Skip to main content

Release Guide

Update release notes#

Update RELEASE-NOTES in the following format:

### New Features
1. xxx1. xxx...
### API Changes
1. xxx1. xxx...
### Enhancement
1. xxx1. xxx...
### Refactor
1. xxx1. xxx...
### Bug Fix
1. xxx1. xxx...

Create GPG KEY#

Each release manager only creates a GPG KEY for the first release, which can be reused for subsequent releases.

1. Create KEY

Install GnuPG.

Follow OpenPGP KEY Management [1] instructions.

gpg --full-gen-key

Steps (the following are from console output).

gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:  (1) RSA and RSA (default)  (2) DSA and Elgamal  (3) DSA (sign only)  (4) RSA (sign only)Your selection? 1RSA keys may be between 1024 and 4096 bits long.What keysize do you want? (2048) 4096Requested keysize is 4096 bitsPlease specify how long the key should be valid.        0 = key does not expire     <n>  = key expires in n days     <n>w = key expires in n weeks     <n>m = key expires in n months     <n>y = key expires in n yearsKey is valid for? (0)Key does not expire at allIs this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: (Set username) (use your apache id)Email address: (Set email address)(use your apache email)Comment: (Fill in the comments)You selected this USER-ID:   "username (comments) <email>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? OYou need a Passphrase to protect your secret key. (Set password)

2. Verify KEY

Follow Operational GPG Commands [2] instructions.

gpg --list-keys


pub   rsa4096 2019-03-11 [SC]      095E0D21BC28CFC7A8B8076DF7DF28D237A8048Cuid           username (comments) <email>sub   rsa4096 2019-03-11 [E]

Public key is 095E0D21BC28CFC7A8B8076DF7DF28D237A8048C.

3. Upload public key

Follow Dirmngr Options [3] instructions.

gpg --send-key 095E0D21BC28CFC7A8B8076DF7DF28D237A8048C

Publish to Maven staging repo#

1. Set settings.xml

Follow publishing maven artifacts [4] instructions.

2. Publish with a new branch

Download and install Git.

Create and switch to ${PUBLISH.VERSION}-release.

git clone ~/shenyucd ~/shenyu/git checkout -b ${PUBLISH.VERSION}-releasegit push origin ${PUBLISH.VERSION}-release

3. Dry Run

Download and install Maven.

Follow publishing maven artifacts [4] instructions.

mvn release:prepare -Prelease -Darguments="-DskipTests" -DautoVersionSubmodules=true -DdryRun=true -Dusername=(GitHub ID)

4. Prepare

Follow publishing maven artifacts [4] instructions.

mvn release:clean
mvn release:prepare -Prelease -Darguments="-DskipTests" -DautoVersionSubmodules=true -DpushChanges=false -Dusername=(GitHub ID)

Submit the code with updated version number and new tags.

git push origin ${PUBLISH.VERSION}-releasegit push origin --tags

5. Perform

Follow publishing maven artifacts [4] instructions.

mvn release:perform -Prelease -Darguments="-DskipTests" -DautoVersionSubmodules=true -Dusername=(GitHub ID)

At this point, the distribution is published to stagingRepositories. Find the published version, ${STAGING.RELEASE}, and click Close.

Publish to SVN dev repository#

Install SVN.

1. Update KEYS file

If the release manager has not yet appended his or her public key to the KEYS file, do the following. Otherwise, skip this step.

Follow signing basics [5] instructions.

mkdir -p ~/keys/release/cd ~/keys/release/svn --username=${LDAP ID} co ~/keys/release/shenyugpg -a --export ${GPG username} >> KEYSsvn --username=${LDAP ID} commit -m "append to KEYS"

2. Adding source code packages and binary packages

Follow Uploading packages [6] instructions.

mkdir -p ~/svn_release/dev/cd ~/svn_release/dev/svn --username=${LDAP ID} co -p ~/svn_release/dev/shenyu/${PUBLISH.VERSION}cd ~/svn_release/dev/shenyu/${PUBLISH.VERSION}cp -f ~/shenyu/shenyu-dist/shenyu-src-dist/target/*.zip ~/svn_release/dev/shenyu/${PUBLISH.VERSION}cp -f ~/shenyu/shenyu-dist/shenyu-src-dist/target/*.zip.asc ~/svn_release/dev/shenyu/${PUBLISH.VERSION}cp -f ~/shenyu/shenyu-dist/shenyu-bootstrap-dist/target/*.tar.gz ~/svn_release/dev/shenyu/${PUBLISH.VERSION}cp -f ~/shenyu/shenyu-dist/shenyu-bootstrap-dist/target/*.tar.gz.asc ~/svn_release/dev/shenyu/${PUBLISH.VERSION}cp -f ~/shenyu/shenyu-dist/shenyu-admin-dist/target/*.tar.gz ~/svn_release/dev/shenyu/${PUBLISH.VERSION}cp -f ~/shenyu/shenyu-dist/shenyu-admin-dist/target/*.tar.gz.asc ~/svn_release/dev/shenyu/${PUBLISH.VERSION}

