From ee3ecf3ec485c6317a443fe170a565718a6bc917 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 13 Feb 2024 10:23:09 +0100 Subject: [PATCH] Add dependency promotion/demotion step to release checklist --- doc/releasing.md | 56 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 19 deletions(-) diff --git a/doc/releasing.md b/doc/releasing.md index 88083b50c..3c2a46c88 100644 --- a/doc/releasing.md +++ b/doc/releasing.md @@ -6,13 +6,22 @@ Release candidate versions 1. Make sure release notes in `NEWS` are up to date. - 2. Run the tests one more time: + 2. Review the diff from the previous version for any changes to the public API, + and adjust the upcoming version number accordingly. + + If any implementation dependencies have been added to method signatures in + the public API, including `throws` declarations, change these dependencies + from `implementation` to `api` dependency declarations in the relevant + Gradle build script. Conversely, remove or downgrade to `implementation` any + dependencies no longer exposed in the public API. + + 3. Run the tests one more time: ``` $ ./gradlew clean check ``` - 3. Update the Java version in the [`release-verify-signatures` + 4. Update the Java version in the [`release-verify-signatures` workflow](https://github.com/Yubico/java-webauthn-server/blob/main/.github/workflows/release-verify-signatures.yml#L42). See the `openjdk version` line of output from `java -version`: @@ -34,7 +43,7 @@ Release candidate versions Commit this change, if any. - 4. Tag the head commit with an `X.Y.Z-RCN` tag: + 5. Tag the head commit with an `X.Y.Z-RCN` tag: ``` $ git tag -a -s 1.4.0-RC1 -m "Pre-release 1.4.0-RC1" @@ -42,13 +51,13 @@ Release candidate versions No tag body needed. - 5. Publish to Sonatype Nexus: + 6. Publish to Sonatype Nexus: ``` $ ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository ``` - 6. Push to GitHub. + 7. Push to GitHub. If the pre-release makes significant changes to the project README, such that the README does not accurately reflect the latest non-pre-release @@ -66,7 +75,7 @@ Release candidate versions $ git push origin main 1.4.0-RC1 ``` - 7. Make GitHub release. + 8. Make GitHub release. - Use the new tag as the release tag. - Check the pre-release checkbox. @@ -76,7 +85,7 @@ Release candidate versions - Note the JDK version shown by `java -version` in step 3. For example: `openjdk version "17.0.7" 2023-04-18`. - 8. Check that the ["Reproducible binary" + 9. Check that the ["Reproducible binary" workflow](https://github.com/Yubico/java-webauthn-server/actions/workflows/release-verify-signatures.yml) runs and succeeds. @@ -86,7 +95,16 @@ Release versions 1. Make sure release notes in `NEWS` are up to date. - 2. Make a no-fast-forward merge from the last (non release candidate) release + 2. Review the diff from the previous version for any changes to the public API, + and adjust the upcoming version number accordingly. + + If any implementation dependencies have been added to method signatures in + the public API, including `throws` declarations, change these dependencies + from `implementation` to `api` dependency declarations in the relevant + Gradle build script. Conversely, remove or downgrade to `implementation` any + dependencies no longer exposed in the public API. + + 3. Make a no-fast-forward merge from the last (non release candidate) release to the commit to be released: ``` @@ -108,13 +126,13 @@ Release versions $ git branch -d release-1.4.0 ``` - 3. Remove the "(unreleased)" tag from `NEWS`. + 4. Remove the "(unreleased)" tag from `NEWS`. - 4. Update the version in the dependency snippets in the README. + 5. Update the version in the dependency snippets in the README. - 5. Update the version in JavaDoc links in the READMEs. + 6. Update the version in JavaDoc links in the READMEs. - 6. Update the Java version in the [`release-verify-signatures` + 7. Update the Java version in the [`release-verify-signatures` workflow](https://github.com/Yubico/java-webauthn-server/blob/main/.github/workflows/release-verify-signatures.yml#L42). See the `openjdk version` line of output from `java -version`: @@ -134,20 +152,20 @@ Release versions java: ["17.0.7"] ``` - 7. Amend these changes into the merge commit: + 8. Amend these changes into the merge commit: ``` $ git add NEWS README */README .github/workflows/release-verify-signatures.yml $ git commit --amend --reset-author ``` - 8. Run the tests one more time: + 9. Run the tests one more time: ``` $ ./gradlew clean check ``` - 9. Tag the merge commit with an `X.Y.Z` tag: +10. Tag the merge commit with an `X.Y.Z` tag: ``` $ git tag -a -s 1.4.0 -m "Release 1.4.0" @@ -155,19 +173,19 @@ Release versions No tag body needed since that's included in the commit. -10. Publish to Sonatype Nexus: +11. Publish to Sonatype Nexus: ``` $ ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository ``` -11. Push to GitHub: +12. Push to GitHub: ``` $ git push origin main 1.4.0 ``` -12. Make GitHub release. +13. Make GitHub release. - Use the new tag as the release tag. - Copy the release notes from `NEWS` into the GitHub release notes; reformat @@ -176,6 +194,6 @@ Release versions - Note the JDK version shown by `java -version` in step 6. For example: `openjdk version "17.0.7" 2023-04-18`. -13. Check that the ["Reproducible binary" +14. Check that the ["Reproducible binary" workflow](https://github.com/Yubico/java-webauthn-server/actions/workflows/release-verify-signatures.yml) runs and succeeds.