wombatu-kun opened a new pull request, #19275: URL: https://github.com/apache/hudi/pull/19275
### Describe the issue this Pull Request addresses Closes #19274 Inside a Maven module, RAT works. It is declared in the `<build><plugins>` of ~55 module poms and bound to the `compile` phase, so an ordinary build job does fail on a missing ASF header (verified: a header-less `.java` under `hudi-io/src/main/java/` makes `mvn -pl hudi-io compile` exit 1). Outside a module there is no working gate. Each of those RAT runs is scoped to its own module's `basedir`, and the root aggregator does not declare the plugin in `<build><plugins>`, so the only run that ever scans the repository root is the direct `mvn apache-rat:check` goal invocation - and that lives in exactly one place, `scripts/release/validate_source_rat.sh`, which always exits 0 no matter what RAT reports (verified: a header-less file at the root is missed by `mvn -pl hudi-io compile` and caught by `mvn apache-rat:check`). So `rfc/`, `scripts/`, `docker/`, the root-level files, and any new non-Maven top-level directory are effectively unchecked. **The failure does not propagate.** The script is `(mvn apache-rat:check) || (echo "Rat Check Failed. [ERROR]" && exit 1)` followed by the success message. The `exit 1` runs in a `( ... )` subshell, so it exits the subshell rather than the script, and with no `set -e` control falls straight through to `RAT Check Passed [OK]` and a 0 exit status. On current master the `validate-source` job prints `BUILD FAILURE`, then `Too many files with unapproved license: 19`, then `Rat Check Failed. [ERROR]`, then `RAT Check Passed [OK]`, and the job is green. **17 of those 19 violations are phantom.** The job runs `create_source_directory.sh hudi-tmp-repo` before the RAT step, leaving a full copy of the tree in the workspace. The root `pom.xml` excludes `hudi-trino-plugin/**`, which is root-anchored and so does not exclude `hudi-tmp-repo/hudi-trino-plugin/**`; RAT scans the copy and reports its test resources. On a plain checkout the count is exactly 2. **The remaining 2 are real.** `rfc/rfc-99/variant-appendix.md` and `rfc/rfc-99/vector-appendix.md` carry no ASF header. They are the only 2 of the 54 `rfc/**/*.md` files without one, and being outside any Maven module, nothing has ever flagged them. Found while fixing #19266, which is the same class of silently-inert guard in the sibling binary-file check in the same job. ### Summary and Changelog The license gate for everything outside a Maven module can now actually fail CI, and it no longer reports violations that do not exist. - `scripts/release/validate_source_rat.sh`: replace the subshell failure branch with `if ! mvn apache-rat:check ...; then ... exit 1; fi`, so a RAT failure fails the script. The error message now points at `target/rat.txt`, which lists the offending files, instead of suggesting a `--verbose` flag this script does not accept. - `pom.xml`: change the RAT exclude from `hudi-trino-plugin/**` to `**/hudi-trino-plugin/**`, so it also covers the copy that the source-release checks stage into a scratch directory. The intent of the exclusion, that `hudi-trino-plugin`'s license checks are handled by airlift, is unchanged; only the pattern's anchoring is. - `rfc/rfc-99/variant-appendix.md`, `rfc/rfc-99/vector-appendix.md`: add the ASF header, copied verbatim from the sibling `rfc/rfc-99/rfc-99.md`. Verified locally: | Scenario | master's script | This PR | | --- | --- | --- | | Plain checkout | RAT fails with 2 unapproved -> **exit 0, `RAT Check Passed [OK]`** | 0 unapproved -> exit 0 | | CI workspace, scratch copy present | RAT fails with 19 unapproved -> **exit 0, `RAT Check Passed [OK]`** | 0 unapproved -> exit 0 | | Header-less file planted at the repository root | RAT fails with 1 unapproved -> **exit 0, `RAT Check Passed [OK]`** | **exit 1**, `Rat Check Failed. [ERROR]` | | Header-less file planted inside a Maven module | already caught by `mvn compile` (exit 1) | unchanged, still caught | ### Impact CI and release tooling only. No runtime, public API, config, storage format or user-facing change. The `validate-source` job becomes able to go red on a missing ASF header outside a Maven module, which is its purpose. It passes on this branch because the only two genuine violations in the tree are fixed here. ### Risk Level low Confined to one release-validation script, the anchoring of one RAT exclude pattern, and two RFC markdown files. The exclude change only widens where an existing exclusion applies. `mvn apache-rat:check` reports `Unapproved: 0` on this branch both with and without the scratch copy present, and the compile-phase RAT executions in the module poms are untouched. ### Documentation Update none ### Contributor's checklist - [x] Read through [contributor's guide](https://hudi.apache.org/contribute/how-to-contribute) - [x] Enough context is provided in the sections above - [x] Adequate tests were added if applicable -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
