合并${release-version}-release分支到对应的主干分支, 然后删除相应的release分支,例如: git push origin --delete 2.7.0-release
  8. 发邮件到 [email protected][email protected] 宣布release邮件模板:
Hello Community,

The Apache Dubbo team is pleased to announce that the
2.6.6 has just been released.

Apache Dubbo™  is a high-performance, java based, open source
RPC framework. Dubbo offers three key functionalities, which include
interface based remote call, fault tolerance & load balancing, and
automatic service registration & discovery.

Both the source release[1] and the maven binary release[2] are available
now, you can also find the detailed release notes in here[3].

If you have any usage questions, or have problems when upgrading or find
any problems about enhancements included in this release, please don’t
hesitate to let us know by sending feedback to this mailing list or filing
an issue on GitHub[4].


Apache Dubbo is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.

[1] http://dubbo.apache.org/en-us/blog/download.html
[2] http://central.maven.org/maven2/com/alibaba/dubbo
[3] https://github.com/apache/dubbo/releases
[4] https://github.com/apache/dubbo/issues

完成Maven Convenient Binary发布(可选)

repository.apache.org nexus仓库的权限已经申请,参见jira

发布jar包到maven仓库,首先访问repository.apache.org, 选择staging repository, 点击release按钮。等待一段时间之后,在这里确认完整性和正确性. 发布到Maven中央仓库则还需要等待一段时间。可以在这里进行确认。

gpg: signing failed: Inappropriate ioctl for device

If you’ve encoutered this error, try the following commands:

export GPG_TTY=$(tty)


  • 6

    Stateful Functions 2.2.1 Release Announcement 11 Nov 2020 Tzu-Li (Gordon) Tai (@tzulitai) The Apache Flink community released the first bugfix release of the Stateful Function...

  • 5

    Announcing Flink 0.9.0-milestone1 preview release 13 Apr 2015 The Apache Flink community is pleased to announce the availability of the 0.9.0-milestone-1 release. The release is a preview of the upcoming 0.9.0 release....

  • 10

    May 28, 2021准备开发一个 Headless Blog Engine目前这个博客是采用的 Ghost 后端 + Next.js 前端的静态网站,Ghost 提供 API 并作为一个管理后台方便我在线编辑文章,每次有更新就会重新构建我这个部署在 Vercel 上的静态网站。

  • 15
    • arrow.apache.org 3 years ago
    • Cache

    Apache Arrow DataFusion 5.0.0 Release

    Apache Arrow DataFusion 5.0.0 Release Published 18 Aug 2021 By The Apache Arrow PMC (pmc) The Apache Arrow team is ple...

  • 3
    • arrow.apache.org 3 years ago
    • Cache

    Apache Arrow Ballista 0.5.0 Release

    Apache Arrow Ballista 0.5.0 Release Published 18 Aug 2021 By The Apache Arrow PMC (pmc) Ballista extends DataFusion to...

  • 7

    org.apache.sling.launchpad.base-2.2.0-source-release.zipHome org.apache.sling.launchpad.base-2.2.0-source-release.zip   org.apache.sling.launchpad.base-2.2.0-source-release.zip...

  • 13

    apache-ivyde-sources-2.0.0.final-200907011148-RELEASE.zipHome apache-ivyde-sources-2.0.0.final-200907011148-RELEASE.zip   apache-ivyde-sources-2.0.0.final-200907011148-RELEASE.zip...

  • 6

    Apache Flink StateFun Log4j emergency release 22 Dec 2021 Igal Shilman & Seth Wiesman The Apache Flink community has released an emergency bugfix version of Apache Flink Stateful Function 3.1.1.

  • 7
    • flink.apache.org 2 years ago
    • Cache

    Apache Flink 1.13.6 Release Announcement

    Apache Flink 1.13.6 Release Announcement 09 Feb 2022 Konstantin Knauf (@snntrable) The Apache Flink Community is pleased to announce another bug fix relea...

  • 4
    • flink.apache.org 2 years ago
    • Cache

    Apache Flink 1.14.4 Release Announcement

    11 Mar 2022 Konstantin Knauf (@snntrable) The Apache Flink Community is pleased to announce another bug fix release for Flink 1.14. This release includes 51 bug and vulnerability fix...

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK