Skip to content

Commit 094f746

Browse files
emlunemlun
committed
Pin OpenJDK version in reproducible binary workflow on release
1 parent cd6613b commit 094f746

File tree

1 file changed

+62
-18
lines changed

1 file changed

+62
-18
lines changed

doc/releasing.md

Lines changed: 62 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -12,21 +12,43 @@ Release candidate versions
1212
$ ./gradlew clean check
1313
```
1414
15-
3. Tag the head commit with an `X.Y.Z-RCN` tag:
15+
3. Update the Java version in the [`release-verify-signatures`
16+
workflow](https://github.com/Yubico/java-webauthn-server/blob/main/.github/workflows/release-verify-signatures.yml#L42).
17+
18+
See the `openjdk version` line of output from `java -version`:
19+
20+
```
21+
$ java -version # (example output below)
22+
openjdk version "17.0.7" 2023-04-18
23+
OpenJDK Runtime Environment (build 17.0.7+7)
24+
OpenJDK 64-Bit Server VM (build 17.0.7+7, mixed mode)
25+
```
26+
27+
Given the above output as an example, update the workflow like so:
28+
29+
```yaml
30+
strategy:
31+
matrix:
32+
java: ["17.0.7"]
33+
```
34+
35+
Commit this change, if any.
36+
37+
4. Tag the head commit with an `X.Y.Z-RCN` tag:
1638
1739
```
1840
$ git tag -a -s 1.4.0-RC1 -m "Pre-release 1.4.0-RC1"
1941
```
2042
2143
No tag body needed.
2244
23-
4. Publish to Sonatype Nexus:
45+
5. Publish to Sonatype Nexus:
2446
2547
```
2648
$ ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
2749
```
2850
29-
5. Push to GitHub.
51+
6. Push to GitHub.
3052
3153
If the pre-release makes significant changes to the project README, such
3254
that the README does not accurately reflect the latest non-pre-release
@@ -44,16 +66,17 @@ Release candidate versions
4466
$ git push origin main 1.4.0-RC1
4567
```
4668
47-
6. Make GitHub release.
69+
7. Make GitHub release.
4870
49-
- Use the new tag as the release tag
50-
- Check the pre-release checkbox
71+
- Use the new tag as the release tag.
72+
- Check the pre-release checkbox.
5173
- Copy the release notes from `NEWS` into the GitHub release notes; reformat
5274
from ASCIIdoc to Markdown and remove line wraps. Include only
5375
changes/additions since the previous release or pre-release.
54-
- Note which JDK version was used to build the artifacts.
76+
- Note the JDK version shown by `java -version` in step 3.
77+
For example: `openjdk version "17.0.7" 2023-04-18`.
5578
56-
7. Check that the ["Reproducible binary"
79+
8. Check that the ["Reproducible binary"
5780
workflow](https://github.com/Yubico/java-webauthn-server/actions/workflows/release-verify-signatures.yml)
5881
runs and succeeds.
5982
@@ -91,47 +114,68 @@ Release versions
91114
92115
5. Update the version in JavaDoc links in the READMEs.
93116
94-
6. Amend these changes into the merge commit:
117+
6. Update the Java version in the [`release-verify-signatures`
118+
workflow](https://github.com/Yubico/java-webauthn-server/blob/main/.github/workflows/release-verify-signatures.yml#L42).
119+
120+
See the `openjdk version` line of output from `java -version`:
121+
122+
```
123+
$ java -version # (example output below)
124+
openjdk version "17.0.7" 2023-04-18
125+
OpenJDK Runtime Environment (build 17.0.7+7)
126+
OpenJDK 64-Bit Server VM (build 17.0.7+7, mixed mode)
127+
```
128+
129+
Given the above output as an example, update the workflow like so:
130+
131+
```yaml
132+
strategy:
133+
matrix:
134+
java: ["17.0.7"]
135+
```
136+
137+
7. Amend these changes into the merge commit:
95138
96139
```
97-
$ git add NEWS
140+
$ git add NEWS README */README .github/workflows/release-verify-signatures.yml
98141
$ git commit --amend --reset-author
99142
```
100143
101-
7. Run the tests one more time:
144+
8. Run the tests one more time:
102145
103146
```
104147
$ ./gradlew clean check
105148
```
106149
107-
8. Tag the merge commit with an `X.Y.Z` tag:
150+
9. Tag the merge commit with an `X.Y.Z` tag:
108151
109152
```
110153
$ git tag -a -s 1.4.0 -m "Release 1.4.0"
111154
```
112155
113156
No tag body needed since that's included in the commit.
114157
115-
9. Publish to Sonatype Nexus:
158+
10. Publish to Sonatype Nexus:
116159
117160
```
118161
$ ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
119162
```
120163
121-
10. Push to GitHub:
164+
11. Push to GitHub:
122165
123166
```
124167
$ git push origin main 1.4.0
125168
```
126169
127-
11. Make GitHub release.
170+
12. Make GitHub release.
128171
129-
- Use the new tag as the release tag
172+
- Use the new tag as the release tag.
130173
- Copy the release notes from `NEWS` into the GitHub release notes; reformat
131174
from ASCIIdoc to Markdown and remove line wraps. Include all changes since
132175
the previous release (not just changes since the previous pre-release).
133-
- Note which JDK version was used to build the artifacts.
176+
- Note the JDK version shown by `java -version` in step 6.
177+
For example: `openjdk version "17.0.7" 2023-04-18`.
134178
135-
12. Check that the ["Reproducible binary"
179+
13. Check that the ["Reproducible binary"
136180
workflow](https://github.com/Yubico/java-webauthn-server/actions/workflows/release-verify-signatures.yml)
137181
runs and succeeds.

0 commit comments

Comments
 (0)