How to Release

This tutorial describes in detail how to release Apache HertzBeat, take the release of version 1.6.0 as an example.

1. Environmental requirements

This release process is operated in the UbuntuOS(Windows,Mac), and the following tools are required:

• JDK 17
• Node18 Yarn
• Apache Maven 3.x
• GnuPG 2.x
• Git
• SVN (apache uses svn to host project releases)

Pay attention to setting environment variables export GPG_TTY=$(tty)

2. Preparing for release

First summarize the account information to better understand the operation process, will be used many times later.

• apache id: muchunjin (APACHE LDAP UserName)
• apache passphrase: APACHE LDAP Passphrase
• apache email: muchunjin@apache.org
• gpg real name: muchunjin (Any name can be used, here I set it to the same name as the apache id)
• gpg key passphrase: The password set when creating the gpg key, you need to remember this password

2.1 Key generation

$ gpg --full-gen-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1 # Please enter 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096 # Please enter 4096 here
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0 # Please enter 0
Key does not expire at all
Is this correct? (y/N) y # Please enter y here

GnuPG needs to construct a user ID to identify your key.

Real name: muchunjin # Please enter 'gpg real name'
Email address: muchunjin@apache.org # Please enter your apache email address here
Comment: apache key # Please enter some comments here
You selected this USER-ID:
    "muchunjin (apache key) <muchunjin@apache.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O # Please enter O here
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

# At this time, a dialog box will pop up, asking you to enter the key for this gpg. 
# you need to remember that it will be used in subsequent steps.
┌─────────────────────────────────────────────────────┐
│ Please enter this passphrase to                     │
│ protect your new key                                │
│                                                     │
│ Passphrase: _______________________________________ │
│                                                     │
│     <OK>                    <Cancel>                │
└─────────────────────────────────────────────────────┘

# Here you need to re-enter the password in the previous step.
┌─────────────────────────────────────────────────────┐
│ Please re-enter this passphrase                     │
│                                                     │
│ Passphrase: _______________________________________ │
│                                                     │
│     <OK>                    <Cancel>                │
└─────────────────────────────────────────────────────┘
gpg: key ACFB69E705016886 marked as ultimately trusted
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/DC12398CCC33A5349EB9663DF9D970AB18C9EDF6.rev'
public and secret key created and signed.

pub   rsa4096 2023-05-01 [SC]
      85778A4CE4DD04B7E07813ABACFB69E705016886
uid                      muchunjin (apache key) <muchunjin@apache.org>
sub   rsa4096 2023-05-01 [E]

Keys can be viewed through the gpg --list-signatures command

2.2 Upload the generated key to the public server

$ gpg --keyid-format SHORT --list-keys
/root/.gnupg/pubring.kbx
------------------------
pub   rsa4096/05016886 2023-05-01 [SC]
      85778A4CE4DD04B7E07813ABACFB69E705016886
uid         [ultimate] muchunjin (apache key) <muchunjin@apache.org>
sub   rsa4096/0C5A4E1C 2023-05-01 [E]

# Send public key to keyserver via key id
$ gpg --keyserver keyserver.ubuntu.com --send-key 05016886
# Among them, keyserver.ubuntu.com is the selected keyserver, it is recommended to use this, because the Apache Nexus verification uses this keyserver

2.3 Check if the key is created successfully

Verify whether it is synchronized to the public network, it will take about a minute to find out the answer, if not successful, you can upload and retry multiple times.

$ gpg --keyserver keyserver.ubuntu.com --recv-keys 05016886   # If the following content appears, it means success
gpg: key ACFB69E705016886: "muchunjin (apache key) <muchunjin@apache.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Or enter https://keyserver.ubuntu.com/ address in the browser, enter the name of the key and click 'Search key' to search if existed.

2.4 Add the gpg public key to the KEYS file of the Apache SVN project repo

• Apache HertzBeat Branch Dev https://dist.apache.org/repos/dist/dev/incubator/hertzbeat
• Apache HertzBeat Branch Release https://dist.apache.org/repos/dist/release/incubator/hertzbeat

2.4.1 Add public key to KEYS in dev branch

$ mkdir -p svn/dev
$ cd svn/dev

$ svn co https://dist.apache.org/repos/dist/dev/incubator/hertzbeat
$ cd svn/dev/hertzbeat

# Append the KEY you generated to the file KEYS, and check if it is added correctly
$ (gpg --list-sigs muchunjin@apache.org && gpg --export --armor muchunjin@apache.org) >> KEYS 

$ svn ci -m "add gpg key for muchunjin"

2.4.2 Add public key to KEYS in release branch

$ mkdir -p svn/release
$ cd svn/release

$ svn co https://dist.apache.org/repos/dist/release/incubator/hertzbeat
$ cd svn/release/hertzbeat

