This document is intended to be kept up to date by the DSpace Release Managers.  It details the steps necessary to perform snapshot and official releases of DSpace and supporting Modules.

Prerequisites

Verify Release Privileges

To perform a release, you must have:

• Write access to the DSpace subversion repository hosted at http://scm.dspace.org/svn/repo; This requires an administrator to add you to the svn repository permissions via the TRAC user group.
• Write access to the org.dspace groupId in the snapshot and staging repositories hosted at oss.sonatype.org.  If you don't already have this, you will need to:
  • Sign up for a Sonatype JIRA account. This account will also serve as your login to the Sonatype OSS system
  • Ask the previous release manager to request authorization for this account via the Sonatype JIRA system in the Open Source Project Repository Hosting project. Once Sonatype gives you the proper authorization, you should be able to login to the Sonatype OSS system using the same login/password you setup in Sonatype JIRA.
  • The full details of signing up and getting access to Sonatype are also posted online here: Sonatype Maven Repository Usage Guide
• In order to release code to Sonatype, you must generate and publish your own personal Code Signing Key. Here are two sites that give hints on how to do that:
  • Creating a Code Signing Key
  • How to Generate PGP Signatures with Maven (required for all Sonatype releases)

Update Maven settings.xml

DSpace's root pom.xml already has the correct staging and snapshot repositories listed in the OSS parents distributionManagement section.  In order to deploy, you will need to add your Sonatype OSS username and password to your local ~/.m2/settings.xml file:

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
  <servers>
    <server>
      <id>sonatype-nexus-snapshots</id>
      <username>YourUsername</username>
      <password>YourPassword</password>
    </server>
    <server>
      <id>sonatype-nexus-staging</id>
      <username>YourUsername</username>
      <password>YourPassword</password>
    </server>
  </servers>
</settings>

If you don't yet have a ~/.m2/settings.xml file, you should create one, and copy the full contents above (obviously make sure to put in your username and password).

Avoid Using Maven 2.1.0 or 2.2.0

Make sure you're using a recent version of Maven. As of this writing, the latest was 2.2.1, and it worked fine. In particular, avoid version 2.2.0: it has a serious bug that affects deployments: MNG-4235. Maven 2.1.0 also is problematic, as it produces improper GPG signatures.

For more information see the Pre-Requisities section of theSonatype Maven Repository Usage Guide

Making a Snapshot Release (e.g. 'dspace-1.7.0-SNAPSHOT')

One Step

From a clean, up-to-date copy of trunk, run the following command:

• mvn clean javadoc:jar source:jar deploy

You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).

The snapshot will be immediately available in the public Sonatype repository: http://oss.sonatype.org/content/groups/public

Making an Official Release (e.g. 'dspace-1.7.0' or 'dspace-1.7.0-rc1')

Do a Dry Run

This step is not required, but performs a useful sanity check without committing any changes. From a clean, up-to-date copy of trunk, run the following command:

• mvn release:prepare -DdryRun=true

You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).

Tag and Increment Version

This step will set the version declared in the project's pom.xml files, commit the changes to trunk, tag the release, and finally, check in another trunk change that increments the next development version (e.g. x.y-SNAPSHOT) in the pom.xml files.

• mvn release:prepare -Dresume=false

(Optionally, you may also include the parameters -Dusername=YourSVNUsername -Dpassword=YourSVNPassword, though I've not found these to be necessary)

You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).

Deploy Artifacts to Staging

This step will sign, checksum, and push all release artifacts (including javadocs and sources) to the staging repository.

1. In a separate directory, check out the newly-tagged release from subversion and "mvn install" it.
2. Now, go back to the directory which has your checkout of 'trunk' (which was used in the above steps)
3. Run, mvn release:perform
   • If your GPG Code Signing Key isn't found by Maven, you may need to specify your GPG code signing key and passphrase as arguments to the above command: -Darguments="-Dgpg.keyname=YourKeyId -Dgpg.passphrase=YourKeyPassword"
   • By default, Maven should just prompt you to specify your GPG passphrase.

Verify and Promote Staged Artifacts

1. Log into http://oss.sonatype.org/ UI, click Staging in the left column, then select the staged repository on the right. It will open below. Right click on it and select Close.
2. Download and test that the artifacts in staging are exactly as they should be once deployed to central.

If anything is incorrect, right click the staged repository and select "Drop". After the problem is resolved, you can re-deploy the artifacts to staging and verify them again. To re-deploy an already-tagged release:

• mvn release:perform -Dtag=dspace-x.y -DconnectionUrl=scm:svn:https://scm.dspace.org/svn/repo/dspace -Darguments="-Dgpg.keyname=YourKeyId -Dgpg.passphrase=YourKeyPassword"

If everything looks good, right click on the repository and select "Promote". The artifacts should be synced to central within an hour.

(acknowledge this shameless copy and paste from Akubra Release Process)