Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update release doc #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Aug 10, 2023
Merged

Update release doc #86

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c5b8a0b
#53 Fix dependnecy information
Weltraumschaf Aug 10, 2023
06100a4
#53 Remove the description ofMAven Central staging
Weltraumschaf Aug 10, 2023
f56b6eb
#53 Update releasedoc to latest
Weltraumschaf Aug 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ You can find the latest version on [Maven Central](https://central.sonatype.com/
<dependency>
<groupId>io.securecodebox</groupId>
<artifactId>defectdojo-client</artifactId>
<version>1.0.0.-beta2</version>
<version>1.0.0</version>
</dependency>
```

### Gradle

```groovy
implementation group: 'io.securecodebox', name: 'defectdojo-client', version: '1.0.0.-beta2'
implementation group: 'io.securecodebox', name: 'defectdojo-client', version: '1.0.0'
```

## Development
Expand All @@ -36,6 +36,10 @@ To run a local build clone this repo and just invoke the following command in th
mvn clean install
```

## Release

The release process is [documented](docs/release.md) in a separate file.

## Supported DefectDojo Versions

The client is supposed to be compatible with DefectDojo 1.10 and later, older version of DefectDojo might still work, but are not officially supported.
Expand Down
72 changes: 36 additions & 36 deletions docs/release.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,42 +4,42 @@ Here we describe all the ceremonial stuff necessary to publish a Java library to

## How to Perform a Release

The release process consists of two main tasks:

1. Build the release on GitHub
2. Release the published artifacts on Maven Central.

### Build the Release on GitHub

1. Go to the [release page](https://github.com/secureCodeBox/defectdojo-client-java/releases) and click "Draft a new release".
2. Create a tag for the release (e.g. "1.0.0", for testing you can add a pre-release identifier like "1.0.0-alpha").
1. Click "Choose tag".
2. Type in tag name (e.g. "1.0.0").
3. Click "Create new tag..."
3. Click "Generate release notes"
4. Select either
- "Set as a pre-release" if you have a pre-release identifier in the version (e.g. "1.0.0-alpha").
- or else "Set as the latest release"
5. Click "Publish release"

### Release the published artifacts on Maven Central.

Hint: You need to hit the "Refresh" button from time to ime, to see changes.

1. Login to the [Nexus Repository Manager](https://oss.sonatype.org/).
2. On the left site navigate to "Staging Repositories"
3. You will see an entry for each unpublished release (usually there is only one):<br>
![](./release_staging_1.png)
4. Select the release (in the "Content" tab you can verify the files contained in the release):<br>
![](./release_staging_2.png)
5. Close the repository (this triggers the validation of [requirements][ossrh-requirements]):<br>
![](./release_staging_3.png)
6. You can see if all validation rules passed in the "Activity" tab:<br>
![](./release_staging_4.png)
7. Then either click "Release" or "Drop":
- Release: This will publish and sync the artifact to Maven Central. (This can't be undone, there is no way to delete a published artifact!). After syncing the staging repo is dropped automatically.
- Drop: Does not publish the artifact. Use this if something is broken and ypu want to publish a new release with the same version.
8. After some time (see below) you can find it on Maven Central: <https://central.sonatype.com/artifact/io.securecodebox/defectdojo-client/>
The whole release process is automated by a [GitHub action workflow](https://github.com/secureCodeBox/defectdojo-client-java/actions) which utilizes the [Maven release plugin](https://maven.apache.org/maven-release/maven-release-plugin/). Since we need the possibility to set custom versions (e.g. 2.0.0-beta) we can not use a simple one-push-button solution. Instead, we utilize en event triggered workflow to achieve this. The release process is as following:

First go to the "Actions" tab and select the "Publish Release" workflow:

![](release_01_select-workflow.png)

Then click the "Run workflow" button:

![](release_02_run-workflow.png)

For an ordinary release simply click the green "Run workflow" button and leave the optional text input fields blank:

![](release_03_trigger-workflow.png)

Now a "Publish Release" workflow run should appear in the list of runs:

![](release_04_running-workflow.png)

## Custom Release Version

Typically, a release by Maven simply means:

- Remove the "-SNAPSHOT" qualifier from the version in the `pom.xml`. E.g. "1.0.0-SNAPSHOT" will become "1.0.0".
- Build everything, make a commit with this version and tag this version.
- Upload the resulting artifacts to [Sonatype Nexus](https://oss.sonatype.org/) and stage them.
- Increment to next development version in `pom.xml`. In this example "1.0.1-SNAPSHOT".
- Build everything and make a commit.

In the case you want to publish a custom release, e.g. a "1.0.2-beta", it is necessary to pass it to Maven. For this purpose we introduced the two optional text inputs:

1. _Custom version_: Here you add the version with a custom qualifier. E.g. for the development version "1.0.2-SNAPSHOT" and a beta release, it is "1.0.2-beta".
2. _Next development version_: Since Maven simply increments the last number of the semantic version and appends "-SNAPSHOT", automatic increment is not sufficient here because it will end in something like "1.0.2-beta-SNAPSHOT". So you must specify the next development version by hand. In this example still "1.0.2-SNAPSHOT".

![](release_05_custom-version.png)

### Additional Information About the Release Process

After the first release a [bot created the Maven Central sync][ossrh-jira-issue]:

Expand Down
Binary file added docs/release_01_select-workflow.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/release_02_run-workflow.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/release_03_trigger-workflow.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/release_04_running-workflow.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/release_05_custom-version.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed docs/release_staging_1.png
View file
Open in desktop
Binary file not shown.
Binary file removed docs/release_staging_2.png
View file
Open in desktop
Binary file not shown.
Binary file removed docs/release_staging_3.png
View file
Open in desktop
Binary file not shown.
Binary file removed docs/release_staging_4.png
View file
Open in desktop
Binary file not shown.