# Append the KEY you generated to the file KEYS, and check if it is added correctly
$ (gpg --list-sigs muchunjin@apache.org && gpg --export --armor muchunjin@apache.org) >> KEYS 

$ svn ci -m "add gpg key for muchunjin"

3. Prepare material package & release

3.1 Based on the master branch, create a release-${release_version}-rcx branch, such as release-1.6.0-rc1, And create a tag named v1.6.0-rc1 based on the release-1.6.0-rc1 branch, and set this tag as pre-release.

git checkout master
git checkout -b release-1.6.0-rc1

3.2 checkout release branch to local

git checkout release-1.6.0-rc1

3.3 Compile the binary package

Build HertzBeat server binary, run script in web-app

yarn install

yarn package

run script in root

mvn clean package -Prelease

then

mvn clean install

Build HertzBeat collector binary, run script in collector

mvn clean package -Pcluster

The release package are here:

• dist/apache-hertzbeat-{version}-incubating-bin.tar.gz
• dist/apache-hertzbeat-{version}-incubating-docker-compose.tar.gz
• dist/apache-hertzbeat-collector-{version}-incubating-bin.tar.gz

3.4 Package the source code

Package the project source code

git archive \
--format=tar.gz \
--output="dist/apache-hertzbeat-1.6.0-incubating-src.tar.gz" \
--prefix=apache-hertzbeat-1.6.0-incubating-src/ \
release-1.6.0-rc1

The archive package is here dist/apache-hertzbeat-1.6.0-incubating-src.tar.gz

3.5 Sign binary and source packages

The gpg -u 33545C76 33545C76 is your gpg secret ID, see from gpg --keyid-format SHORT --list-keys

cd dist

# sign
for i in *.tar.gz; do echo $i; gpg -u 33545C76 --armor --output $i.asc --detach-sig $i ; done

# SHA512
for i in *.tar.gz; do echo $i; sha512sum $i > $i.sha512 ; done

# if macos sha512sum not found, you can install by brew install coreutils

The final file list is as follows

apache-hertzbeat-1.6.0-incubating-src.tar.gz
apache-hertzbeat-1.6.0-incubating-src.tar.gz.asc
apache-hertzbeat-1.6.0-incubating-src.tar.gz.sha512
apache-hertzbeat-1.6.0-incubating-bin.tar.gz
apache-hertzbeat-1.6.0-incubating-bin.tar.gz.asc
apache-hertzbeat-1.6.0-incubating-bin.tar.gz.sha512
apache-hertzbeat-1.6.0-incubating-docker-compose.tar.gz
apache-hertzbeat-1.6.0-incubating-docker-compose.tar.gz.asc
apache-hertzbeat-1.6.0-incubating-docker-compose.tar.gz.sha512
apache-hertzbeat-collector-1.6.0-incubating-bin.tar.gz
apache-hertzbeat-collector-1.6.0-incubating-bin.tar.gz.asc
apache-hertzbeat-collector-1.6.0-incubating-bin.tar.gz.sha512

3.6 Verify signature

$ cd dist

# Verify signature
$ for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done

apache-hertzbeat-1.6.0-incubating-src.tar.gz
gpg: Signature made Tue May  2 12:16:35 2023 CST
gpg:                using RSA key 85778A4CE4DD04B7E07813ABACFB69E705016886
gpg: Good signature from "muchunjin (apache key) <muchunjin@apache.org>" [ultimate]
apache-hertzbeat_2.11-1.6.0-incubating-bin.tar.gz
gpg: Signature made Tue May  2 12:16:36 2023 CST
gpg:                using RSA key 85778A4CE4DD04B7E07813ABACFB69E705016886
gpg: Good signature from "muchunjin (apache key) <muchunjin@apache.org>" [ultimate]
apache-hertzbeat_2.12-1.6.0-incubating-bin.tar.gz
gpg: Signature made Tue May  2 12:16:37 2023 CST
gpg:                using RSA key 85778A4CE4DD04B7E07813ABACFB69E705016886
gpg: BAD signature from "muchunjin (apache key) <muchunjin@apache.org>" [ultimate]

# Verify SHA512
$ for i in *.tar.gz; do echo $i; sha512sum --check $i.sha512; done

apache-hertzbeat-1.6.0-incubating-src.tar.gz
apache-hertzbeat-1.6.0-incubating-src.tar.gz: OK
apache-hertzbeat-1.6.0-incubating-bin.tar.gz
apache-hertzbeat-1.6.0-incubating-bin.tar.gz: OK
apache-hertzbeat-1.6.0-incubating-docker-compose.tar.gz
apache-hertzbeat-1.6.0-incubating-docker-compose.tar.gz: OK
apache-hertzbeat-collector-1.6.0-incubating-bin.tar.gz
apache-hertzbeat-collector-1.6.0-incubating-bin.tar.gz: OK

