[docs] Crafting a new release (#8433)

* [docs] Crafting a new release

[docs] Crafting a new release (#8433)
* [docs] Crafting a new release
c1810aab · Daniel Vaz Gaspar · GitHub · eaeed0c9 · c1810aab · c1810aab
隐藏空白更改
内联并排

Showing with 41 addition and 6 deletion

RELEASING/README.md RELEASING/README.md +25 -3

scripts/sign.sh scripts/sign.sh +16 -3

未找到文件。
--- a/RELEASING/README.md
+++ b/RELEASING/README.md
@@ -45,14 +45,30 @@ need to be done at every release.


    # Add your GPG pub key to KEYS file. Replace "Maxime Beauchemin" with your name
-    export FULLNAME="Maxime Beauchemin"
-    (gpg --list-sigs $FULLNAME && gpg --armor --export $FULLNAME ) >> KEYS
+    export SUPERSET_PGP_FULLNAME="Maxime Beauchemin"
+    (gpg --list-sigs "${SUPERSET_PGP_FULLNAME}" && gpg --armor --export "${SUPERSET_PGP_FULLNAME}" ) >> KEYS


    # Commit the changes
    svn commit -m "Add PGP keys of new Superset committer"
 ```

+## Crafting a source release
+
+When crafting a new minor or major release we create 
+a branch named with the release MAJOR.MINOR version.
+This new branch will hold all PATCH and release candidates 
+that belong to the MAJOR.MINOR version.
+
+The MAJOR.MINOR branch is normally a "cut" from a specific point in time from the master branch.
+Then (if needed) apply all cherries that will make the PATCH
+
+Finally bump the version number on `superset/static/assets/package.json` ::
+
+    "version": "0.35.0rc1"
+
+Commit the change with the version number, then git tag the version and push
+
 ## Setting up the release environment (do every time)

 As the vote process takes a minimum of 72h (community vote) + 72h (IPMC) vote,
@@ -74,6 +90,8 @@ Then you can generate other derived environment variables that are used
 throughout the release process:

 ```bash
+    # Replace SUPERSET_PGP_FULLNAME with your PGP key name for Apache
+    export SUPERSET_PGP_FULLNAME="YOURFULLNAMEHERE"
    export SUPERSET_VERSION_RC=${SUPERSET_VERSION}rc${SUPERSET_RC}
    export SUPERSET_RELEASE=apache-superset-incubating-${SUPERSET_VERSION}
    export SUPERSET_RELEASE_RC=apache-superset-incubating-${SUPERSET_VERSION_RC}
@@ -121,7 +139,11 @@ Now let's craft a source release
        -o ~/svn/superset_dev/${SUPERSET_VERSION_RC}/${SUPERSET_RELEASE_RC_TARBALL}

    cd ~/svn/superset_dev/${SUPERSET_VERSION_RC}/
-    ${SUPERSET_REPO_DIR}/scripts/sign.sh ${SUPERSET_RELEASE_RC}-source.tar.gz
+    ${SUPERSET_REPO_DIR}/scripts/sign.sh "${SUPERSET_RELEASE_RC_TARBALL}" "${SUPERSET_PGP_FULLNAME}"
+
+    # To verify to signature
+    gpg --verify "${SUPERSET_RELEASE_RC_TARBALL}".asc "${SUPERSET_RELEASE_RC_TARBALL}"
+
 ```

 ### Shipping to SVN

--- a/scripts/sign.sh
+++ b/scripts/sign.sh
@@ -22,7 +22,20 @@
 # you will still be required to type in your signing key password
 # or it needs to be available in your keychain

-NAME=${1}

-gpg --armor --output ${NAME}.asc --detach-sig ${NAME}
-gpg --print-md SHA512 ${NAME} > ${NAME}.sha512
+# The name of the file/artifact to sign ${RELEASE}-source.tar.gz
+
+if [ -z "${1}" ]; then
+    echo "Missing first parameter, usage: sign <FILE_NAME> <GPG KEY>"
+    exit 1
+fi
+NAME="${1}"
+if [ -z "${2}" ]; then
+  gpg --armor --output "${NAME}".asc --detach-sig "${NAME}"
+  gpg --print-md SHA512 "${NAME}" > "${NAME}".sha512
+else
+  # The GPG key name to use
+  GPG_LOCAL_USER="${2}"
+  gpg --local-user "${GPG_LOCAL_USER}" --armor --output "${NAME}".asc --detach-sig "${NAME}"
+  gpg --local-user "${GPG_LOCAL_USER}" --print-md SHA512 "${NAME}" > "${NAME}".sha512
+fi