Skip to content

Commit 04ccfa5

Browse files
garydgregorygarydgregory
committed
Update vote template with reproducible build information
1 parent 5fa0c08 commit 04ccfa5

File tree

1 file changed

+22
-4
lines changed

1 file changed

+22
-4
lines changed

src/main/resources/commons-xdoc-templates/vote-txt-template.txt

Lines changed: 22 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -94,36 +94,54 @@ Requirements: Git, Java, and Maven.
9494

9595
You can validate a release from a release candidate (RC) tag as follows.
9696

97-
1a) Clone and checkout the RC tag
97+
1a) Download and decompress the source archive from:
98+
99+
@DISTURL@/source
100+
101+
1b) Check out the RC tag from git (optional)
102+
103+
This is optional, as a reviewer must check source distributions as a minimum.
98104

99105
git clone https://gitbox.apache.org/repos/asf/commons-@[email protected] --branch @TAGNAME@ @TAGNAME@
100106
cd @TAGNAME@
101107

102-
1b) Download and unpack the source archive from:
108+
2) Checking the build
103109

104-
@DISTURL@/source
110+
All components should include a default Maven goal, such that you can run 'mvn' from the command line by itself.
105111

106112
2) Check Apache licenses
107113

108114
This step is not required if the site includes a RAT report page which you then must check.
115+
This check should be included in the default Maven build, but you can check it with:
109116

110117
mvn apache-rat:check
111118

112119
3) Check binary compatibility
113120

114121
This step is not required if the site includes a JApiCmp report page which you then must check.
122+
This check should be included in the default Maven build, but you can check it with:
115123

116-
mvn install -DskipTests -P japicmp japicmp:cmp
124+
mvn verify -DskipTests -P japicmp japicmp:cmp
117125

118126
4) Build the package
119127

128+
This check should be included in the default Maven build, but you can check it with:
129+
120130
mvn -V clean package
121131

122132
You can record the Maven and Java version produced by -V in your VOTE reply.
123133
To gather OS information from a command line:
124134
Windows: ver
125135
Linux: uname -a
126136

137+
4b) Check reproducibility
138+
139+
To check that a build is reproducible, run:
140+
141+
mvn clean verify artifact:compare -DskipTests -Dreference.repo=https://repository.apache.org/content/repositories/staging/ '-Dbuildinfo.ignore=*/*.spdx.json'
142+
143+
Note that this excludes SPDX files from the check.
144+
127145
5) Build the site for a single module project
128146

129147
Note: Some plugins require the components to be installed instead of packaged.

0 commit comments

Comments
 (0)