This is an automated email from the ASF dual-hosted git repository. henrik pushed a commit to branch asf-verify in repository https://gitbox.apache.org/repos/asf/otava.git
commit ef64531e38d3e87d7165596958b6d31f9f076aef Author: Henrik Ingo <[email protected]> AuthorDate: Wed Nov 12 23:18:37 2025 -0800 Add a bash script that contributors may use/adapt to validate releases --- util/verify-asf-release | 106 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) diff --git a/util/verify-asf-release b/util/verify-asf-release new file mode 100755 index 0000000..c2f7c38 --- /dev/null +++ b/util/verify-asf-release @@ -0,0 +1,106 @@ +#!/bin/bash + +# This is a script that contributors can use to verify release candidates before voting +# Note: ASF rules specifically require each contributor, ultimately committer, to personally, +# that is, manually, inspect a release candidate source tar file before voting on it. +# Scripting this "manual" process is allowed. Also sharing such scripts between contributors +# is allowed. If you use this script, consider adding your own checks or variations to diversify +# the positive impact on quality that this process is intended to have. +# Note that trying to fully automate these checks, for example by putting this script in CI, +# is not allowed. Releases must always be approved via voting, and voters must have personally +# validated the release. + + +set -e +set -x + + +PYTHON_VERSION=3.8 +PROJECT_NAME="apache-otava" +SHORT_NAME="otava" +PROJECT_VERSION="0.7.0-incubating-rc3" +DIST="dev/incubator" +#DIST="release/incubator" + +ASF_BASE_URL="https://dist.apache.org/repos/dist"; +KEYS_URL="${ASF_BASE_URL}/release/incubator/KEYS" +BASE_URL="${ASF_BASE_URL}/${DIST}/${SHORT_NAME}/${PROJECT_VERSION}" + +TAR_BASE="${PROJECT_NAME}-${PROJECT_VERSION}" +TAR_FILE="${TAR_BASE}-src.tar.gz" +TAR_URL="${BASE_URL}/${TAR_FILE}" + + +# Just execute the tests, skip the download and unpack +workdir=$1 + + +if [[ ! -d ${workdir} ]] +then +###################################### Download and unpack #########################################3 + uname=asf-verifier-$RANDOM + uvenv=venv-$uname + workdir=/tmp/$uname + + set +x + + echo " " + + echo "Please execute:" + echo "" + echo " gpg --fetch-keys $KEYS_URL" + echo "" + echo "... manually." + echo "(For security reasons I won't.)" + echo "" + set -x + + + mkdir /tmp/$uname + cd /tmp/$uname + + curl -f "$TAR_URL" > "$TAR_FILE" + curl -f -o "$TAR_FILE".asc "$TAR_URL".asc + curl -f -o "$TAR_FILE".sha512 "$TAR_URL".sha512 + + gpg -v --verify "$TAR_FILE".asc "$TAR_FILE" + sha512sum --check "$TAR_FILE".sha512 + + tar xvf "$TAR_FILE" + #cd "$PROJECT_NAME" + ls -laiFhR +else + cd $workdir +fi +cd ${SHORT_NAME}-${PROJECT_VERSION} +cat README.md +cat LICENSE +cat DISCLAIMER +cat NOTICE + +echo +echo Try to actually execute something +echo + +set -x +uv venv --allow-existing +uv pip install . +uv run otava + +# Commented out lines from here on are because they don't work +# uv run otava -h +uv run otava analyze -h + +uv run otava list-groups # There are no groups yet +uv run otava --config-file examples/csv/config/otava.yaml analyze -h +uv run otava --config-file examples/csv/config/otava.yaml list-groups +uv run otava --config-file examples/csv/config/otava.yaml list-tests + +# This works, but it didn't analyze local.sample +# uv run otava --config-file examples/csv/config/otava.yaml analyze local.sample + +# This one fails and prints an "ERROR: ..." message, but doesn't return with nonzero exit +uv run otava --config-file examples/csv/config/otava.yaml analyze --tests-local.sample-file=examples/csv/data/local_sample.csv local.sample + + +docker compose -f examples/csv/docker-compose.yaml run --build otava analyze local.sample
