Release Baremaps 0.8.2

[bchapuis]

In order to release a new version of Apache Baremaps, follow these steps:

• Notify the mailing list and ask everyone to pause commits on the main branch
• Create a new issue on GitHub with the title "Release Baremaps $RELEASE_VERSION"
• Create a new branch for the release (e.g. release-$RELEASE_VERSION)

cd baremaps
git checkout -b release-$RELEASE_VERSION

• Set the release version and commit the changes:

./mvnw versions:set -DnewVersion=$RELEASE_VERSION
git commit -a -m "Release Baremaps $RELEASE_VERSION"
git push --set-upstream origin release-$RELEASE_VERSION

• Tag the last commit with the release candidate version:

git tag v$RELEASE_VERSION-rc$CANDIDATE_NUMBER

• Push the tag to the remote repository (this will trigger GitHub Action to build the release candidate, publish the artifacts to the dev directory of dist.apache.org repository, and draft a release on GitHub):

git push origin v$RELEASE_VERSION-rc$CANDIDATE_NUMBER

• Publish the release artifacts to the maven repository.

./mvnw clean deploy -Papache-release

• Edit the release notes for this tag on GitHub.
• Ask the community to vote for the release candidate.
• If the release candidate is not approved by the community, commit the necessary changes, clean the git history, create a new release candidate, and repeat the process.

TODO: The following step is not yet fully automated. We need to add secrets and steps to publish the artifacts to the dev directory (APACHE_USERNAME, APACHE_PASSWORD) and to the maven repository (NEXUS_USERNAME, NEXUS_PASSWORD).

• If the release candidate is approved by the community, tag the release commit with the release version (this will trigger the same GitHub Action as before):

git tag -a v$RELEASE_VERSION
git push origin v$RELEASE_VERSION

• Register the release on reporter.apache.org.
• Rebase the release branch into the main branch.
• Clean up all the release candidate branches and tags.
• Publish the release on GitHub.
• Copy the release artifacts from the dev directory to the release directory.

svn cp https://dist.apache.org/repos/dist/dev/incubator/baremaps/$RELEASE_VERSION-rc$CANDIDATE_NUMBER https://dist.apache.org/repos/dist/release/incubator/baremaps/$RELEASE_VERSION -m "Release Apache Baremaps (incubating) $RELEASE_VERSION"

• Set the version of the next iteration and commit the changes:

./mvnw versions:set -DnewVersion=$NEXT_VERSION-SNAPSHOT
git commit -a -m "Prepare for next development iteration"
git push origin

./mvnw clean deploy

• Notify the community of the release by sending a message to the mailing list.

Reproducing the build

The release artifacts are bit-by-bit reproducible if the following conditions are met:

• The build is run with the same version of the JDK (e.g. OpenJDK 17 temurin)
• The build is run with the maven wrapper (e.g. ./mvnw)

The procedure has been tested on different operating systems (e.g. Linux and MacOS).
For convenience, we suggest to build the release artifacts on a clean environment (e.g. a fresh Docker container).

git checkout v$RELEASE_VERSION-rc$CANDIDATE_NUMBER
docker run \
  -v $(pwd):/baremaps \
  -w /baremaps \
  eclipse-temurin:17-jdk \
  ./mvnw clean install -DskipTests

Verifying the release artifacts

Verify the GPG signature of the release artifacts:

gpg --verify apache-baremaps-$RELEASE_VERSION-incubating-bin.tar.gz.asc
gpg --verify apache-baremaps-$RELEASE_VERSION-incubating-src.tar.gz.asc

Verify the SHA512 checksum of the release artifacts:

shasum -a 512 -c apache-baremaps-$RELEASE_VERSION-incubating-bin.tar.gz.sha512
shasum -a 512 -c apache-baremaps-$RELEASE_VERSION-incubating-src.tar.gz.sha512