Apache Struts 2 Documentation > Home > Guides > Contributors Guide > Creating and Signing a Distribution
Developers using Linux workstations can skip over the references to PuTTY and Cygwin

Each time

(There are also one-time setup instructions)

To keep this list current, it is strongly recommended that release managers refer to and follow this list each time a distribution is created. If any of the steps need to be amended, then please update the list.
0 Ensure that the master POM and Struts Annotations have current releases, and review JIRA for any issues without a fix version set, and for any issues that should be resolved for the pending release.
  Create an "omnibus" ticket in JIRA to refer to in upcoming release related commit comments and for general documentation purposes. Mark it with priority "Blocker".
  Edit the site/xdocs/index.xml and site/site.xml files to change the "Download Now" label to the pending version, and to change the "Getting Started" and "Release Notes" links to also point to the pending version.
1 Delete the struts2 items in your local Maven2 repository and obtain a fresh checkout. For a trunk release, that is
svn co https://svn.apache.org/repos/asf/struts/struts2/trunk STRUTS_#_#_#

Alternatively, for a 2.0.x branch release:

svn co https://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_2_0_X STRUTS_#_#_#
2 Update the POMs to remove "-SNAPSHOT" from the version, and update the version number in the backport/translate.bat and backport/translate.sh files.
  Update the site/xdocs/index.xml to point to the best-available release and draft version of the documentation.
  Commit the changes, and note the revision number.
3 Tag the release by making a SVN copy of the head or working branch
svn copy -r ###### 
  -m "WW-#### Tag r###### as Struts #.#.#" 
  • If the release is against a branch, remember to change the source path!
4 Assemble the release (see notes)
mvn clean install site -P all,alljars,pre-assembly,j4
cd assembly 
mvn clean assembly:assembly
  • The assembly module is not listed in the 'all' profile, so it does not get cleaned on line 1 above.
  • From a clean Subversion checkout against a clean Maven repository, you may need to build the plugins first so that they exist in your working repository.
5 Create a release folder at people.apache.org://www/people.apache.org/builds/struts/#.#.#, and make sure the staging repository at {{ http://people.apache.org/builds/struts/m2-staging-repository

}} is empty or missing

6 Under CygWin or Linux, sign the Maven artifacts and deploy them to the staging repository (from .\STRUTS_###) (see notes)
mvn deploy -P release,all,alljars,pre-assembly -Dgpg.passphrase="$PASSPHRASE"
  (Under CygWin, use the $ mount command to check your drive and path mappings.)
7 Sign the Maven artifacts (in assembly/target/assembly/out)
gpg --armor --output struts-#.#.#-all.zip.asc --detach-sig struts-#.#.#-all.zip 
openssl md5 < struts-#.#.#-all.zip > struts-#.#.#-all.zip.md5
8 pscp or scp the artifacts and signatures to people.apache.org:/www/people.apache.org/builds/struts/#.#.#
  Afterwards, check the permissions to be sure all uploaded files a world readable and group read/writable (chmod a+r / chmod g+w)
9 Leaving the clean STRUTS_### folder be, update your usual working copy (svn up), change the POMs to next version number, add the "-SNAPSHOT" suffix.
10 Update JIRA roadmap with tag/release date; Add next milestone to the JIRA roadmap; Create DONE and TODO filters, share with all, and remove obsolete TODO filter; Create new [Release Notes X.X.X] release page, link from Migration Guide, and link to prior release page and JIRA filters. Update site.xml with link to new release notes.
11 Deploy the new snapshot from the Struts 2 trunk (with the latest POMs)
mvn clean install site -P all,alljars,pre-assembly,j4
mvn site-deploy -Pall 
  At this point the omnibus ticket can safely be set to resolved.
12 Post a release/quality vote to the dev list (and only the dev list).
  After the vote, if the distribution is being mirrored (there was a favorable release vote), copy the ZIPs to /www/www.apache.org/dist/struts, and the Maven artifacts to /www/people.apache.org/repo/m2-ibiblio-rsync-repository/.
  cp -R /www/people.apache.org/builds/struts/X.X.X/m2-staging-repository/org/apache/struts/ /www/people.apache.org/repo/m2-ibiblio-rsync-repository/org/apache/struts/
  Create a /www/struts.apache.org/2.#.#/ folder for the documentation, and copy the contents of the docs distribution into that folder.
  Wait 24 hours before updating the download.xml page and making any announcement to the user list or general public.
  You must review the readme under m2-ibiblio-rsync for additional notes and caveats!
  After updating the site, be sure that the permissions are set to group writeable ($ chmod -R g+w .)

One time

Create and install a SSH key (CygWin/Linux)

Create and install a SSH key (Windows)

1 Install PuTTY
2 Use PuttyGen to create a SSH key (see Putty help for details)
3 Use PuTTY to ssh to people.apache.org
4 Create a ~/.ssh folder
5 pscp your SSH public key to ~/authorized_keys
6 chmod g-r $key and chmod o-r $key
6 ssh to p.a.o
7 Create a ~\.ssh folder and move authorized_keys there
8 Configure putty to use your private key and save the session

In either case

  • Note that the .ssh folder on p.a.o is hidden, but you can still cd to it, or see it using ls -a
  • Be sure that the permissions for the authorized_keys files is set to -rw-r--r-- (to see the permissions use ls -l). To remove the "group" or "other" permissions, use chmod go-w authorized_keys

Create a PGP key

1 Install cgywin, including utils/gpg
2 Generate a key with $ gpg --gen-key
3 Backup your cygwin home directory to another media
4 Append your key to {{ https://svn.apache.org/repos/asf/struts/maven/trunk/build/KEYS

}} and commit the change (see the KEYS file for instructions). After committing refresh the KEYS file at people.apache.org/www.apache.org/dist/struts/KEYS

5 Add this key to a public keyserver (such as pgpkeys.mit.edu)

Update Maven settings for our servers

1 Create a settings.xml under .m2 (in your Document and Settings folder)
<settings xmlns="http://maven.apache.org/POM/4.0.0"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <!-- Uncomment this when the 'central' repo on ibiblio is down 
         See: http://maven.apache.org/guides/mini/guide-mirror-settings.html -->
    <!-- mirrors>
    </mirrors -->

Expose a copy of known hosts to Maven

1 From cygwin, ssh to people.apache.org, save the public key if prompted, and exit
  cygwin will save the known hosts to your ~/.ssh folder, but the script cannot access it there (from Windows)
2 From cygwin (not Windows) create another .ssh folder at
3 Copy the known_hosts file to the new .ssh folder

Increase Memory Settings for Maven

To complete a full build and all the tests, it may be neccesary to increase the amount of memory available to Maven. The simplest thing is to set an environment variable.

  • MAVEN_OPTS=-Xmx512m or even MAVEN_OPTS=-Xmx1024m

Skip Tests

On occasion, it can be helpful to skip the unit tests to be sure the buid otherwise completes. From the command line, add

  • -Dmaven.test.skip=true

Do not do this when building a release!



If a tagged build needs to be retagged, be sure to delete the old tag first.

svn delete https://svn.apache.org/repos/asf/struts/struts2/tags/STRUTS_#_#_# -m "WW-### Removing first try at 2.#.#."

Interim Notes on Cobbling a Distribution

Before signing

  • There's a bug in the current Maven GPG. The workaround is, before signing, under each application's target folder, copy the application's WAR as a JAR. This should go away in the next GPG release.

Amending a log entry

If the commit was fine, but the log was wrong, updating the log entry is easy. For example,

> svn propset --revprop -r 504523 svn:log "WW-1715 Branch for 2.0.x at Struts 2.0.6-SNAPSHOT r504196"
> property 'svn:log' set on repository revision 504523

See svn help propset for more.

Sample Test Build Announcement

Test builds are only announced to the dev list. Announcements to the user list can only be made pursuant to a release vote with the consent of the PMC.

The test build of Struts 2.0.6 is available.

No determination as to the quality ('alpha,' 'beta,' or 'GA') of Struts 2.0.6 has been made, and at this time it is simply a "test build". We welcome any comments you may have, and will take all feedback into account if a quality vote is called for this build.

Release notes:

  • [LINK]


Maven 2 staging repository:

We appreciate the time and effort everyone has put toward contributing code and documentation, posting to the mailing lists, and logging issues.

Sample Release/Quality Vote

The Struts #.#.# test build is now available.

Release notes:


Maven 2 staging repository:

Once you have had a chance to review the test build, please respond with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s.

The vote will remain open for at least 72 hours, longer upon request. A vote can be amended at any time to upgrade or downgrade the quality of the release based on future experience. If an initial vote designates the build as "Beta", the release will be submitted for mirroring and announced to the user list. Once released as a public beta, subsequent quality votes on a build may be held on the user list.

As always, the act of voting carries certain obligations. A binding vote not only states an opinion, but means that the voter is agreeing to help do the work

Sample Release Announcement

The Apache Struts group is pleased to announce that Struts 2.0.6 is available as a "#####" release. [[The Beta designation indicates that we believe the distribution needs wider testing before being upgraded to a "General Availability" release. Your input is essential.] The GA designation is our highest quality grade. ]


The release is also available from the central Maven repository under Group ID "org.apache.struts".

The #.#.x series of the Apache Struts framework has a minimum requirement of the following specification versions:

  • Java Servlet #.# and JavaServer Pages (JSP) #.#
  • Java 2 Standard Platform Edition (J2SE) #.#

The release notes are available online at:

Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a ticket with JIRA.

– The Apache Struts group.

Fast-Tracking an Important Security Release

  • When a serious security issue arises, we should try to create a #.#.#.1 branch from the last GA release, and apply to that branch only
    the security patch.
  • If the patch first applies to XWork, or some other dependency, implore the other group to do the same, to avoid side-effects from other changes.
  • If the release manager would like to "fast track" a vote, so as to make a security fix available quickly, the preferred procedure is to
    • Include the term "fast-track" in the subject, as in [VOTE] Struts quality (fast track)
    • In the vote message, specify voting terms like:

      The Struts #.#.#.1 test build is now available.

      Release notes:


      Maven 2 staging repository:

      Once you have had a chance to review the test build, please respond with a vote on its quality:

      [ ] Leave at test build
      [ ] Alpha
      [ ] Beta
      [ ] General Availability (GA)

      Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s.

      This is a "fast-track" release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s), the release may be submitted for mirroring and announced to the usual channels.

      The website download link will include the mirroring timestamp parameter [1], which limits the selection of mirrors to those that have been refreshed since the indicated time and date. (After 24 hours, we *must* remove the timestamp parameter from the website link, to avoid unnecessary server load.) In the case of a fast-track release, the email announcement will not link directly to <download.cgi>, but to <downloads.html>, so that we can control use of the timestamp parameter.

      [1] <http://apache.org/dev/mirrors.html#use>