wombatu-kun opened a new pull request, #19275:
URL: https://github.com/apache/hudi/pull/19275

   ### Describe the issue this Pull Request addresses
   
   Closes #19274
   
   Inside a Maven module, RAT works. It is declared in the `<build><plugins>` 
of ~55 module poms and bound to the `compile` phase, so an ordinary build job 
does fail on a missing ASF header (verified: a header-less `.java` under 
`hudi-io/src/main/java/` makes `mvn -pl hudi-io compile` exit 1).
   
   Outside a module there is no working gate. Each of those RAT runs is scoped 
to its own module's `basedir`, and the root aggregator does not declare the 
plugin in `<build><plugins>`, so the only run that ever scans the repository 
root is the direct `mvn apache-rat:check` goal invocation - and that lives in 
exactly one place, `scripts/release/validate_source_rat.sh`, which always exits 
0 no matter what RAT reports (verified: a header-less file at the root is 
missed by `mvn -pl hudi-io compile` and caught by `mvn apache-rat:check`). So 
`rfc/`, `scripts/`, `docker/`, the root-level files, and any new non-Maven 
top-level directory are effectively unchecked.
   
   **The failure does not propagate.** The script is `(mvn apache-rat:check) || 
(echo "Rat Check Failed. [ERROR]" && exit 1)` followed by the success message. 
The `exit 1` runs in a `( ... )` subshell, so it exits the subshell rather than 
the script, and with no `set -e` control falls straight through to `RAT Check 
Passed [OK]` and a 0 exit status. On current master the `validate-source` job 
prints `BUILD FAILURE`, then `Too many files with unapproved license: 19`, then 
`Rat Check Failed. [ERROR]`, then `RAT Check Passed [OK]`, and the job is green.
   
   **17 of those 19 violations are phantom.** The job runs 
`create_source_directory.sh hudi-tmp-repo` before the RAT step, leaving a full 
copy of the tree in the workspace. The root `pom.xml` excludes 
`hudi-trino-plugin/**`, which is root-anchored and so does not exclude 
`hudi-tmp-repo/hudi-trino-plugin/**`; RAT scans the copy and reports its test 
resources. On a plain checkout the count is exactly 2.
   
   **The remaining 2 are real.** `rfc/rfc-99/variant-appendix.md` and 
`rfc/rfc-99/vector-appendix.md` carry no ASF header. They are the only 2 of the 
54 `rfc/**/*.md` files without one, and being outside any Maven module, nothing 
has ever flagged them.
   
   Found while fixing #19266, which is the same class of silently-inert guard 
in the sibling binary-file check in the same job.
   
   ### Summary and Changelog
   
   The license gate for everything outside a Maven module can now actually fail 
CI, and it no longer reports violations that do not exist.
   
   - `scripts/release/validate_source_rat.sh`: replace the subshell failure 
branch with `if ! mvn apache-rat:check ...; then ... exit 1; fi`, so a RAT 
failure fails the script. The error message now points at `target/rat.txt`, 
which lists the offending files, instead of suggesting a `--verbose` flag this 
script does not accept.
   - `pom.xml`: change the RAT exclude from `hudi-trino-plugin/**` to 
`**/hudi-trino-plugin/**`, so it also covers the copy that the source-release 
checks stage into a scratch directory. The intent of the exclusion, that 
`hudi-trino-plugin`'s license checks are handled by airlift, is unchanged; only 
the pattern's anchoring is.
   - `rfc/rfc-99/variant-appendix.md`, `rfc/rfc-99/vector-appendix.md`: add the 
ASF header, copied verbatim from the sibling `rfc/rfc-99/rfc-99.md`.
   
   Verified locally:
   
   | Scenario | master's script | This PR |
   | --- | --- | --- |
   | Plain checkout | RAT fails with 2 unapproved -> **exit 0, `RAT Check 
Passed [OK]`** | 0 unapproved -> exit 0 |
   | CI workspace, scratch copy present | RAT fails with 19 unapproved -> 
**exit 0, `RAT Check Passed [OK]`** | 0 unapproved -> exit 0 |
   | Header-less file planted at the repository root | RAT fails with 1 
unapproved -> **exit 0, `RAT Check Passed [OK]`** | **exit 1**, `Rat Check 
Failed. [ERROR]` |
   | Header-less file planted inside a Maven module | already caught by `mvn 
compile` (exit 1) | unchanged, still caught |
   
   ### Impact
   
   CI and release tooling only. No runtime, public API, config, storage format 
or user-facing change.
   
   The `validate-source` job becomes able to go red on a missing ASF header 
outside a Maven module, which is its purpose. It passes on this branch because 
the only two genuine violations in the tree are fixed here.
   
   ### Risk Level
   
   low
   
   Confined to one release-validation script, the anchoring of one RAT exclude 
pattern, and two RFC markdown files. The exclude change only widens where an 
existing exclusion applies. `mvn apache-rat:check` reports `Unapproved: 0` on 
this branch both with and without the scratch copy present, and the 
compile-phase RAT executions in the module poms are untouched.
   
   ### Documentation Update
   
   none
   
   ### Contributor's checklist
   
   - [x] Read through [contributor's 
guide](https://hudi.apache.org/contribute/how-to-contribute)
   - [x] Enough context is provided in the sections above
   - [x] Adequate tests were added if applicable
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to