Creating a Release

This page documents the steps to create a release.

Please note this section is for committers only.


Before creating a release ensure you have setup your own public OpenGPG key signature for signing the distribution.

An OpenGPG key can be generated using GnuPG. There is also a Windows port available.

Before starting the release ensure that you have your public key appended to the KEYS file and that the key is published to a public key server such as MIT. More info can be found here:

Building Distribution

  1. Update to the latest SVN revision:
    svn update
    Alternatively do a clean checkout as described on the page Source Code.
  2. Upgrade Click to the next version which consists of the following steps:

  3. Finalize website:

  4. Build documentation:

  5. Navigate to the /build folder and download the list of third-party library dependencies:
    ant get-deps
  6. Run checkstyle to ensure source code adheres to the coding standard:
    ant checkstyle
  7. Test the release and ensure there are no failures:
    ant test-all
  8. Build the Click distribution:
    ant build-distribution
    This step also creates MD5 and SHA1 hashes of the .zip file which must be published together with the distribution.
  9. Deploy the examples to a Servlet container (e.g. Tomcat) and test click-examples.
  10. Digitally sign the distribution If you have more than 1 GPG Key, use the -u argument to specify the KEY name.
    gpg --armor --output --detach-sig
  11. Upload the distribution to your account at under the folder /home/USER/public_html/click/click/X.X.X/dist, where USER is your Apache user name and X.X.X is the version number of Click.

    The following files must be uploaded:

    Make sure the uploaded files have the right permissions (664) and belong to the 'click' group to ensure that other members have proper access to these files. If not execute the following commands to ensure file and directory permissions are correct:
    cd ~/public_html/click/click/X.X.X/dist
    find . -type d | xargs chmod 775
    find . -type f | xargs chmod 664
    chgrp -R click *
  12. Verify the digital signatures at to ensure nothing went wrong with the upload.

    Please note if this is the first time you verify your key at, you'll need to import your public key first.

    Assuming your public key ID is 'B51329CB' and your key is available from the public key server '', the following command will import the key on

    gpg --keyserver --recv-keys B51329CB
    Next verify the signature with the following command:
    cd ~/public_html/click/click/X.X.X/dist
    gpg --verify


Each release must be voted by the PMC on the click-dev mailing list.

Vote threads are indicated by starting the subject line with [VOTE].

For a vote to pass at least three +1 votes are needed.

Votes are normally run for 72 hours. When starting the vote, indicate the date and time the vote period ends.

When the vote period ends, tally up the votes and report the final result to the mailing list.

Publishing the Release

  1. Tag the new release, e.g. click-2.0.1
    svn copy -m "tag X.X.X"
  2. Releases are published at under the folder:


    First login at apache:

    Then make sure your umask is set to 002. If not, enter the following command:
    umask 002

    In order to publish the release you can copy the files from your /public_html account to the apache distribution folder, for example:

    cp -r ~/public_html/click/click/X.X.X/dist/ /www/

Publishing Maven Bundles

Before publishing the artifacts, ensure the following settings are present in your Maven settings file "~/.m2/settings.xml":
  1. Ensure the version and dependencies of the following files are up to date: build/click.pom, build/click-extras.pom, build/click-mock.pom, build-nodeps.pom.
  2. Build the Maven artifacts:
    ant build-maven-bundles
  3. The maven sign-and-deploy command does not sign POM files, so you will have to do this manually. From the maven-upload folder execute the following commands:
    cd maven-upload
    gpg --armor --output click/click-X.X.X.pom.asc --detach-sig click/click-X.X.X.pom
    gpg --armor --output click-extras/click-extras-X.X.X.pom.asc --detach-sig click-extras/click-extras-X.X.X.pom
    gpg --armor --output click-mock/click-mock-X.X.X.pom.asc --detach-sig click-mock/click-mock-X.X.X.pom
    gpg --armor --output click-nodeps/click-nodeps-X.X.X.pom.asc --detach-sig click-nodeps/click-nodeps-X.X.X.pom
    The signed poms will have to be manually uploaded after the artifacts have been deployed. More on this in the next section.
  4. Maven snapshots must be uploaded to: /home/USER/public_html/click/click/X.X.X/maven2 (USER should be replaced with your home dir on while releases must be uploaded to: /www/

    Please note the mvn gpg:sign-and-deploy-file command will both sign and upload the maven artifacts to the server. You will be prompted for your GPG passphrase.

  5. Next upload the POM signature files to each artifact folder. The following POM's must be uploaded to their respective folders: (this step must be done for both snapshots and releases)
    click-X.X.X.pom.asc         ->  /www/
    click-extras-X.X.X.pom.asc  ->  /www/
    click-mock-X.X.X.pom.asc    ->  /www/
    click-nodeps-X.X.X.pom.asc  ->  /www/
  6. Once the artifacts and POM signatures have been uploaded, execute the following commands to ensure the file, directory permissions and group is correct. Note that because of a bug in "maven deploy", all maven-metadata.xml* files must have their permissions set to 664. (this step must be done for both snapshots and releases)
    cd /www/
    #cd public_html/click/click/X.X.X/maven2
    find . ! -perm 775 -type d -user ${USER} -exec chmod 775 {} \;
    find . ! -perm 664 -iname maven-metadata.xml* -user ${USER} -exec chmod 664 {} \;
    find . ! -perm 644 ! -iname maven-metadata.xml* -type f -user ${USER} -exec chmod 644 {} \;
  7. Once the artifacts are uploaded you need to verify the signatures: (this step must be done for both snapshots and releases)
    cd /www/
    #cd public_html/click/click/X.X.X/maven2/org/apache/click
    gpg --verify click/X.X.X/click-X.X.X.jar.asc click/X.X.X/click-X.X.X.jar
    gpg --verify click/X.X.X/click-X.X.X.pom.asc click/X.X.X/click-X.X.X.pom
    gpg --verify click-extras/X.X.X/click-extras-X.X.X.jar.asc click-extras/X.X.X/click-extras-X.X.X.jar
    gpg --verify click-extras/X.X.X/click-extras-X.X.X.pom.asc click-extras/X.X.X/click-extras-X.X.X.pom
    gpg --verify click-nodeps/X.X.X/click-nodeps-X.X.X.jar.asc click-nodeps/X.X.X/click-nodeps-X.X.X.jar
    gpg --verify click-nodeps/X.X.X/click-nodeps-X.X.X.pom.asc click-nodeps/X.X.X/click-nodeps-X.X.X.pom
    gpg --verify click-mock/X.X.X/click-mock-X.X.X.jar.asc click-mock/X.X.X/click-mock-X.X.X.jar
    gpg --verify click-mock/X.X.X/click-mock-X.X.X.pom.asc click-mock/X.X.X/click-mock-X.X.X.pom

Post release

The following tasks should be completed once the release is out: