From b7a79f66e6f9d6b5ba5b501130112d7fd59c868f Mon Sep 17 00:00:00 2001 From: Sutou Kouhei Date: Fri, 17 Jan 2025 17:51:49 +0900 Subject: [PATCH] GH-529: [Release] Add support for uploading binary artifacts to repository.apache.org Fixes GH-529. --- .gitignore | 1 + dev/release/.env.example | 27 ++++++++++++ dev/release/README.md | 52 ++++++++++++++-------- dev/release/release_rc.sh | 91 ++++++++++++++++++++++++++++++++++++++- 4 files changed, 151 insertions(+), 20 deletions(-) create mode 100644 dev/release/.env.example diff --git a/.gitignore b/.gitignore index 8c7bd135e1..205be77eaf 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,7 @@ /apache-arrow-java-* /apache-arrow-java.tar.gz /build/ +/dev/release/.env /dev/release/apache-rat-0.16.1.jar /dev/release/filtered_rat.txt /dev/release/rat.xml diff --git a/dev/release/.env.example b/dev/release/.env.example new file mode 100644 index 0000000000..cc7fd58bfc --- /dev/null +++ b/dev/release/.env.example @@ -0,0 +1,27 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# The GPG key ID to sign artifacts. The GPG key ID must be registered +# to both of the followings: +# +# * https://dist.apache.org/repos/dist/dev/arrow/KEYS +# * https://dist.apache.org/repos/dist/release/arrow/KEYS +# +# See these files how to import your GPG key ID to these files. +# +# You must set this. +#GPG_KEY_ID=08D3564B7C6A9CAFBFF6A66791D18FCF079F8007 diff --git a/dev/release/README.md b/dev/release/README.md index eafbb61b8c..0294ebedc9 100644 --- a/dev/release/README.md +++ b/dev/release/README.md @@ -56,30 +56,13 @@ RC without merging the pull request, the script to cut a RC is failed. ### Prepare RC and vote -Run `dev/release/release_rc.sh` on a working copy of -`git@github.com:apache/arrow-java` not your fork: - -```console -$ git clone git@github.com:apache/arrow-java.git -$ cd arrow-java -$ GH_TOKEN=${YOUR_GITHUB_TOKEN} dev/release/release_rc.sh ${RC} -(Send a vote email to dev@arrow.apache.org. - You can use a draft shown by release_rc.sh for the email.) -``` - -Here is an example to release RC1: - -```console -$ GH_TOKEN=${YOUR_GITHUB_TOKEN} dev/release/release_rc.sh 1 -``` - -The argument of `release_rc.sh` is the RC number. If RC1 has a -problem, we'll increment the RC number such as RC2, RC3 and so on. +You can use `dev/release/release_rc.sh`. Requirements to run `release_rc.sh`: * You must be an Apache Arrow committer or PMC member * You must prepare your PGP key for signing + * You must configure Maven If you don't have a PGP key, https://infra.apache.org/release-signing.html#generate may be helpful. @@ -102,6 +85,37 @@ $ head KEYS $ svn ci KEYS ``` +Configure Maven to publish artifacts to Apache repositories. You will +need to setup a master password at `~/.m2/settings-security.xml` and +`~/.m2/settings.xml` as specified on [the Apache +guide](https://infra.apache.org/publishing-maven-artifacts.html). It +can be tested with the following command: + +```bash +# You might need to export GPG_TTY=$(tty) to properly prompt for a passphrase +mvn clean install -Papache-release +``` + +Run `dev/release/release_rc.sh` on a working copy of +`git@github.com:apache/arrow-java` not your fork: + +```console +$ git clone git@github.com:apache/arrow-java.git +$ cd arrow-java +$ GH_TOKEN=${YOUR_GITHUB_TOKEN} dev/release/release_rc.sh ${RC} +(Send a vote email to dev@arrow.apache.org. + You can use a draft shown by release_rc.sh for the email.) +``` + +Here is an example to release RC1: + +```console +$ GH_TOKEN=${YOUR_GITHUB_TOKEN} dev/release/release_rc.sh 