3.7 Publish the dev directory of the Apache SVN material package

• Clone the dev directory

# Check out the dev directory of the Apache SVN to the svn/dev directory under dist in the root directory of the Apache HertzBeat project
svn co https://dist.apache.org/repos/dist/dev/incubator/hertzbeat svn/dev

svn co --depth empty https://dist.apache.org/repos/dist/dev/incubator/hertzbeat

• Copy the material package to the dev directory

Create a version number directory and name it in the form of ${release_version}-${RC_version}. RC_version starts from 1, that is, the candidate version starts from RC1. During the release process, there is a problem that causes the vote to fail. If it needs to be corrected, it needs to iterate the RC version , the RC version number needs to be +1. For example: Vote for version 1.6.0-RC1. If the vote passes without any problems, the RC1 version material will be released as the final version material. If there is a problem (when the hertzbeat/incubator community votes, the voters will strictly check various release requirements and compliance issues) and need to be corrected, then re-initiate the vote after the correction, and the candidate version for the next vote is 1.6.0- RC2.

mkdir -p svn/dev/1.6.0-RC1
cp -f dist/* svn/dev/1.6.0-RC1

• Commit to SVN

cd svn/dev

# 1.check svn status
svn status

# 2. add to svn
svn add 1.6.0-RC1

svn status

# 3. Submit to svn remote server
svn commit -m "release for HertzBeat 1.6.0"

• Check Apache SVN Commit Results

Visit the address https://dist.apache.org/repos/dist/dev/incubator/hertzbeat/1.6.0-RC1/ in the browser, check if existed the new material package

4. Enter the community voting stage

4.1 Send a Community Vote Email

Send a voting email in the community requires at least three +1 and no -1.

Send to: dev@hertzbeat.apache.org
Title: [VOTE] Release Apache HertzBeat (incubating) 1.6.0 rc1
Body:

Hello HertzBeat Community:

This is a call for vote to release Apache HertzBeat (incubating) version release-1.6.0-RC1.

Apache HertzBeat - a real-time monitoring system with agentless, performance cluster, prometheus-compatible, custom monitoring and status page building capabilities.

Release notes:
https://github.com/apache/hertzbeat/releases/tag/v1.6.0-rc1

The release candidates:
https://dist.apache.org/repos/dist/dev/incubator/hertzbeat/1.6.0-RC1/

Git tag for the release:
https://github.com/apache/hertzbeat/releases/tag/v1.6.0-rc1

The artifacts signed with PGP key [33545C76], corresponding to [muchunjin@apache.org], that can be found in keys file:
https://downloads.apache.org/incubator/hertzbeat/KEYS

The vote will be open for at least 72 hours or until the necessary number of votes are reached.

Please vote accordingly:

[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reason

*Valid check is a requirement for a vote. *Checklist for reference:

[ ] Download HertzBeat are valid.
[ ] Checksums and PGP signatures are valid.
[ ] Source code distributions have correct names matching the current
release.
[ ] LICENSE and NOTICE files are correct for each HertzBeat repo.
[ ] All files have license headers if necessary.
[ ] No compiled archives bundled in source archive.
[ ] Can compile from source.

More detail checklist please refer:
https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist

Steps to validate the release，Please refer to:
https://hertzbeat.apache.org/docs/community/how_to_verify_release

How to Build:
https://hertzbeat.apache.org/docs/community/development/#build-hertzbeat-binary-package

Thanks!

After 72 hours, the voting results will be counted, and the voting result email will be sent, as follows.

Send to: dev@hertzbeat.apache.org
Title: [RESULT][VOTE] Release Apache HertzBeat (incubating) 1.6.0-rc1
Body:

Dear HertzBeat community,

Thanks for your review and vote for "Release Apache HertzBeat (incubating) 1.6.0-rc1"
I'm happy to announce the vote has passed:


4 binding +1, from:

- cc

1 non-binding +1, from:

- Roc Marshal


no 0 or -1 votes.

Vote thread:
https://lists.apache.org/thread/t01b2lbtqzyt7j4dsbdp5qjc3gngjsdq


Thank you to everyone who helped us to verify and vote for this release. We will move to the ASF Incubator voting shortly.


Best,
ChunJin Mu

One item of the email content is Vote thread, and the link is obtained here: https://lists.apache.org/list.html?dev@hertzbeat.apache.org

3.2 Send Incubator Community voting mail

Send a voting email in the incubator community requires at least three +1 and no -1.

Send to: general@incubator.apache.org
cc: dev@hertzbeat.apache.org、tison@apache.org、willem.jiang@gmail.com
Title: [VOTE] Release Apache HertzBeat (incubating) 1.6.0-rc1
Body:

Hello Incubator Community:

This is a call for a vote to release Apache HertzBeat (incubating) version 1.6.0-RC1.
The Apache HertzBeat community has voted on and approved a proposal to release Apache HertzBeat (incubating) version 1.6.0-RC1.
We now kindly request the Incubator PMC members review and vote on this incubator release.
Apache HertzBeat, a real-time monitoring system with agentless, performance cluster, prometheus-compatible, custom monitoring and status page building capabilities.

