Closed
Description
Motivation
Currently, releases are created and verified manually on a maintainer’s machine since they need to be signed with a PGP key when publishing to Maven Central. Since the build is reproducible, this task will introduce automation that will rebuild the artifacts (without signing) prior to promoting the release from the staging repository to Maven Central and verify that they’re identical. Moreover, manual release steps such as verifying the artifacts can be consumed by build tools like Gradle and Maven will be automated as part of this task. This will improve the “truck factor” of the project and make it more sustainable.
Deliverables
- Fail build when assembling a release version that depends on snapshots #4223
- Create release workflow on GitHub Actions
- Add workflow to verify reproducibility of binary release artifacts #4225: Automate rebuilding of all artifacts (without signing) prior to promoting the release to ensure integrity and reproducibility
- Automate release verification steps junit-examples#510
- Automate verification of releases artifact consumability #4227: Automate artifact verification via Gradle, Maven, etc. from staging repo
- Automate post-release steps #4231
- Document release steps as a checklist #4239
Metadata
Metadata
Assignees
Type
Projects
Status
Done