This document is intended to be kept up to date by the DSpace Release Managers.  It details the steps necessary to perform snapshot and official releases of DSpace and supporting Modules.

Prerequisites

Verify Release Privileges

To perform a release, you must have all of the following:

1. Write access to the DSpace subversion repository hosted at http://scm.dspace.org/svn/repo; This requires an administrator to add you to the svn repository permissions via the TRAC user group.
2. Write access to the org.dspace groupId in the snapshot and staging repositories hosted at oss.sonatype.org.  If you don't already have this, you will need to:
   • Sign up for a Sonatype JIRA account. This account will also serve as your login to the Sonatype OSS system
   • Ask the previous release manager to request authorization for this account via the Sonatype JIRA system in the Open Source Project Repository Hosting project. Once Sonatype gives you the proper authorization, you should be able to login to the Sonatype OSS system using the same login/password you setup in Sonatype JIRA.
   • The full details of signing up and getting access to Sonatype are also posted online here: Sonatype Maven Repository Usage Guide
3. You must generate and publish your own personal Code Signing Key (required by Sonatype). Here are two sites that give hints on how to do that:
   • Creating a Code Signing Key
   • How to Generate PGP Signatures with Maven (required for all Sonatype releases)
4. Write access to projects.dspace.org (which is where the DSpace Projects website is hosted)
   • Ask the previous release manager (or someone else with access) to be given access to this server.
   • Include your proposed username
   • Include a local SSH Public Key (which will be used for authentication).

Setting up a new person with proper access to projects.dspace.org

Here's notes from Mark Diggory on how to give someone else access to the OSUOSL server (projects.dspace.org):

1. adduser -m <user-name>
2. Add authorized key to ~/.ssh/authorizedkeys (make sure permissions are correct on file)
3. Add user to /etc/groups

   maven:x:4002:peterdietz,esm,mdiggory,tdonohue,ben,kim,apache

4. Make sure umask 002 is in the users ~/.bash_profile so maven permissions are written correctly.

Update Maven settings.xml

DSpace's root pom.xml already has the correct staging and snapshot repositories listed in the OSS parents distributionManagement section.  In order to deploy, you will need to add your Sonatype OSS username and password to your local ~/.m2/settings.xml file:

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
  <servers>
    <!--Login info for Sonatype SnapShot repository-->
    <server>
      <id>sonatype-nexus-snapshots</id>
      <username>YourSonatypeUsername</username>
      <password>YourSonatypePassword</password>
    </server>
    <!--Login info for Sonatype Staging/Release repository-->
    <server>
      <id>sonatype-nexus-staging</id>
      <username>YourSonatypeUsername</username>
      <password>YourSonatypePassword</password>
    </server>
    <!--Login info for DSpace Projects (projects.dspace.org) website @OSUOSL-->
    <server>
       <id>website</id>
       <username>YourOSUOSLUserName</username>
       <privateKey>[Full-path-to]\.ssh\id_rsa</privateKey>
       <passphrase>YourKeyPassphrase (if necessary)</passphrase>
    </server>
  </servers>
</settings>

If you don't yet have a ~/.m2/settings.xml file, you should create one, and copy the full contents above (obviously make sure to put in your username and password).

Avoid Using Maven 2.1.0 or 2.2.0

Make sure you're using a recent version of Maven. As of this writing, the latest was 2.2.1, and it worked fine. In particular, avoid version 2.2.0: it has a serious bug that affects deployments: MNG-4235. Maven 2.1.0 also is problematic, as it produces improper GPG signatures.

For more information see the Pre-Requisities section of theSonatype Maven Repository Usage Guide

Making a Snapshot Release (e.g. 'dspace-1.7.0-SNAPSHOT')

One Step

From a clean, up-to-date copy of trunk, run the following command:

• mvn clean javadoc:jar source:jar deploy

You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).

The snapshot will be immediately available in the public Sonatype repository: http://oss.sonatype.org/content/groups/public

Making an Official Release (e.g. 'dspace-1.7.0' or 'dspace-1.7.0-rc1')

Do a Dry Run

This step is not required, but performs a useful sanity check without committing any changes. From a clean, up-to-date copy of trunk, run the following command:

• mvn release:prepare -DdryRun=true

You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).

Tag and Increment Version

This step will set the version declared in the project's pom.xml files, commit the changes to trunk, tag the release, and finally, check in another trunk change that increments the next development version (e.g. x.y-SNAPSHOT) in the pom.xml files.

• mvn release:prepare -Dresume=false

(Optionally, you may also include the parameters -Dusername=YourSVNUsername -Dpassword=YourSVNPassword, though I've not found these to be necessary)

You will have to enter in your GPG passphrase (which you established when you created your Code Signing Key).

Deploy Artifacts to Staging

This step will sign, checksum, and push all release artifacts (including javadocs and sources) to the staging repository.

1. In a separate directory, check out the newly-tagged release from subversion and "mvn install" it.
2. Now, go back to the directory which has your checkout of 'trunk' (which was used in the above steps)
3. Run mvn release:perform
   • If your GPG Code Signing Key isn't found by Maven, you may need to specify your GPG code signing key and passphrase as arguments to the above command: (e.g.) mvn release:perform -Darguments="-Dgpg.keyname=YourKeyId -Dgpg.passphrase=YourKeyPassword"
   • By default, Maven should just prompt you to specify your GPG passphrase

If any errors or problems occur during the deploy, you can re-run mvn release:perform safely after fixing those issues (re-running it will just overwrite existing staged contents).

Verify and Release Staged Artifacts

1. Log into http://oss.sonatype.org/ UI
2. Click "Staging Repositories" in the left column, then select the checkbox next to the staged repository on the right. It will open up below.
3. With the staged repository still selected, click the "Close" button at the top.
4. Download and test that the artifacts in staging are exactly as they should be once deployed to central.

If anything is incorrect, select the staged repository and select "Drop". After the problem is resolved, you can re-deploy the artifacts to staging and verify them again. To re-deploy an already-tagged release:

• mvn release:perform -Dtag=dspace-x.y -DconnectionUrl=scm:svn:https://scm.dspace.org/svn/repo/dspace -Darguments="-Dgpg.keyname=YourKeyId -Dgpg.passphrase=YourKeyPassword"

If everything looks good, select the repository and select "Release". The artifacts should be synced to central within an hour, and will officially be released to http://repo2.maven.org/maven2/org/dspace/