Release Process

For Versions 5+

Perform a Milestone, RC or GA Release

NOTE: This release process uses the spring-build-conventions gradle plug-in.

Process Overview

1. Update dependencies
2. Update release version
3. Build Locally
4. Push the release commit
5. Announce the release on Slack
6. Tag the release
7. Update to next development version
8. Update version on project page
9. Close / Create Milestone
10. Announce the release on other channels

Detailed Steps

1. Update dependencies

• Dependencies are declared in gradle/dependency-management.gradle
• Update Spring Framework and Spring Data at a minimum
• Then find dependencies that need updating by running the update-dependencies.sh script:

./scripts/update-dependencies.sh

Prerequisites: The build directory has to exist to store the file build/updates.txt. This directory gets created when a new build is run, but is not present on a fresh git clone.

2. Update release version

• Update the version number in gradle.properties for the release, for example, 5.1.0.M1, 5.1.0.RC1, 5.1.0.RELEASE

3. Build Locally

• Run the build locally with:

./gradlew check

4. Push the release commit

• Push the release commit and Jenkins will build and deploy the artifacts
• If you are pushing to Maven Central, then you can get notified when it's uploaded by running the following:

./scripts/release/wait-for-done.sh 5.2.0.RELEASE

5. Announce the release on Slack

• Announce via Slack on #spring-security, including the keyword spring-security-release in the message. Something like:

spring-security-release 5.2.0.RC1 is out!

6. Tag the release

• Tag the release and then push the tag

git tag 5.2.0.RC1
git push origin 5.2.0.RC1

7. Update to next development version

• Update release version to next BUILD-SNAPSHOT version and then push

8. Update version on project page

• Update release version on projects.spring.io

9. Close / Create Milestone

• In GitHub Milestones, create a new milestone for the next release version and move any open issues from the existing milestone you just released to the new milestone and then close the milestone for the release.
• Update the Github Release notes with auto generated content
  • Download the release note generator - https://github.com/spring-io/github-release-notes-generator
  • Run the command

    java -jar /path/to/github-release-notes-generator.jar \\
        --releasenotes.github.organization=spring-projects \\
        --releasenotes.github.repository=spring-security \\
        <milestone number> <output file>
    

  • Create the release on Github and associate it with the tag.

10. Announce the release on other channels

• Create a Blog
• Tweet from @SpringSecurity
• Send email to [email protected]

For Spring Security 4.2.x

• Visit https://build.spring.io/browse/SEC-B42X
• Log In
• Ensure you have admin permissions for the build
• Make sure last build is successful
• Then click on the build number of the last build

• Click the arrow on the left hand side below the details

• Click on Default Job

• Click on Artifactory Release & Promotion

• Fill out the form with the correct values. Use the screenshot below for an example

• Click Build and Release to Artifactory
• A build will start for the release. When it completes (will have "Manual run by ..." next to it) click on the build number

• Click on Artifactory Release & Promotion again
• Fill out form for release

• Click Update. Wait for it to complete.

• Click on Artifactory Build Info
• Invoke the the scripts in scripts/release/ to release with necessary arguments. Get all the secrets from LastPass

$ ./scripts/release/push-to-spring-distributions.sh $BUILD_NUMBER_FROM_BAMBOO
$ ./scripts/release/sync-to-central.sh $RELEASE_VERSION $BINTRAY_API_KEY $SONATYPE_USER_TOKEN $SONATYPE_TOKEN_PWD
$ ./scripts/release/wait-for-done.sh $RELEASE_VERSION

You will get a notification when the release is done.

NOTE: wait-for-done only works if you have spd-say installed.