Skip to content

Release Guide

Jump to bottom
Brian Demers edited this page Jun 7, 2017 · 21 revisions

This page describes the steps required to publish a new final release of the Okta Java SDK.

This project is released to Maven Central according to the Sonatype OSS Maven Repository Usage Guide.

Prerequisites

  • JDK 8 is installed, $JAVA_HOME is set, and $JAVA_HOME/bin is added to your $PATH

  • Git 2.0+ is installed (e.g. brew install git)

  • Maven 3.3.9+ is installed and mvn is available in your $PATH

  • The gpg2 encryption client is installed and in your path (e.g. brew install gpg2).

  • You have both created and distributed your GPG keys (note that if you used brew install gpg2 as recommended, the executable for these commands is gpg2 and not gpg).

  • You have created a Sonatype OSS issues account

  • You have created an issue requesting deploy permissions for the Okta Java SDK and that account has been granted release permissions to the Sonatype OSS repository for Okta.

    • The Project for the Jira issue you create on Sonatype is Community Support - Open Source Project Repository Hosting (OSSRH).

    • The Issue Type should be set to New Project

    • For the Summary field, enter: requesting deploy rights for com.okta groupId

    • The Group Id field should be set to com.okta

    • The Project URL and SCM url fields should both be set to https://github.com/okta/okta-sdk-java

    • The username field should be username you created for your sonatype account

    • To speed things up you could also send an email to Jose requesting him to authorize the petition in the issue. Make sure you include the link to the Sonatype Jira issue you created.

    • Note: It can take a few days for your request to be approved.

    • If you do not yet have permissions and you believe you should, open a GitHub Issue and request it and we'll work with Sonatype to grant you those permissions if you should have them.

  • You have configured $HOME/.m2/settings.xml and added the following profiles:

<servers>
...
    <server>
      <id>sonatype-nexus-snapshots</id>
      <username>your sonatype username</username>
      <password>your sonatype pass</password>
    </server>
    <server>
      <id>sonatype-nexus-staging</id>
      <username>your sonatype username</username>
      <password>your sonatype pass</password>
    </server>
...
</servers>
...
<profiles>
	...
	<profile>
	    <id>okta-signature</id>
	    <properties>
	        <gpg.executable>gpg2</gpg.executable>
	        <gpg.keyname>YOUR_GPG_KEY_NAME</gpg.keyname>
	        <gpg.passphrase>YOUR_GPG_PASSPHRASE</gpg.passphrase>
	    </properties>
	</profile>
	<profile>
	    <id>sonatype-oss-release</id>
	    <properties>
	        <gpg.executable>gpg2</gpg.executable>
	        <gpg.keyname>YOUR_GPG_KEY_NAME</gpg.keyname>
	        <gpg.passphrase>YOUR_GPG_PASSPHRASE</gpg.passphrase>
	    </properties>
	</profile>
	...
</profiles>

NOTE: At the time of this writing you will also be prompted by gpg agent.

where YOUR_GPG_KEY_NAME is the key name you gave the key when you created it and YOUR_GPG_PASSPHRASE is the passphrase you used when you created the key.

NOTE: adding these lines is a security risk if your `$HOME/.m2/settings.xml` file is readable by anyone other than you! Ensure you've protected that file, e.g.

chmod go-rwx $HOME/.m2/settings.xml
Again, the `gpg.executable` name of `gpg2` assumes you used `brew install gpg2`.
  • You have enabled both of these profiles under the <activeProfiles> element:
<activeProfiles>
    <activeProfile>sonatype-oss-release</activeProfile>
    <activeProfile>okta-signature</activeProfile>
    <!-- any others: -->
</activeProfiles>

Pre Release

Note: Occasionally, a minor version release needs to be done after new PRs have been merged to the release branch (e.g. 1.1.x). Follow the instructions here to get setup for that.

  1. Ensure all changes for the version being released have been represented in the project's top-level changelog.md file in a section named after the version, listing the changes associated with the release. No release should be published without appropriate change log entries!

    The new section should be written in a feature branch and then those changes should be merged into the release branch right before you perform the release.

  2. Ensure the Project Documentation has been updated to document all new features and/or fixes. You will need to cut and push a new release of the documentation after you publish the Java SDK release.

  3. Ensure all changes that are to be released (including changelog edits) have been committed to the Java SDK's release branch and that the Travis CI project status representing those changes reports no errors whatsoever.

Perform the Release

  1. After the above prerequisites have been satisfied and you have performed the pre-release verification, run the following on the command line:

    git checkout <release-branch>
# ensure git status reports no changes:
git status
# assuming no reported changes:
./src/ci/release.sh

    This will build the final versioned artifacts and upload them to the Sonatype OSS repository server in a staging repository. This is called a staged release - it is not yet available to the world.

    A staged release is fully 'done' as far as the build process is concerned, but the staged artifacts will not be released to the world in Maven Central until we log in to the repository user interface and manually execute this behavior.

    This is a really nice safety net: if there is any error at all the final versioned artifacts do not 'leak' into Maven Central, where they could be used by end-users. Only after you've ensured the release was 'clean' and that the artifacts were built as expected, and all is well, then we release the artifacts to the world.

  2. Release the artifacts to the world by using the Sonatype Nexus UI

    In practice this really means the following:

    1. Visit https://oss.sonatype.org and login (upper right) using the account you created as a prerequisite.
    2. Access the 'Staging Repositories' menu item on the left
    3. Find the comokta-### entry - usually at the bottom - and check it (or just search for comokta).
    4. Click the Release button and type in a message, e.g 'releasing 0.8.1'. Ensure the Automatically Drop option is checked and then click the Confirm button.

    After you Confirm the Release, that's it - the artifacts will be propagated to Maven central. The sync time usually takes about 2 to 3 hours to make the artifacts available to the world.

  3. Push the new tag

    Since the actual release process requires a manual button push (at least at this point), we cannot push the release tag to Github until we officially release the binaries.

    git push origin <tag-name>

  4. Push changes to master

    Currently the 'master' branch is protected, so a PR will need to be created to push the two Maven release plugin commits.

Post Release

Project Documentation update is now fully automated.

1. GitHub Tasks

  • If necessary, create a branch for the next version (e.g. 1.1.x) from the release tag.

2. Email the Okta DevEx Team

Notify them about the release. The email should contain the following:

  1. A link to the specific section in the specific tagged release's changelog.md file, e.g. https://github.com/okta/okta-sdk-java/blob/okta-sdk-root-1.1.0/changelog.md#110. Notice that this URL points to a specific section of a specific file in a tagged release. This guarantees that this link will always work because the tag will never be changed/removed - we keep tags permanent. If you were to link to the HEAD version of the doc, it is possible that the link would break in the future. This way, we ensure that whatever link marketing uses to notify Okta end-users will always work in the future (e.g. in blog articles, etc).
  2. A link to the previously-verified project documentation, e.g. http://docs.okta.com/java/.
  3. A link to the GitHub milestone containing all issues that were resolved for the release, e.g. https://github.com/okta/okta-sdk-java/issues?utf8=%E2%9C%93&q=milestone%3A1.1.0%20is%3Aclosed%20is%3Aissue

Example email template:

Subject: Okta Java SDK 1.0.RC5.1 Released!
Body:

Hi everyone,

I am pleased to announce that version 1.0.RC5.1 of the Okta Java SDK has been released!

This is a bugfix point release that resolves 7 issues: https://github.com/okta/okta-sdk-java/issues?q=milestone%3A1.0.RC5.1+is%3Aclosed+is%3Aissue
Project documentation is here: http://docs.okta.com/java/product-guide/
Change log for 1.0.RC5.1 is here: https://github.com/okta/okta-sdk-java/blob/okta-sdk-root-1.0.RC5.1/changelog.md#10rc51

Please allow 3 to 4 hours for the release artifacts to appear in Maven Central before announcing the release to the Okta user community.

Cheers,

Your Name

Minor Version Release After Master Merge

You may find that days or even weeks after a release has been done, that a hotfix for a bug needs to be released. However, in the interim, other PRs may have been merged to master. Follow these steps to prepare for this kind of release.

  1. create a branch off the last release commit

    git branch <branchname> <sha1-of-commit>

  2. make your changes and commit them to the newly created branch. You can create a PR, but you will be releasing from the branch before merging to master

  3. prepare and perform the release as outlined above, but run the commands from the branch you created. At the end of this process, you will have two additional commits on your branch: 1 for preparing the release and 1 for preparing the next release.

  4. Once the release is complete, you can merge master into your branch and then merge into master.

Backing out a release if something goes wrong

The automated way

  1. mvn release:rollback
  2. Check that the pom files in Github have been rolled back
  3. git push --delete origin <TAG_NAME> (usually something like okta-sdk-root-XX, where XX is the release version)
  4. git tag -d <TAG_NAME> (same as above): removes local tag
  5. Start over: your local branch has diverged from origin, so you need to start from scratch now checking out a new fresh copy of the SDK.

The manual way

In the Java SDK project, make note of the commit BEFORE the release commits. Also make note of the release tag.

[![rollback][1]][1] [1]: images/StormpathRollback.png

In this case, it's dac4d48 and okta-sdk-root-1.0.RC5.1.

Execute the following:

git tag -d <tag name> # delete the local tag
git push origin :refs/tags/<tag name> # delete the remote tag
git reset --hard <commit hash prior to release>
git push --force origin master

Troubleshooting

During release:perform

Error

An API incompatibility was encountered while executing org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy: org.eclipse.aether.spi.connector.ArtifactUpload.setListener(Lorg/eclipse/aether/transfer/TransferListener;)Lorg/eclipse/aether/spi/connector/ArtifactUpload

Solution

Be sure you are using Maven version 3.3.9+

Clone this wiki locally