Logging Parent POM Release Guide

Preparation

1. Make sure you have a PGP key of at least 4096 bits in the RSA format added to the KEYS file in addition to a public PGP key server such as http://keyserver.ubuntu.com.
2. Configure your git config user.signingKey, user.name, and user.email values to match that key.

   1. For example:

      git config user.name 'Matt Sicker'
      git config user.email 'mattsicker@apache.org'
      git config user.signingKey 0x031EE010CA15D1EE

3. Add your GPG and LDAP info to your ~/.m2/settings.xml
   1. If you haven't set a master password for Maven, run mvn --encrypt-master-password and choose a password.
   2. Save this in ~/.m2/settings-security.xml as (make sure to preserve the curly braces to indicate the password is encrypted):

      1. <settingsSecurity>
           <master>{encryptedPasswordHere}</master>
         </settingsSecurity>

   3. Next, encrypt your LDAP and GPG passwords using mvn --encrypt-password and store those inside ~/.m2/settings.xml like so (make sure to use the long form of your key id given by the gpg -K command):

      1. <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
         
           <servers>
             <server>
               <id>svn.apache.org</id>
               <username>myLdapId</username>
               <password>{myLdapPass}</password>
             </server>
             <server>
               <id>apache.releases.https</id>
               <username>myLdapId</username>
               <password>{myLdapPass}</password>
             </server>
             <server>
               <id>apache.snapshots.https</id>
               <username>myLdapId</username>
               <password>{myLdapPass}</password>
             </server>
           </servers>
         
           <!-- note that this enables the release profile by default which will gpg sign all apache artifacts during builds -->
           <!-- when not releasing, comment this element out or use -P!apache-release to disable the profile from the command line -->
           <activeProfiles>
             <activeProfile>apache-release</activeProfile>
           </activeProfiles>
         
           <profiles>
             <profile>
               <id>apache-release</id>
               <properties>
         		<!-- note that these settings are only needed if you haven't configured your default key in your gpg.conf already -->
                 <gpg.keyname>0x031EE010CA15D1EE</gpg.keyname>
         		<!-- specify your Maven-encrypted GPG passphrase for this key if you aren't using gpg-agent -->
                 <gpg.passphrase>{myGpgKeyPassphrase}</gpg.passphrase>
               </properties>
             </profile>
           </profiles>
         
         </settings>

Release Process

1. Note that since a parent pom can be easily ignored by downstream users, this release process works via lazy approval rather than the usual voting process.
2. Run mvn -Papache-release release:prepare release:perform -DreleaseVersion=n -DdevelopmentVersion=N-SNAPSHOT -Dtag=logging-parent-n to begin the release process.
3. Login to https://repository.apache.org/ and find the newly created staging repository. Close it to publish said release to staging.
4. Send a lazy vote email for this version to dev@logging.apache.org.
   1. If there are problems with this release, a new version can be released without issue.
5. After the voting period, release the artifacts from Nexus.
6. Create a signed tag of the passed release candidate via git tag -s rel/n 'logging-parent-n^{}' -m 'Release n of Logging Parent POM' && git push --tags
7. Send announcement email to dev@logging.apache.org.