3. Adding hashes

Follow Requirements for cryptographic signatures and checksums [7] instructions.

shasum -a 512 apache-shenyu-${PUBLISH.VERSION} > apache-shenyu-${PUBLISH.VERSION} -b -a 512 apache-shenyu-${PUBLISH.VERSION}-bootstrap-bin.tar.gz > apache-shenyu-${PUBLISH.VERSION}-bootstrap-bin.tar.gz.sha512shasum -b -a 512 apache-shenyu-${PUBLISH.VERSION}-admin-bin.tar.gz > apache-shenyu-${PUBLISH.VERSION}-admin-bin.tar.gz.sha512

4. Submit the new release

cd ~/svn_release/dev/shenyusvn add ${PUBLISH.VERSION}/svn --username=${LDAP ID} commit -m "release ${PUBLISH.VERSION}"

Check Release#

1. Verify sha512 checksum

Follow Checking Hashes [8] instructions.

shasum -c apache-shenyu-${PUBLISH.VERSION} -c apache-shenyu-${PUBLISH.VERSION}-bootstrap-bin.tar.gz.sha512shasum -c apache-shenyu-${PUBLISH.VERSION}-admin-bin.tar.gz.sha512

2. Verifying GPG Signatures

Follow Checking Signatures [9] instructions.

curl >> KEYSgpg --import KEYScd ~/svn_release/dev/shenyu/${PUBLISH.VERSION}gpg --verify apache-shenyu-${PUBLISH.VERSION} apache-shenyu-${PUBLISH.VERSION}-src.zipgpg --verify apache-shenyu-${PUBLISH.VERSION}-bootstrap-bin.tar.gz.asc apache-shenyu-${PUBLISH.VERSION}-bootstrap-bin.tar.gzgpg --verify apache-shenyu-${PUBLISH.VERSION}-admin-bin.tar.gz.asc apache-shenyu-${PUBLISH.VERSION}-admin-bin.tar.gz

3. Ensure that SVN is consistent with GitHub source code

Follow Incubator Release Checklist [10] instructions.

wget${PUBLISH.VERSION}.zipunzip v${PUBLISH.VERSION}.zipunzip apache-shenyu-${PUBLISH.VERSION}-src.zipdiff -r -x "shenyu-dashboard" -x "shenyu-examples" -x "shenyu-integrated-test" -x "static" apache-shenyu-${PUBLISH.VERSION}-src shenyu-${PUBLISH.VERSION}

4. Check the source code package

Follow Incubator Release Checklist [10] instructions.

  • LICENSE and NOTICE files exist
  • The year in the NOTICE file is correct
  • All files have ASF licenses at the beginning
  • There are no LICENSE and NOTICE that do not depend on the software
  • There are no binaries that do not meet expectations
  • Compilation passes (. /mvnw install) (JAVA 8 is currently supported)
  • If there are third-party code dependencies.
    • License compatibility for third-party code dependencies
    • All licenses of third-party code dependencies are named in the LICENSE file
    • The full version of the third-party code dependency license is in the license directory
    • If the dependency is an Apache license and there are NOTICE files, then these NOTICE files need to be added to the project's NOTICE file

5. Check the binary package

Follow Binary distributions [11] instructions.

  • LICENSE and NOTICE files exist
  • The year in the NOTICE file is correct
  • All text files start with an ASF license
  • No LICENSE and NOTICE for undependent software
  • If third-party code dependencies exist.
    • Third-party code dependent licenses are compatible
    • All licenses of third-party code dependencies are named in the LICENSE file
    • The full version of the third-party code dependency license is in the LICENSE directory
    • If the dependency is an Apache license and there are NOTICE files, then these NOTICE files need to be added to the project's NOTICE file

Voting Process#

Follow RELEASE APPROVAL [12], Releases [13], voting [14] instructions.

ShenYu community vote#

1. Voting lasts for at least 72 hours and receives 3 +1 binding votes



[VOTE] Release Apache ShenYu ${PUBLISH.VERSION}


Hello ShenYu Community,
This is a call for vote to release Apache ShenYu version ${PUBLISH.VERSION}
Release notes:
The release candidates:${PUBLISH.VERSION}/
Maven 2 staging repository:${STAGING.RELEASE}/org/apache/shenyu/
Git tag for the release:${PUBLISH.VERSION}/
Release Commit ID:
Keys to verify the Release Candidate:
Look at here for how to verify this release candidate:
The vote will be open for at least 72 hours or until necessary number of votes are reached.
Please vote accordingly:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reason
Checklist for reference:
[ ] Download links are valid.
[ ] Checksums and PGP signatures are valid.
[ ] Source code distributions have correct names matching the current release.
[ ] LICENSE and NOTICE files are correct for each ShenYu repo.
[ ] All files have license headers if necessary.
[ ] No compiled archives bundled in source archive.

