-
Notifications
You must be signed in to change notification settings - Fork 5.9k
Release Process
NOTE: This release process uses the spring-build-conventions gradle plug-in.
- Update dependencies
- Update release version
- Build Locally
- Push the release commit
- Announce the release on Slack
- Tag the release
- Update to next development version
- Update version on project page
- Update Release Notes on GitHub
- Close / Create Milestone
- Announce the release on other channels
If you are on master use 1.b, otherwise use 1.a
- Dependencies are declared in
gradle/dependency-management.gradle
- Update Spring Framework and Spring Data at a minimum
- Then find dependencies that need updating by running the
update-dependencies.sh
script:
./scripts/update-dependencies.sh
Prerequisites: The build
directory has to exist to store the file build/updates.txt
. This directory gets created when a new build is run, but is not present on a fresh git clone.
Master is setup to use Gradle dependency locking and version ranges so builds automatically take advantage of the latest dependencies. In order to ensure releases are reproducible, we must lock the dependencies before a release.
To lock the dependencies execute:
./gradlew writeLocks --write-locks
This writes out all the resolved versions. Run the build and if it passes, commit the changes.
NOTE: An issue may occur where a resolved version in a lock file includes a BUILD-SNAPSHOT
version. For these scenarios, you can force to resolve the release version by appending the argument -PforceMavenRepositories=release
to the above command.
- Update the version number in
gradle.properties
for the release, for example,5.1.0.M1
,5.1.0.RC1
,5.1.0.RELEASE
- Run the build locally with:
./gradlew check
- Push the release commit and Jenkins will build and deploy the artifacts
- If you are pushing to Maven Central, then you can get notified when it's uploaded by running the following:
./scripts/release/wait-for-done.sh 5.2.0.RELEASE
- Announce via Slack on #spring-security, including the keyword
spring-security-release
in the message. Something like:
spring-security-release 5.2.0.RC1 is out!
- Announce via Slack on #spring-release, including the keyword
spring-security-announcing
in the message. Something like:
spring-security-announcing 5.3.0.RELEASE is available.
- Tag the release and then push the tag
git tag 5.2.0.RC1
git push origin 5.2.0.RC1
- If dependency locks (1.b) was used, revert the commit that included the lock files so that the build uses the latest versions again.
- Update release version to next
BUILD-SNAPSHOT
version and then push
- Update release version on projects.spring.io
- Download the GitHub release notes generator
wget https://github.com/spring-io/github-release-notes-generator/releases/download/v0.0.2/github-release-notes-generator.jar
- Generate the release notes
java -jar github-release-notes-generator.jar \
--releasenotes.github.organization=spring-projects \
--releasenotes.github.repository=spring-security \
--spring.config.location=scripts/release/release-notes-sections.yml \
$MILESTONE release-notes
Note 1: $MILESTONE
is something like 5.2.1
or 5.3.0.M1
.
Note 2: The location scripts/release/release-notes-sections.yml
is relative to the spring-security
repo.
Note 3: This will create a file on your filesystem called release-notes
.
- Copy the release notes to your clipboard (your mileage may vary with the following command)
cat release-notes | xclip -selection clipboard
- Create the release on GitHub, associate it with the tag, and paste the generated notes
- In GitHub Milestones, create a new milestone for the next release version
- Move any open issues from the existing milestone you just released to the new milestone
- Close the milestone for the release.
- Create a Blog
- Tweet from @SpringSecurity
- Send email to [email protected]