(airflow) branch main updated: Apache RAT 0.18 is released, upgrade references (#64231)

amoghdesai Thu, 26 Mar 2026 00:08:48 -0700

This is an automated email from the ASF dual-hosted git repository.

amoghdesai pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git



The following commit(s) were added to refs/heads/main by this push:
     new a8e130d39e2 Apache RAT 0.18 is released, upgrade references (#64231)
a8e130d39e2 is described below

commit a8e130d39e21fd17e7508752d4f73f1937c5fbc6
Author: Jens Scheffler <[email protected]>
AuthorDate: Thu Mar 26 08:08:31 2026 +0100

    Apache RAT 0.18 is released, upgrade references (#64231)
---
 dev/README_RELEASE_AIRFLOW.md                            | 12 ++++++------
 dev/README_RELEASE_AIRFLOWCTL.md                         | 12 ++++++------
 dev/README_RELEASE_HELM_CHART.md                         | 14 +++++++-------
 dev/README_RELEASE_PROVIDERS.md                          | 12 ++++++------
 dev/README_RELEASE_PYTHON_CLIENT.md                      | 12 ++++++------
 dev/breeze/src/airflow_breeze/utils/release_validator.py | 10 +++++-----
 scripts/ci/dockerfiles/apache-rat/build_and_push.sh      |  2 +-
 7 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/dev/README_RELEASE_AIRFLOW.md b/dev/README_RELEASE_AIRFLOW.md
index e59f7db4f39..a750dbf67bd 100644
--- a/dev/README_RELEASE_AIRFLOW.md
+++ b/dev/README_RELEASE_AIRFLOW.md
@@ -903,10 +903,10 @@ Download the latest jar from 
https://creadur.apache.org/rat/download_rat.cgi (un
 You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
-wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz
 -O /tmp/apache-rat-0.17-bin.tar.gz
-echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
-tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz.sha512
+wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz
 -O /tmp/apache-rat-0.18-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.18-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.18-bin.tar.gz -C /tmp
 ```
 
 Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
@@ -919,13 +919,13 @@ Run the check:
 
 ```shell script
 cp ${AIRFLOW_REPO_ROOT}/.rat-excludes /tmp/apache-airflow-src/.rat-excludes
-java -jar /tmp/apache-rat-0.17/apache-rat-0.17.jar --input-exclude-file 
/tmp/apache-airflow-src/.rat-excludes /tmp/apache-airflow-src/ | grep -E "! 
|INFO: "
+java -jar /tmp/apache-rat-0.18/apache-rat-0.18.jar --input-exclude-file 
/tmp/apache-airflow-src/.rat-excludes /tmp/apache-airflow-src/ | grep -E "! 
|INFO: "
 ```
 
 You should see no files reported as Unknown or with wrong licence and summary 
of the check similar to:
 
 ```
-INFO: Apache Creadur RAT 0.17 (Apache Software Foundation)
+INFO: Apache Creadur RAT 0.18 (Apache Software Foundation)
 INFO: Excluding patterns: .git-blame-ignore-revs, .github/*, .git ...
 INFO: Excluding MISC collection.
 INFO: Excluding HIDDEN_DIR collection.
diff --git a/dev/README_RELEASE_AIRFLOWCTL.md b/dev/README_RELEASE_AIRFLOWCTL.md
index 6c7cdcd205b..4258a21f25a 100644
--- a/dev/README_RELEASE_AIRFLOWCTL.md
+++ b/dev/README_RELEASE_AIRFLOWCTL.md
@@ -550,10 +550,10 @@ Download the latest jar from 
https://creadur.apache.org/rat/download_rat.cgi (un
 You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
-wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz
 -O /tmp/apache-rat-0.17-bin.tar.gz
-echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
-tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz.sha512
+wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz
 -O /tmp/apache-rat-0.18-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.18-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.18-bin.tar.gz -C /tmp
 ```
 
 Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
@@ -566,13 +566,13 @@ Run the check:
 
 ```shell script
 cp ${AIRFLOW_REPO_ROOT}/.rat-excludes /tmp/apache-airflow-src/.rat-excludes
-java -jar /tmp/apache-rat-0.17/apache-rat-0.17.jar --input-exclude-file 
/tmp/apache-airflow-src/.rat-excludes /tmp/apache-airflow-src/ | grep -E "! 
|INFO: "
+java -jar /tmp/apache-rat-0.18/apache-rat-0.18.jar --input-exclude-file 
/tmp/apache-airflow-src/.rat-excludes /tmp/apache-airflow-src/ | grep -E "! 
|INFO: "
 ```
 
 You should see no files reported as Unknown or with wrong licence and summary 
of the check similar to:
 