2. Announcement of voting results





We’ve received 3 +1 binding votes and 2 +1 non-binding votes:
+1, xxx (binding)+1, xxx (binding)+1, xxx (binding)+1, xxx (non-binding)+1, xxx (non-binding)
Vote thread:
Thanks everyone for taking the time to verify and vote for the release!

Finish publishing#

1. Finish SVN release

Follow Uploading packages [6] instructions.

svn mv${PUBLISH.VERSION} -m "transfer packages for ${PUBLISH.VERSION}"svn delete${PREVIOUS.RELEASE.VERSION}

2. Finish Maven release

Follow publishing maven artifacts [4] instructions.

Back to stagingRepositories, find ${STAGING.RELEASE} and click Release.

3. Finish GitHub release

Edit Releases ${PUBLISH.VERSION} and click release.

4. Finish Docker release

Note: After clicking publish in Github, the Docker image will be automatically created in Workflow (docker-publish-dockerhub). We just need to pay attention to whether the workflow is successfully executed. If it is successful, skip the following Docker release steps; if the execution is unsuccessful, you need to manually execute the following commands.

Install Docker.

The Docker version needs to be greater than or equal to 19.03, and the experimental parameter in the docker configuration file is changed to true.

git checkout v${PUBLISH.VERSION}cd ~/shenyu/shenyu-dist/mvn clean package -Prelease
docker buildx create --name shenyudocker buildx use shenyudocker login
docker buildx build \  -t apache/shenyu-admin:latest \  -t apache/shenyu-admin:${PUBLISH.VERSION} \  --build-arg APP_NAME=apache-shenyu-${PUBLISH.VERSION}-admin-bin \  --platform=linux/arm64,linux/amd64 \  -f ./shenyu-admin-dist/Dockerfile --push
docker buildx build \  -t apache/shenyu-bootstrap:latest \  -t apache/shenyu-bootstrap:${PUBLISH.VERSION} \  --build-arg APP_NAME=apache-shenyu-${PUBLISH.VERSION}-bootstrap-bin \  --platform=linux/arm64,linux/amd64 \  -f ./shenyu-bootstrap-dist/Dockerfile --push

Login Docker Hub to verify shenyu-bootstrap and shenyu-admin exist.

5. Finish GitHub updating

Fork a copy of the code from GitHub and run the following command.

git checkout mastergit merge origin/${PUBLISH.VERSION}-releasegit pullgit push origin master

The above changes require the creation of a pull request. After the pr merged, execute the following command in the original repository.

git push --delete origin ${PUBLISH.VERSION}-releasegit branch -d ${PUBLISH.VERSION}-release

6. Update download page

Follow Release Download Pages for Projects [15], Normal distribution on the Apache downloads site [16] instructions.

After the Apache mirror links take effect (at least one hour), update the download page for: English version and Chinese version

Note: Project download links should use instead of closer.cgi or mirrors.cgi

Note: Download links for GPG signature files and hash-check files must use this prefix:

7. Update documentation

Archive the ${PUBLISH.VERSION} version of the document and update the version page.

8. Update event page

Add new release event.

9. Update news page

Add new release news.

Release Announcement#

Note: address requires the email to be sent in plain text format. If you are using Gmail, you can check Plain Text Mode in the edit screen.



[ANNOUNCE] Apache ShenYu ${PUBLISH.VERSION} available


Apache ShenYu Team is glad to announce the new release of Apache ShenYu ${PUBLISH.VERSION}.
Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway.Support various languages (http protocol), support Dubbo, Spring-Cloud, Grpc, Motan, Sofa, Tars and other protocols.Plugin design idea, plugin hot swap, easy to expand.Flexible flow filtering to meet various flow control.Built-in rich plugin support, authentication, limiting, fuse, firewall, etc.Dynamic flow configuration, high performance.Support cluster deployment, A/B Test, blue-green release.
Download Links:
Release Notes:
ShenYu Resources:- Issue: Mailing list: Documents:

- Apache ShenYu Team

Reissue (not required)#

Note: You only need to republish if the vote did not pass.

1. Cancellation of voting email template





I'm cancelling this vote because of xxxxxx issues. I'll fix them and start the round ${n} vote process.The detail of the modifications are as follows:
1. xxxxxx2. xxxxxx
Thanks a lot for all your help.

2. Clean stagingRepositories

Go to, After logging in with your Apache LDAP account, select the previous Close version and click Drop.

3。Deleting GitHub branches and tags

git push origin --delete ${PUBLISH.VERSION}-releasegit branch -D ${PUBLISH.VERSION}-releasegit push origin --delete tag v${PUBLISH.VERSION}git tag -d v${PUBLISH.VERSION}

4. Deleting SVN content to be published

svn delete${PUBLISH.VERSION} -m "delete ${PUBLISH.VERSION}"

5. Update email title

After completing the above steps, you can start the re-posting operation. The next poll email title needs to have the [ROUND ${n}] suffix added. For example.

[VOTE] Release Apache ShenYu ${PUBLISH.VERSION} [ROUND 2]

Voting result and announcement emails do not need to be suffixed.

The content refers to