1 +``` + +The argument of `release_rc.sh` is the RC number. If RC1 has a +problem, we'll increment the RC number such as RC2, RC3 and so on. + ### Publish We need to do the followings to publish a new release: diff --git a/dev/release/release_rc.sh b/dev/release/release_rc.sh index de053578e0..dd61f9c9e6 100755 --- a/dev/release/release_rc.sh +++ b/dev/release/release_rc.sh @@ -84,6 +84,13 @@ artifacts_dir="apache-arrow-java-${version}-rc${rc}" signed_artifacts_dir="${artifacts_dir}-signed" if [ "${RELEASE_SIGN}" -gt 0 ]; then + if [ ! -f "${SOURCE_DIR}/.env" ]; then + echo "You must create ${SOURCE_DIR}/.env" + echo "You can use ${SOURCE_DIR}/.env.example as template" + exit 1 + fi + . "${SOURCE_DIR}/.env" + git_origin_url="$(git remote get-url origin)" repository="${git_origin_url#*github.com?}" repository="${repository%.git}" @@ -120,21 +127,103 @@ if [ "${RELEASE_SIGN}" -gt 0 ]; then continue ;; esac - gpg --armor \ + gpg \ + --armor \ --detach-sig \ + --local-user "${GPG_KEY_ID}" \ --output "${signed_artifacts_dir}/$(basename "${artifact}").asc" \ "${artifact}" done fi +# arrow-c-data-18.2.0-sources.jar -> +# jar +extract_type() { + local path="$1" + echo "${path}" | grep -o "[^.]*$" +} + +# arrow-c-data-18.2.0-sources.jar arrow-c-data-18.2.0 -> +# sources +extract_classifier() { + local path="$1" + local base="$2" + basename "${path}" | sed -e "s/^${base}-//g" -e "s/\.[^.]*$//g" +} + if [ "${RELEASE_UPLOAD}" -gt 0 ]; then echo "Uploading signature" gh release upload "${rc_tag}" \ --clobber \ --repo "${repository}" \ "${signed_artifacts_dir}"/*.asc + + echo "Uploading packages" + for pom in "${artifacts_dir}"/*.pom; do + base=$(basename "${pom}" .pom) + files=() + types=() + classifiers=() + args=() + args+=(deploy:deploy-file) + args+=(-Durl=https://repository.apache.org/service/local/staging/deploy/maven2) + args+=(-DrepositoryId=apache.releases.https) + args+=(-DretryFailedDeploymentCount=10) + args+=(-DpomFile="${pom}") + if [ -f "${artifacts_dir}/${base}.jar" ]; then + jar="${artifacts_dir}/${base}.jar" + args+=(-Dfile="${jar}") + files+=("${signed_artifacts_dir}/${base}.jar.asc") + types+=("jar.asc") + classifiers+=("") + else + args+=(-Dfile="${pom}") + fi + files+=("${signed_artifacts_dir}/${base}.pom.asc") + types+=("pom.asc") + classifiers+=("") + if [ "$(echo "${artifacts_dir}/${base}"-*)" != "${artifacts_dir}/${base}-*" ]; then + for other_file in "${artifacts_dir}/${base}"-*; do + type="$(extract_type "${other_file}")" + case "${type}" in + sha256 | sha512) + continue + ;; + esac + classifier=$(extract_classifier "${other_file}" "${base}") + files+=("${other_file}") + types+=("${type}") + classifiers+=("${classifier}") + other_file_base="$(basename "${other_file}")" + files+=("${signed_artifacts_dir}/${other_file_base}.asc") + types+=("${type}.asc") + classifiers+=("${classifier}") + done + fi + args+=(-Dfiles="$( + IFS=, + echo "${files[*]}" + )") + args+=(-Dtypes="$( + IFS=, + echo "${types[*]}" + )") + args+=(-Dclassifiers="$( + IFS=, + echo "${classifiers[*]}" + )") + mvn "${args[@]}" + done + + echo + echo "Success!" + echo "Press the 'Close' button manually by Web interface:" + echo " https://repository.apache.org/#stagingRepositories" + echo "It publishes the artifacts to the staging repository:" + echo " https://repository.apache.org/content/repositories/staging/org/apache/arrow/" fi +echo echo "Draft email for dev@arrow.apache.org mailing list" echo "" echo "---------------------------------------------------------"