 ```
-INFO: Apache Creadur RAT 0.17 (Apache Software Foundation)
+INFO: Apache Creadur RAT 0.18 (Apache Software Foundation)
 INFO: Excluding patterns: .git-blame-ignore-revs, .github/*, .git ...
 INFO: Excluding MISC collection.
 INFO: Excluding HIDDEN_DIR collection.
diff --git a/dev/README_RELEASE_HELM_CHART.md b/dev/README_RELEASE_HELM_CHART.md
index d22d7662bd5..053b38de7a2 100644
--- a/dev/README_RELEASE_HELM_CHART.md
+++ b/dev/README_RELEASE_HELM_CHART.md
@@ -419,7 +419,7 @@ For license checks, the .rat-excludes files is included, so 
you can run the foll
 
 tar -xvf airflow-chart-${VERSION}-source.tar.gz
 cd airflow-chart-${VERSION}
-java -jar apache-rat-0.13.jar chart -E .rat-excludes
+java -jar apache-rat-0.18.jar chart -E .rat-excludes
 
 Please note that the version number excludes the \`rcX\` string, so it's now
 simply ${VERSION}. This will allow us to rename the artifact without modifying
@@ -550,10 +550,10 @@ cd ${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION_RC}
 You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
-wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz
 -O /tmp/apache-rat-0.17-bin.tar.gz
-echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
-tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz.sha512
+wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz
 -O /tmp/apache-rat-0.18-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.18-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.18-bin.tar.gz -C /tmp
 ```
 
 * Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
@@ -565,7 +565,7 @@ rm -rf /tmp/apache/airflow-helm-chart-src && mkdir -p 
/tmp/apache/airflow-helm-c
 
 ```shell
 cp ${AIRFLOW_REPO_ROOT}/.rat-excludes 
/tmp/apache/airflow-helm-chart-src/.rat-excludes
-java -jar /tmp/apache-rat-0.17/apache-rat-0.17.jar --input-exclude-file 
/tmp/apache/airflow-helm-chart-src/.rat-excludes 
/tmp/apache/airflow-helm-chart-src/ | grep -E "! |INFO: "
+java -jar /tmp/apache-rat-0.18/apache-rat-0.18.jar --input-exclude-file 
/tmp/apache/airflow-helm-chart-src/.rat-excludes 
/tmp/apache/airflow-helm-chart-src/ | grep -E "! |INFO: "
 ```
 
 where `.rat-excludes` is the file in the root of Chart source code.
@@ -573,7 +573,7 @@ where `.rat-excludes` is the file in the root of Chart 
source code.
 You should see no files reported as Unknown or with wrong licence and summary 
of the check similar to:
 
 ```
-INFO: Apache Creadur RAT 0.17 (Apache Software Foundation)
+INFO: Apache Creadur RAT 0.18 (Apache Software Foundation)
 INFO: Excluding patterns: .git-blame-ignore-revs, .github/*, .git ...
 INFO: Excluding MISC collection.
 INFO: Excluding HIDDEN_DIR collection.
diff --git a/dev/README_RELEASE_PROVIDERS.md b/dev/README_RELEASE_PROVIDERS.md
index 745ab206554..bbc713c1aa7 100644
--- a/dev/README_RELEASE_PROVIDERS.md
+++ b/dev/README_RELEASE_PROVIDERS.md
@@ -843,10 +843,10 @@ Download the latest jar from 
https://creadur.apache.org/rat/download_rat.cgi (un
 You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
-wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz
 -O /tmp/apache-rat-0.17-bin.tar.gz
-echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
-tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz.sha512
+wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz
 -O /tmp/apache-rat-0.18-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.18-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.18-bin.tar.gz -C /tmp
 ```
 
 Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
@@ -859,13 +859,13 @@ Run the check:
 
 ```shell script
 cp ${AIRFLOW_REPO_ROOT}/.rat-excludes 
/tmp/apache-airflow-providers-src/.rat-excludes
-java -jar /tmp/apache-rat-0.17/apache-rat-0.17.jar --input-exclude-file 
/tmp/apache-airflow-providers-src/.rat-excludes 
/tmp/apache-airflow-providers-src/ | grep -E "! |INFO: "
+java -jar /tmp/apache-rat-0.18/apache-rat-0.18.jar --input-exclude-file 
/tmp/apache-airflow-providers-src/.rat-excludes 
/tmp/apache-airflow-providers-src/ | grep -E "! |INFO: "
 ```
 
 You should see no files reported as Unknown or with wrong licence and summary 
of the check similar to:
 
 ```
-INFO: Apache Creadur RAT 0.17 (Apache Software Foundation)
+INFO: Apache Creadur RAT 0.18 (Apache Software Foundation)
 INFO: Excluding patterns: .git-blame-ignore-revs, .github/*, .git ...
 INFO: Excluding MISC collection.
 INFO: Excluding HIDDEN_DIR collection.
diff --git a/dev/README_RELEASE_PYTHON_CLIENT.md 
b/dev/README_RELEASE_PYTHON_CLIENT.md
index a78c3c0892c..4801a7efc0d 100644
--- a/dev/README_RELEASE_PYTHON_CLIENT.md
+++ b/dev/README_RELEASE_PYTHON_CLIENT.md
@@ -487,10 +487,10 @@ Download the latest jar from 
https://creadur.apache.org/rat/download_rat.cgi (un
 You can run this command to do it for you (including checksum verification for 
your own security):
 
 ```shell script
-# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512
-wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz
 -O /tmp/apache-rat-0.17-bin.tar.gz
-echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.17-bin.tar.gz" | sha512sum -c -
-tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
+# Checksum value is taken from 
https://downloads.apache.org/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz.sha512
+wget -q 
https://archive.apache.org/dist/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz
 -O /tmp/apache-rat-0.18-bin.tar.gz
+echo 
"32848673dc4fb639c33ad85172dfa9d7a4441a0144e407771c9f7eb6a9a0b7a9b557b9722af968500fae84a6e60775449d538e36e342f786f20945b1645294a0
  /tmp/apache-rat-0.18-bin.tar.gz" | sha512sum -c -
+tar -xzf /tmp/apache-rat-0.18-bin.tar.gz -C /tmp
 ```
 
