Releasing new Sailor version
Please refer to any document available on the Internet to generate gpg keys if you don't have any yet. It is required to have valid keys to sign the archives. Long story short, what you will need is to run something like:
gpg --full-gen-key
Before releasing a new Sailor version please make sure you have your ~/.gradle/gradle.properties file. An example of this configuration file is shown below:
signing.keyId=SCD44FAB
signing.password=very_secret
signing.secretKeyRingFile=/Users/igor/.gnupg/secring.gpg
- signing.keyId - your key Id. You can find it with the command
~ gpg -K
sec rsa4096 2021-01-25 [SC] [expires: 2023-01-25]
52E8TE4E39A7362QQE17B708AD8E779ESCD44FAB
uid [ultimate] Pavlo Voropaiev <[email protected]>
ssb rsa4096 2021-01-25 [E] [expires: 2023-01-25]
What you need is to copy the last 8 digits of the keyId (SCD44FAB in this case).
- signing.password - your passphrase
- signing.secretKeyRingFile - The absolute path to the secret key ring file containing your private key. Since gpg 2.1, you need to export the keys with command
gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg
Important NOTE: You must send your keys to public servers in advance. Otherwise, you will get Event: Failed: Signature Validation after you upload archives to the staging repo. You can do it in this way:
gpg --export --armor SCD44FAB > fileName.pub
Then go to https://keys.openpgp.org/upload and upload the file there.
The build process executes аn integration test among other tests. These integration tests require a RabbitMQ instance up and running. For that purpose please execute the rabbitmq-server command. The results should look like the following.
~ rabbitmq-server
## ## RabbitMQ 3.8.3
## ##
########## Copyright (c) 2007-2020 Pivotal Software, Inc.
###### ##
########## Licensed under the MPL 1.1. Website: https://rabbitmq.com
Doc guides: https://rabbitmq.com/documentation.html
Support: https://rabbitmq.com/contact.html
Tutorials: https://rabbitmq.com/getstarted.html
Monitoring: https://rabbitmq.com/monitoring.html
Logs: /usr/local/var/log/rabbitmq/[email protected]
/usr/local/var/log/rabbitmq/rabbit@localhost_upgrade.log
Config file(s): (none)
Starting broker... completed with 6 plugins.
Now you are ready to release Sailor.
Prior to releasing you want to test the Sailor first. Historically, we used to publish Sailor snapshot versions to Maven Central. At some point they have stopped providing such feature. Instead, we introduced a Gradle build script that creates a fat JAR file (an archive containing the Sailor itself along with all the sub-dependencies). This file will be created and stored as a CircleCi artifact for 30 days.
To download the file push Sailor code to the Github branch with the -SNAPSHOT version and wait until all the CircleCi build jobs finish (incl. dependencies audit, tests and test_and_build_snapshot). Once all is done, go to the test_and_build_snapshot build on CircleCi and navigate to the Artifacts tab and find the file there - e.g. sailor-jvm-4.0.3-SNAPSHOT.jar
Copy this file to the component you want to test with the latest snapshot version into the lib folder (create it in the component's root if it does not exist) and let the Gradle know Sailor is located in the filesystem instead of looking it up in Maven Central. For it go to the build.gradle file in the component root and in the dependencies section comment or temporarily remove the current Sailor line. It looks like the following:
compile 'io.elastic:sailor-jvm:4.0.3' // For older Gradle versions (E.g. 5.4.1)
or
implementation 'io.elastic:sailor-jvm:4.0.3' // For newer Gradle versions (e.g. 7.5.1)
and add the line into that section:
compile files("./lib/sailor-jvm-4.0.3-SNAPSHOT.jar") // For older Gradle versions (E.g. 5.4.1)
or
implementation files("./lib/sailor-jvm-4.0.3-SNAPSHOT.jar") // For newer Gradle versions (e.g. 7.5.1)
This is it to be able to push a component to the platform and test it with the snapshot version.
- Bump Sailor version to the target release, say our new release version is 4.0.2. Change the version in the
build.gradleas shown below (you must remove-SNAPSHOTfrom the version in order to push to the staging repo):
version = '4.0.2'
-
Now push the code to Github master branch. And, similarly to the SNAPSHOT build, wait until the bundle jar file is created and is available on the
Artifactstab on the CircleCi build page. -
Go to Repository Manager and log in with your credentials (You can find the credentials in Bitwarden (
Sonatype elasticio AND JIRA)) -
Under
Staging UploadSelect Upload Mode: Artifact Bundle.
And select your 'bundle.jar' file form the './build/sailorReleaseBundle' folder and click 'Upload Bundle'.
- Now you can go to the 'Staging repositories' and see that the repository is already closed (it is done automatically for all uploaded bundles)
- Test and then release it
Once you finally decided that you are fine with the version and you want to publish the Sailor artefacts to Maven Central, hit the Release button, provide the description in the confirmation popup, confirm and wait for the process to complete. Once the artefacts were successfully published to Maven Central, your staging repository will be deleted.
- Use the artefacts from Maven Central
Usually it takes 8 to 24 hour for the published artefacts to appear on Maven Central. Just check here to find out if the Sailor version is finally publicly available.
- Bump the new SNAPSHOT version
Now go to your build.gradle file and bump the version again. But this time it should be a SNAPSHOT version. For example 3.0.1-SNAPSHOT. Commit your changes back to GitHub and merge into master branch.
If the integration tests fail with the following logs:
java.lang.RuntimeException: java.security.InvalidKeyException: Illegal key size
at io.elastic.sailor.impl.CryptoServiceImpl.encrypt(CryptoServiceImpl.java:85)
....
This can be easily fixed by replacing 2 JAR files in your JAVA security folder. See the steps to follow here: https://opensourceforgeeks.blogspot.com/2014/09/how-to-install-java-cryptography.html