Can we maybe also remove the md5 files and create sha512 files, when the
checksum is correct?
Carsten
Am 09.09.2019 um 19:25 schrieb Daniel Klco:
Thanks Radu for doing the hard work. As predicted, once that was in place,
the CI check was relatively straightforward. I added the code to check the
CI status from GitHub, updated the GPG check to download the Sling key file
and added a summary message letting the user know if all of the checks
succeeded:
https://github.com/apache/sling-org-apache-sling-committer-cli/commit/310b49d9d57ba97cc651468ab14143f15433b202
You should now be able to do the following:
bash-3.2$ docker run --env-file=./docker-env apache/sling-cli release
verify --repository=2126
org.apache.sling.fileoptim-0.9.4-source-release.zip
GPG: signed by Dan Klco (CODE SIGNING KEY) <dk...@apache.org> with key
(id=0xF0EAC1A44C6E4124;
fingerprint=4D78347F4F4F868D8EC2CD13F0EAC1A44C6E4124)
SHA-1: VALID (ea25bb7fb0cb0bff51f20eb4d21cb91d5262259d)
MD-5: VALID (69c30bb2f5e117d1f4ba2d4278b15c0e)
org.apache.sling.fileoptim-0.9.4.jar
GPG: signed by Dan Klco (CODE SIGNING KEY) <dk...@apache.org> with key
(id=0xF0EAC1A44C6E4124;
fingerprint=4D78347F4F4F868D8EC2CD13F0EAC1A44C6E4124)
SHA-1: VALID (5a5df233209b018420f4255a3a087aeff8bb0a01)
MD-5: VALID (8be14fc95cb74e1d3ff23869dfe9afef)
org.apache.sling.fileoptim-0.9.4.pom
GPG: signed by Dan Klco (CODE SIGNING KEY) <dk...@apache.org> with key
(id=0xF0EAC1A44C6E4124;
fingerprint=4D78347F4F4F868D8EC2CD13F0EAC1A44C6E4124)
SHA-1: VALID (e08d7a115313af4c10e7006022d730e07a1cfc42)
MD-5: VALID (cfc07c2782b95a3c41e0b8b61fff54f2)
CI Status: VALID:
continuous-integration/jenkins/branch
State: success
Description: This commit looks good
See:
https://builds.apache.org/job/Sling/job/sling-org-apache-sling-file-optimization/job/master/37/display/redirect
org.apache.sling.fileoptim-0.9.4-javadoc.jar
GPG: signed by Dan Klco (CODE SIGNING KEY) <dk...@apache.org> with key
(id=0xF0EAC1A44C6E4124;
fingerprint=4D78347F4F4F868D8EC2CD13F0EAC1A44C6E4124)
SHA-1: VALID (003ebb552c39c7df07613ed21e7d11d8cc51d27a)
MD-5: VALID (f9b54cca8995a115b978716bb5ac9c14)
org.apache.sling.fileoptim-0.9.4-sources.jar
GPG: signed by Dan Klco (CODE SIGNING KEY) <dk...@apache.org> with key
(id=0xF0EAC1A44C6E4124;
fingerprint=4D78347F4F4F868D8EC2CD13F0EAC1A44C6E4124)
SHA-1: VALID (ff94c1c349390cd6e9e4316c648ce6909757bef2)
MD-5: VALID (746e62e2e70c006ad083ac76c18da798)
Release Summary: VALID (16 checks executed)
On Mon, Sep 9, 2019 at 9:16 AM Daniel Klco <daniel.k...@gmail.com> wrote:
Nice! The approach using the Lucene search of the repo contents is much
cleaner than what I was thinking.
On Sun, Sep 8, 2019 at 1:00 PM Radu Cotescu <r...@apache.org> wrote:
Hi Daniel,
On 6 Sep 2019, at 18:01, Daniel Klco <daniel.k...@gmail.com> wrote:
Thanks Radu,
I've been looking into this on and off over the last few days and I'm
still
struggling to see the value of re-implementing all of this in Java
instead
of relying on a simple series of scripts. Sure it's possible to do GPG
key
and Hash validation, but I'd still need to write a scraper to download
the
artifacts from Nexus and then all of the code around these other
functions,
each of which are hundreds of lines of Java code vs a single line in
BASH.
What would you think about flipping this the other way around? Instead
of
re-implementing in Java, make the docker image more flexible and use
scripts to decide which function to invoke?
I've put together a quick example of what I'm thinking here:
https://github.com/apache/sling-org-apache-sling-committer-cli/tree/bash-validate
I’ve managed to implement the missing pieces during last week’s hackathon
and on Friday afternoon [3]. The fact that we ship a Docker image with that
code is just convenience I guess. The functionality is implemented actually
as an OSGi app using the Sling feature model, so we could pack it however
we want.
Cheers,
Radu
[3] - https://issues.apache.org/jira/browse/SLING-8684 <
https://issues.apache.org/jira/browse/SLING-8684>
--
--
Carsten Ziegeler
Adobe Research Switzerland
cziege...@apache.org
