Ref: http://www.ruanyifeng.com/blog/2013/07/gpg.html
查看 GPG 版本。
$ gpg --version
安装 GPG(已安装 GPG 忽略)。
# for macOS
$ brew install gpg
查看密钥,假设公钥是 8FDE893A8DE5184C7F76ECB9B9185984BF7D6735
。
$ gpg --list-keys
/home/nxw/.gnupg/pubring.kbx
----------------------------
pub rsa3072 2022-12-04 [SC]
8FDE893A8DE5184C7F76ECB9B9185984BF7D6735
uid [ unknown] Xuewei Niu <[email protected]>
sub rsa3072 2022-12-04 [E]
# 设置公钥环境变量
$ PUB_KEY="8FDE893A8DE5184C7F76ECB9B9185984BF7D6735"
生成密钥,生成密钥之后需要设置 PUB_KEY
环境变量。
$ gpg --full-gen-key
# 上传公钥
$ gpg --keyserver hkp://pgpkeys.mit.edu --send-keys $PUB_KEY
# 生成公钥指纹
$ gpg --fingerprint $PUB_KEY
导出私钥和公钥。
$ gpg --output public.gpg --armor --export $PUB_KEY
$ gpg --output private.gpg --armor --export-secret-keys $PUB_KEY
导入私钥和公钥。
$ gpg --import public.gpg
$ gpg --import private.gpg
$ gpg --edit-key $PUB_KEY trust quit
吊销证书。
$ gpg --gen-revoke $PUB_KEY
将近期合并的 pull requests 按照 features、bugfixes 和 enhancements 更新到对应分支的 CHANGELOG.md 中,示例 dubbo-go#2360。
各 release 分支 CHANGELOG:main | release-3.1 | release-3.0。
比如即将发布 v3.1.1-rc1,将 release-3.1 分支的 version.go 的 Version
修改为 3.1.1-rc1
,DATE
修改为当前的时间 2023/12/12
。
各 release 分支 version.go:main | release-3.1 | release-3.0。
设置 release 环境变量。
$ MAIN_VERSION="3.1.1"
# 发布 rc 版本
$ RC_VERSION="1"
$ GIT_TAG="v$MAIN_VERSION-rc$RC_VERSION"
$ GIT_TAG_MSG="v$MAIN_VERSION release candidate $RC_VERSION"
# 发布生产版本
$ GIT_TAG="v$MAIN_VERSION"
$ GIT_TAG_MSG="v$MAIN_VERSION production ready"
# 查看 tag/tag 信息
$ echo "Tag: $GIT_TAG, msg: $GIT_TAG_MSG"
打 tag 并推送至远端,请确保 CHANGELOG 的 pull request 已经被合并。
$ cd path/to/dubbo-go
# checkout 至 release-x.y 分支或者 main
$ git checkout <RELEASE_BRANCH>
$ git pull
# 操作 tag
$ git tag -a $GIT_TAG -m $GIT_TAG_MSG
$ git tag -n9 | grep $GIT_TAG
$ git push origin $GIT_TAG
在准备打包签名之前,检查以下内容是否符合要求:
- 每个文件的 LICENSE 头部是否正确, 包括
*.java
,*.go
,*.xml
,Makefile
等; - LICENSE 文件是否存在;
- NOTICE 文件是否存在;
- CHANGELOG.md 是否存在(变更内容格式符合规范)。
设置 GPG 环境变量。
$ gpg --list-keys
/home/nxw/.gnupg/pubring.kbx
----------------------------
pub rsa3072 2022-12-04 [SC]
8FDE893A8DE5184C7F76ECB9B9185984BF7D6735
uid [ unknown] Xuewei Niu <[email protected]>
sub rsa3072 2022-12-04 [E]
$ GPG_EMAIL="[email protected]"
$ GPG_NAME="Xuewei Niu"
打包源代码并验证。
$ git archive --format=tar --prefix=dubbo-go-$GIT_TAG/ $GIT_TAG \
| gzip > dubbo-go-$GIT_TAG-src.tar.gz
# 签名
$ gpg -u $GPG_EMAIL --armor --output dubbo-go-$GIT_TAG-src.tar.gz.asc \
--detach-sign dubbo-go-$GIT_TAG-src.tar.gz
$ gpg --verify dubbo-go-$GIT_TAG-src.tar.gz.asc \
dubbo-go-$GIT_TAG-src.tar.gz
# 哈希验证
$ shasum -a 512 dubbo-go-$GIT_TAG-src.tar.gz \
> dubbo-go-$GIT_TAG-src.tar.gz.sha512
$ shasum --check dubbo-go-$GIT_TAG-src.tar.gz.sha512
$ svn checkout https://dist.apache.org/repos/dist/dev/dubbo
$ cd dubbo
$ svn update
$ (gpg --list-sigs $GPG_NAME && gpg --armor --export $GPG_NAME) >> KEYS
$ mkdir -p dubbo-go/$GIT_TAG
# 复制 dubbo-go-$GIT_TAG-src.tar.gz、dubbo-go-$GIT_TAG-src.tar.gz.asc 和
# dubbo-go-$GIT_TAG-src.tar.gz.sha512 到 dubbo-go/$GIT_TAG
$ tree dubbo-go/$GIT_TAG
dubbo-go/v1.5.6-rc1/
├── dubbo-go-v1.5.6-rc1-src.tar.gz
├── dubbo-go-v1.5.6-rc1-src.tar.gz.asc
└── dubbo-go-v1.5.6-rc1-src.tar.gz.sha512
$ svn add dubbo-go/$GIT_TAG
$ svn commit --username <APACHE USERNAME> -m "Release dubbo-go $GIT_TAG"
检查 SVN 内容
- KEYS: https://dist.apache.org/repos/dist/dev/dubbo/KEYS
- Release 包: https://dist.apache.org/repos/dist/dev/dubbo/dubbo-go
发送 VOTE 邮件至 [email protected],主题是 "[VOTE] Release Apache Dubbo-go v3.1.1-rc1"。
Hello Dubbo/Dubbogo community
This is a vote for the release of Apache Dubbo-go v3.1.1-rc1.
Release candidates:
https://dist.apache.org/repos/dist/dev/dubbo/dubbo-go/v3.1.1-rc1
Git tags published:
https://github.com/apache/dubbo-go/tree/v3.1.1-rc1
Publish tag hash:
d204c4ef491dd22c58c4fd2e0a30e0f9d4e57715
The artifact has been signed with a key:
8FDE893A8DE5184C7F76ECB9B9185984BF7D6735, it can be found in the KEYS file https://dist.apache.org/repos/dist/dev/dubbo/KEYS
Polls will remain open for at least 72 hours or until the necessary number of votes is reached.
Please vote accordingly:
[] +1 Yes
[] +0 no opinion
[] -1 Do not approve, cause
Thank you, Apache Dubbo/Dubbogo team
在获得 3 位 PMCs 的确认邮件后,发送 RESULT 邮件至 [email protected],主题是 "[RESULT][VOTE] Release Apache Dubbo-go v3.1.1-rc1"。Vote and result thread 地址可以在 lists.apache.org 中找到。
Hello Dubbo/Dubbogo Community,
The release Dubbo-go v3.1.1-rc1 vote finished, We’ve received 3 +1 (binding) votes.
+1 binding, {Member0}
+1 binding, {Member1}
+1 binding, {Member2}
The vote and result thread:
https://lists.apache.org/thread/6hybm3jd88v7phxoy178mxbtwxw8yrzv
The vote passed. Thanks all.
I will proceed with the formal release later.
Best regards,
The Apache Dubbogo Team