 Unpack the release source archive (the `<package + version>-source.tar.gz` 
file) to a folder
@@ -503,13 +503,13 @@ Run the check:
 
 ```shell script
 cp ${AIRFLOW_REPO_ROOT}/.rat-excludes 
/tmp/apache-airflow-python-client-src/.rat-excludes
-java -jar /tmp/apache-rat-0.17/apache-rat-0.17.jar --input-exclude-file 
/tmp/apache-airflow-python-client-src/.rat-excludes 
/tmp/apache-airflow-python-client-src/ | grep -E "! |INFO: "
+java -jar /tmp/apache-rat-0.18/apache-rat-0.18.jar --input-exclude-file 
/tmp/apache-airflow-python-client-src/.rat-excludes 
/tmp/apache-airflow-python-client-src/ | grep -E "! |INFO: "
 ```
 
 You should see no files reported as Unknown or with wrong licence and summary 
of the check similar to:
 
 ```
-INFO: Apache Creadur RAT 0.17 (Apache Software Foundation)
+INFO: Apache Creadur RAT 0.18 (Apache Software Foundation)
 INFO: Excluding patterns: .git-blame-ignore-revs, .github/*, .git ...
 INFO: Excluding MISC collection.
 INFO: Excluding HIDDEN_DIR collection.
diff --git a/dev/breeze/src/airflow_breeze/utils/release_validator.py 
b/dev/breeze/src/airflow_breeze/utils/release_validator.py
index a28ce5bf996..cc3ef885bab 100644
--- a/dev/breeze/src/airflow_breeze/utils/release_validator.py
+++ b/dev/breeze/src/airflow_breeze/utils/release_validator.py
@@ -52,10 +52,10 @@ class ReleaseValidator(ABC):
     """Base class for release validators with common functionality for PMC 
verification."""
 
     APACHE_RAT_JAR_DOWNLOAD_URL = (
-        
"https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz";
+        
"https://downloads.apache.org/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz";
     )
     APACHE_RAT_JAR_SHA512_DOWNLOAD_URL = (
-        
"https://downloads.apache.org/creadur/apache-rat-0.17/apache-rat-0.17-bin.tar.gz.sha512";
+        
"https://downloads.apache.org/creadur/apache-rat-0.18/apache-rat-0.18-bin.tar.gz.sha512";
     )
     GPG_KEYS_URL = "https://dist.apache.org/repos/dist/release/airflow/KEYS";
 
@@ -481,15 +481,15 @@ class ReleaseValidator(ABC):
 
         Returns the path to the jar file, or None if download/verification 
failed.
         """
-        rat_jar = Path("/tmp/apache-rat-0.17/apache-rat-0.17.jar")
+        rat_jar = Path("/tmp/apache-rat-0.18/apache-rat-0.18.jar")
 
         if rat_jar.exists():
             console_print("[green]Apache RAT already present[/green]")
             return rat_jar
 
         console_print("Downloading Apache RAT...")
-        rat_tarball = Path("/tmp/apache-rat-0.17-bin.tar.gz")
-        rat_sha512 = Path("/tmp/apache-rat-0.17-bin.tar.gz.sha512")
+        rat_tarball = Path("/tmp/apache-rat-0.18-bin.tar.gz")
+        rat_sha512 = Path("/tmp/apache-rat-0.18-bin.tar.gz.sha512")
 
         # Download tarball
         wget_result = run_command(
diff --git a/scripts/ci/dockerfiles/apache-rat/build_and_push.sh 
b/scripts/ci/dockerfiles/apache-rat/build_and_push.sh
index 0980c121d6c..1ed6600ab88 100755
--- a/scripts/ci/dockerfiles/apache-rat/build_and_push.sh
+++ b/scripts/ci/dockerfiles/apache-rat/build_and_push.sh
@@ -19,7 +19,7 @@ set -euo pipefail
 GITHUB_REPOSITORY=${GITHUB_REPOSITORY:="apache/airflow"}
 readonly GITHUB_REPOSITORY
 
-APACHERAT_VERSION="0.17"
+APACHERAT_VERSION="0.18"
 readonly APACHERAT_VERSION
 
 AIRFLOW_APACHERAT_VERSION="2025.10.24"

(airflow) branch main updated: Apache RAT 0.18 is released, upgrade references (#64231)

Reply via email to