HertzBeat community vote thread:
https://lists.apache.org/thread/t01b2lbtqzyt7j4dsbdp5qjc3gngjsdq

Vote result thread:
https://lists.apache.org/thread/t5z58mvrs1drgzfyc48c9lhmd8skswn7

The release candidate:
https://dist.apache.org/repos/dist/dev/incubator/hertzbeat/1.6.0-RC1/

Git tag for the release:
https://github.com/apache/hertzbeat/releases/tag/v1.6.0-rc1

The artifacts signed with PGP key [33545C76], corresponding to [muchunjin@apache.org], that can be found in keys file:
https://downloads.apache.org/incubator/hertzbeat/KEYS

The vote will be open for at least 72 hours or until the necessary number of votes are reached.

Please vote accordingly:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reason

More detailed checklist please refer:
• https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist

Steps to validate the release， Please refer to:
• https://www.apache.org/info/verification.html
• https://hertzbeat.apache.org/docs/community/how_to_verify_release


How to Build:
https://hertzbeat.apache.org/docs/community/development/#build-hertzbeat-binary-package


Thanks,

On behalf of Apache HertzBeat (incubating) community


Best,
ChunJin Mu

If there is no -1 after 72 hours, reply to the email as follows

Send to: general@incubator.apache.org
cc: dev@hertzbeat.apache.org
Body:

Thanks everyone for review and vote, 72H passed. I'll announce the vote result soon.

Best,
Chunjin Mu

Then the voting results will be counted, and the voting result email will be sent, as follows.

Send to: general@incubator.apache.org
cc: dev@hertzbeat.apache.org、tison@apache.org、willem.jiang@gmail.com
Title: [RESULT][VOTE] Release Apache HertzBeat (incubating) 1.6.0-rc1
Body:

Hi all,

Thanks for your review and vote for "Release Apache HertzBeat (incubating) 1.6.0-rc1"
I'm happy to announce the vote has passed:

3 binding votes, no +0 or -1 votes.
Thanks for reviewing and voting.

+3 (binding) +1, from:
- cc

no 0 or -1 votes.

Vote thread:
https://lists.apache.org/thread/k3cvcbzxqs6qy62d1o6r9pqpykcgvvhm


Thanks everyone for your feedback and help with HertzBeat apache release. The HertzBeat team will take the steps to complete this release and will announce it soon.

Best,
ChunJin Mu

One item of the email content is Vote thread, and the link is obtained here: https://lists.apache.org/list.html?general@incubator.apache.org

Wait a day to see if the tutor has any other comments, if not, send the following announcement email

4. Complete the final publishing steps

4.1 Migrating source and binary packages

svn mv https://dist.apache.org/repos/dist/dev/incubator/hertzbeat/1.6.0-RC1 https://dist.apache.org/repos/dist/release/incubator/hertzbeat/1.6.0  -m "transfer packages for 1.6.0-RC1"

4.2 Add the new version download address to the official website

https://github.com/apache/hertzbeat/blob/master/home/docs/download.md https://github.com/apache/hertzbeat/blob/master/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/download.md

Open the official website address https://hertzbeat.apache.org/docs/download/ to see if there is a new version of the download

It should be noted that the download link may take effect after an hour, so please pay attention to it.

4.3 Generate a release on github

Create a tag named v1.6.0 based on the release-1.6.0-rc1 branch, and set this tag to latest release.

Then enter Release Title and Describe

• Release Title:

v1.6.0-incubating

• Describe:

Release-1.6.0-incubating
release note: xxx

Then click the Publish release button.

The rename the release-1.6.0-rc1 branch to release-1.6.0.

4.5 Send new version announcement email

Send to: general@incubator.apache.org
cc: dev@hertzbeat.apache.org
Title: [ANNOUNCE] Release Apache HertzBeat (incubating) 1.6.0
Body:

Hi all,

We are glad to announce the release of Apache HertzBeat (incubating) 1.6.0.
Once again I would like to express my thanks to your help.

Apache HertzBeat(https://hertzbeat.apache.org/) - a real-time monitoring system with agentless, performance cluster, prometheus-compatible, custom monitoring and status page building capabilities.

Download Links: https://hertzbeat.apache.org/download/
Release Notes: https://github.com/apache/hertzbeat/releases/tag/v1.6.0

HertzBeat Resources:
- Issue: https://github.com/apache/hertzbeat/issues
- Mailing list: dev@hertzbeat.apache.org


Apache HertzBeat Team

Best,
ChunJin Mu

This version release is over.

---

This doc refer from Apache StreamPark