Contribute to the DSpace Development Fund
The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.
This document is intended to be kept up to date by the DSpace Release Managers. It details the steps necessary to perform snapshot and official releases of DSpace and supporting Modules.
Useful Sonatype Links
For lack of a better place at this time, here's some useful pages on Sonatype:
Prerequisites
Verify Release Privileges
To perform a release, you must have all of the following:
- Write access to the DSpace subversion repository hosted at http://scm.dspace.org/svn/repo; This requires an administrator to add you to the svn repository permissions via the TRAC user group.
- Write access to the org.dspace groupId in the snapshot and staging repositories hosted at oss.sonatype.org. If you don't already have this, you will need to:
- Sign up for a Sonatype JIRA account. This account will also serve as your login to the Sonatype OSS system
- Ask the previous release manager to request authorization for this account via the Sonatype JIRA system in the Open Source Project Repository Hosting project. Once Sonatype gives you the proper authorization, you should be able to login to the Sonatype OSS system using the same login/password you setup in Sonatype JIRA.
- The full details of signing up and getting access to Sonatype are also posted online here: Sonatype Maven Repository Usage Guide
- You must generate and publish your own personal Code Signing Key (required by Sonatype). Here are two sites that give hints on how to do that:
- Creating a Code Signing Key
- How to Generate PGP Signatures with Maven (required for all Sonatype releases)
- Make sure to publish your Key file to
hkp://pgp.mit.edu
, as this is the Key Server Sonatype uses for verification:(e.g.)
gpg --keyserver hkp://pgp.mit.edu --send-keys [yourKeyID]
- You can see if your key is already on that Key Server by visiting http://pgp.mit.edu and searching on your name
- Write access to projects.dspace.org (which is where the DSpace Projects website is hosted)
- Ask the previous release manager (or someone else with access) to be given access to this server.
- Include your proposed username
- Include a local SSH Public Key (which will be used for authentication).
Setting up a new person with proper access to projects.dspace.org
Here's notes from Mark Diggory on how to give someone else access to the OSUOSL server (projects.dspace.org):
- adduser -m <user-name>
- Add authorized key to
~/.ssh/authorizedkeys
(make sure permissions are correct on file) - Add user to /etc/groups
maven:x:4002:peterdietz,esm,mdiggory,tdonohue,ben,kim,apache
- Make sure
umask 002
is in the users~/.bash_profile
so maven permissions are written correctly.
Update Maven settings.xml
DSpace's root pom.xml already has the correct staging and snapshot repositories listed in the OSS parents distributionManagement section. In order to deploy, you will need to add your Sonatype OSS username and password to your local ~/.m2/settings.xml
file:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> <servers> <!--Login info for Sonatype SnapShot repository--> <server> <id>sonatype-nexus-snapshots</id> <username>YourSonatypeUsername</username> <password>YourSonatypePassword</password> </server> <!--Login info for Sonatype Staging/Release repository--> <server> <id>sonatype-nexus-staging</id> <username>YourSonatypeUsername</username> <password>YourSonatypePassword</password> </server> <!--Login info for DSpace Projects (projects.dspace.org) website @OSUOSL--> <server> <id>website</id> <username>YourOSUOSLUserName</username> <privateKey>[Full-path-to]\.ssh\id_rsa</privateKey> <passphrase>YourKeyPassphrase (if necessary)</passphrase> </server> </servers> </settings>
If you don't yet have a ~/.m2/settings.xml
file, you should create one, and copy the full contents above (obviously make sure to put in your username and password).
Avoid Using Maven 2.1.0 or 2.2.0
Make sure you're using a recent version of Maven. As of this writing, the latest was 2.2.1, and it worked fine. In particular, avoid version 2.2.0: it has a serious bug that affects deployments: MNG-4235. Maven 2.1.0 also is problematic, as it produces improper GPG signatures.
For more information see the Pre-Requisities section of theSonatype Maven Repository Usage Guide
Making a Snapshot Release (e.g. 'dspace-1.7.0-SNAPSHOT')
One Step
From a clean, up-to-date copy of trunk, run the following command:
mvn clean javadoc:jar source:jar deploy
You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).
The snapshot will be immediately available in the public Sonatype repository: http://oss.sonatype.org/content/groups/public
Making an Official Release (e.g. 'dspace-1.7.0' or 'dspace-1.7.0-rc1')
For More Information
These same steps are also covered in the Sonatype Maven Repository Usage Guide
Do a Dry Run
This step is not required, but performs a useful sanity check without committing any changes. From a clean, up-to-date copy of trunk, run the following command:
mvn release:prepare -DdryRun=true
You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).
If you notice an issue or an error occurs, you can re-run the Dry Run using the following command:
mvn release:prepare -DdryRun=true -Dresume=false
Tag and Increment Version
This step will set the version declared in the project's pom.xml files, commit the changes to trunk, tag the release, and finally, check in another trunk change that increments the next development version (e.g. x.y-SNAPSHOT) in the pom.xml files.
mvn release:prepare -Dresume=false
(Optionally, you may also include the parameters -Dusername=YourSVNUsername -Dpassword=YourSVNPassword
at the end of the above command, though I've not found these to be necessary)
You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).
