Hi folks, I have created a brand new wiki page describing the new release process in GitHub [1]. We are currently waiting for enabling the GPG secret in order to generate hash files and avoid the related error [2]. Finally I have also added the Docker image build and push steps in the workflow (currently never run yet) [3].
Cheers, PG [1] - https://cwiki.apache.org/confluence/display/CONNECTORS/New+Release+Process+in+GitHub [2] - https://github.com/apache/manifoldcf/actions/runs/9489551841/job/26151082040#step:21:13 [3] - https://github.com/apache/manifoldcf/blob/CONNECTORS-1754/.github/workflows/create-release-candidate.yml#L279 Il giorno ven 3 mag 2024 alle ore 11:18 Piergiorgio Lucidi < piergior...@apache.org> ha scritto: > Hi folks, > > in order to finalize the new release process, I created a ticket in the > INFRA project: > https://issues.apache.org/jira/browse/INFRA-25665 > > Then I had to involve the Apache Security Team for letting us use GitHub > GPG keys. > It seems that we have to adopt a release process similar to what our > friends at OpenDAL did for their project: > > https://github.com/apache/opendal/blob/main/website/community/committers/verify.md#check-the-maven-artifacts-of-opendal-java > > This is because the GitHub CI platform is not a trusted hardware for the > ASF, so for validating any new release, we have to build locally the same > package and verify the GPG sign and the checksums. > > Here is the documentation of the OpenDAL check script: > https://github.com/apache/opendal/tree/main/scripts > > I think that we could adopt exactly the same process. > What do you think? > > Cheers, > PG > > Il giorno ven 29 mar 2024 alle ore 20:13 Karl Wright <daddy...@gmail.com> > ha scritto: > >> Svn url for review: >> >> https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.26 >> >> Our area in this svn: >> >> https://dist.apache.org/repos/dist/dev/manifoldcf >> <https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.26 >> > >> >> Our area for releases in this svn: >> >> https://dist.apache.org/repos/dist/release/manifoldcf >> <https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.26 >> > >> >> To move a release candidate from one to the other (e.g. do the release): >> >> svn move >> https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.26 >> >> https://dist.apache.org/repos/dist/release/manifoldcf/apache-manifoldcf-2.26 >> <https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.26 >> > >> >> >> >> On Fri, Mar 29, 2024 at 3:09 PM Karl Wright <daddy...@gmail.com> wrote: >> >> > The script as it exists now (release.bat) creates the release artifacts, >> > signs them, and copies them into the svn development area. To actually >> > release, you then just need to move them (using svn move) to the release >> > part of the area. >> > >> > The machine I used to do this on died but the svn URL for the dev area >> is >> > the one I would send around for the review and signoff for the releases. >> > Let me look it up. >> > >> > >> > >> > >> > On Fri, Mar 29, 2024 at 11:44 AM Piergiorgio Lucidi < >> > piergior...@apache.org> wrote: >> > >> >> The open points now are related to the last two steps of our workflow: >> >> >> >> - Generating the file hashes using a shared GPG secret (in >> progress...) >> >> - Updating SVN public folders for publishing releases (TODO) >> >> >> >> We should agree with the Automated Release Process before proceeding: >> >> >> >> >> https://issues.apache.org/jira/browse/INFRA-25665?focusedCommentId=17832209&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17832209 >> >> >> >> Practically INFRA will generate a new GPG key and they will add the >> public >> >> key into the ManifoldCF KEYS file. >> >> This will let us manage the generation of file hashes using a GitHub >> >> actions. >> >> >> >> Do you all agree with this? >> >> Please let me know. >> >> Thanks. >> >> >> >> Cheers, >> >> PG >> >> >> >> Il giorno mar 26 mar 2024 alle ore 17:19 Karl Wright < >> daddy...@gmail.com> >> >> ha scritto: >> >> >> >> > Well we obviously need something that works, and just updating the >> >> script >> >> > to use github commands is one way to do that and would generate >> releases >> >> > like we do now. >> >> > >> >> > >> >> > >> >> > On Tue, Mar 12, 2024 at 9:00 AM Piergiorgio Lucidi < >> >> piergior...@apache.org >> >> > > >> >> > wrote: >> >> > >> >> > > Hi Karl, >> >> > > >> >> > > I tried to look at the current process but It's not clear to me >> what >> >> > > I should do now. >> >> > > Should I just use svn commands from GitHub in order to execute the >> >> same >> >> > > steps? >> >> > > Or do we have an alternative way without using svn? >> >> > > >> >> > > Do you know if we have something GitHub-centric for managing >> releases? >> >> > > >> >> > > Cheers, >> >> > > PG >> >> > > >> >> > > Il giorno mar 5 mar 2024 alle ore 21:53 Karl Wright < >> >> daddy...@gmail.com> >> >> > > ha >> >> > > scritto: >> >> > > >> >> > > > Very good! >> >> > > > >> >> > > > In the past we've often had to add new commits to the release >> branch >> >> > and >> >> > > > create a new RC. The RCs have to be copied into the staging area >> >> (in >> >> > an >> >> > > > svn repo) and then when actually released there's a simple svn >> >> command >> >> > to >> >> > > > do that. Are you familiar with that process? For this reason it >> >> may >> >> > be >> >> > > > better to separate the creation of the release branch from >> >> everything >> >> > > else. >> >> > > > >> >> > > > Karl >> >> > > > >> >> > > > >> >> > > > On Tue, Mar 5, 2024 at 9:23 AM Piergiorgio Lucidi < >> >> > > piergior...@apache.org> >> >> > > > wrote: >> >> > > > >> >> > > > > Hi folks, >> >> > > > > >> >> > > > > I have just pushed a potential GitHub workflow for creating the >> >> > release >> >> > > > > candidate branch and artifacts [1]. The related issue is >> >> available in >> >> > > > JIRA >> >> > > > > [2]. >> >> > > > > >> >> > > > > We need to test it but I think that it could be something >> close to >> >> > what >> >> > > > we >> >> > > > > need: >> >> > > > > >> >> > > > > 1. Create the new branch >> >> > > > > 2. Update CHANGES.txt, build.xml and all the poms >> >> > > > > 3. Run the Ant build >> >> > > > > 4. Run the Maven build (if we want to push artifacts on public >> >> repos) >> >> > > > > 5. Check licenses using Apache RAT >> >> > > > > 6. Commit and push the new branch >> >> > > > > 7. Upload artifacts as GitHub release assets >> >> > > > > >> >> > > > > Any feedback? >> >> > > > > Thanks everyone. >> >> > > > > >> >> > > > > Cheers, >> >> > > > > PG >> >> > > > > >> >> > > > > [1] - >> >> > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/apache/manifoldcf/blob/CONNECTORS-1754/.github/workflows/create-release-candidate.yml >> >> > > > > >> >> > > > > [2] - https://issues.apache.org/jira/browse/CONNECTORS-1754 >> >> > > > > -- >> >> > > > > Piergiorgio >> >> > > > > >> >> > > > >> >> > > >> >> > > >> >> > > -- >> >> > > Piergiorgio >> >> > > >> >> > >> >> >> >> >> >> -- >> >> Piergiorgio >> >> >> > >> > > > -- > Piergiorgio > -- Piergiorgio