If you receive a project dependency error
This may fail to compile part way through the process, complaining that an internal project dependency is not met. If this occurs, don't worry. Just run the following:
mvn install
mvn release:prepare
Backing out of changes
If backing out of this step is needed for any reason, the following will restore the subversion repository and your working copy to the state it was previously in:
mvn release:rollback
svn rm https://scm.dspace.org/svn/repo/dspace/tags/dspace-x.y
Deploy Artifacts to Staging
This step will sign, checksum, and push all release artifacts (including javadocs and sources) to the staging repository. Run the following:
mvn release:perform
You should be prompted by Maven to specify your GPG passphrase (which you established when you created your Code Signing Key). If you run into any issues, it's possible to specify your GPG key and passphrase as arguments (e.g. -Darguments="-Dgpg.keyname=YourKeyId -Dgpg.passphrase=YourKeyPassword"
If you need to re-deploy
If any errors or problems occur during the deploy, you can re-run mvn release:perform
safely after fixing those issues (re-running it will just overwrite existing staged contents).
Verify and Release Staged Artifacts
For screenshots and more details on this step, visit the Sonatype Repository Usage Guide's section on Releasing your artifacts
- Login to http://oss.sonatype.org/
- Click "Staging Repositories" in the left column, then select the checkbox next to the staged repository on the right. The contents of it will open up at the bottom of the page.
- With the staged repository still selected, click the "Close" button at the top.
- Download and test that the artifacts in staging are exactly as they should be once deployed to central.
- If everything looks good, select the repository and select "Release". The artifacts should be synced to central within an hour, and will officially be released to http://repo2.maven.org/maven2/org/dspace/
If you need to revert back
If anything is incorrect, select the staged repository and select "Drop". After the problem is resolved, you can re-deploy the artifacts to staging and verify them again. To re-deploy an already-tagged release:
mvn release:perform -Dtag=dspace-x.y -DconnectionUrl=scm:svn:
https://scm.dspace.org/svn/repo/dspace
-Darguments="-Dgpg.keyname=YourKeyId -Dgpg.passphrase=YourKeyPassword"
Create the Distribution Zips for SourceForge
The previous action will have checked out the release tag into the target directory under "target/checkout". Navigate to that directory and execute the creation of the distributions using the following command. This will create two zip, bzip and gzipped files in the target directory. One set of files is the "binary" release, and the other set is the source release.
(Note: If you've already removed the target/checkout
directory, you can also checkout a fresh copy of the newly tagged version and run this command from the DSpace parent directory.)
localhost$ cd target/checkout localhost$ mvn package -Pdistributions [INFO] Scanning for projects... [INFO] ---------------------------------------------------------------------------- [INFO] Building DSpace Parent Project [INFO] task-segment: [package] [INFO] ---------------------------------------------------------------------------- [INFO] [site:attach-descriptor] [INFO] [assembly:single -(execution. default-)] [INFO] Building zip: .../target/dspace-1.5.0-beta1-release.zip [INFO] Building tar: .../target/dspace-1.5.0-beta1-release.tar.gz [INFO] Building tar: .../target/dspace-1.5.0-beta1-release.tar.bz2 [INFO] Building zip: .../target/dspace-1.5.0-beta1-src-release.zip [INFO] Building tar: .../target/dspace-1.5.0-beta1-src-release.tar.gz [INFO] Building tar: .../target/dspace-1.5.0-beta1-src-release.tar.bz2 [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESSFUL [INFO] ------------------------------------------------------------------------
Upload to SourceForge
Upload both the source and binary releases to Sourceforge.net. You can either upload them via the web interface, or copy them over via scp
or other command line tools. If you want to copy the files from command line, follow the directions found here: http://apps.sourceforge.net/trac/sourceforge/wiki/File%20management%20service
Using scp
to copy to the "DSpace Stable" file directory: (example for 1.6.0 final)
scp <files> <username>,dspace@frs.sourceforge.net:"/home/frs/project/d/ds/dspace/DSpace\\ Stable/1.6.0/"
Using scp
to copy to the "DSpace Release Candidate" file directory: (example for 1.6.0-rc2)
scp <files> <username>,dspace@frs.sourceforge.net:"/home/frs/project/d/ds/dspace/DSpace\\ Release\\ Candidate/1.6.0-rc2/"
After the Release is Finished
Don't Announce Until Maven Packages Have Propagated
You must wait for all the packages to be available at http://repo2.maven.org/maven2/org/dspace/ before you announce the release. Until the DSpace packages are available in the Maven repository, no one else will be able to build DSpace using Maven.
- Add the new contributors to the list: DSpaceContributors
- Coordinate Announcements with DuraSpace Staff:
- Announcement on dspace.org, duraspace.org, twitter
- Plus if new stable version, ask dspace.org admins to upload latest documentation
- Announce on mailing lists
- Link announcement on Home of Wiki, change any version numbers on that page.
- Ensure that the Latest Release page on dspace.org is updated.
- Add group corresponding to the version to the JIRA system (if not already there)
- Update Wiki pages, particularly these pages which refer to the Current and Next releases:
- Create a new branch in SVN for any upcoming sub-minor releases (if necessary)