Copilot commented on code in PR #49603:
URL: https://github.com/apache/arrow/pull/49603#discussion_r3270750068
##########
.github/workflows/cpp_extra.yml:
##########
@@ -684,6 +632,130 @@ jobs:
Write-Error "ODBC DLL not found"
exit 1
+ odbc-msvc-upload-dll:
+ needs: check-labels
+ name: ODBC Windows Upload Unsigned DLL
+ runs-on: windows-2022
+ if: >-
+ ${{
+ startsWith(github.ref_name, 'apache-arrow-') &&
+ contains(github.ref_name, '-rc') &&
+ !inputs.odbc_release_step
Review Comment:
`odbc-msvc-upload-dll` will also run on `push` events for RC tags (the
workflow triggers on tags), because `inputs.odbc_release_step` is unset on
non-`workflow_dispatch` events and `!inputs.odbc_release_step` will evaluate
truthy. If this job is intended to be a manual release step, add an explicit
`github.event_name == 'workflow_dispatch'` guard (or otherwise make the
intended trigger conditions explicit).
##########
.github/workflows/cpp_extra.yml:
##########
@@ -684,6 +632,130 @@ jobs:
Write-Error "ODBC DLL not found"
exit 1
+ odbc-msvc-upload-dll:
+ needs: check-labels
+ name: ODBC Windows Upload Unsigned DLL
+ runs-on: windows-2022
+ if: >-
+ ${{
+ startsWith(github.ref_name, 'apache-arrow-') &&
+ contains(github.ref_name, '-rc') &&
+ !inputs.odbc_release_step
+ }}
+ timeout-minutes: 240
+ permissions:
+ packages: write
+ env: *odbc_msvc_env
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Build ODBC Windows
Review Comment:
New checkout steps omit `persist-credentials: false`. Elsewhere in this
workflow it’s consistently set to avoid leaving the `GITHUB_TOKEN` in the git
config; consider adding it here as well.
##########
.github/workflows/cpp_extra.yml:
##########
@@ -684,6 +632,130 @@ jobs:
Write-Error "ODBC DLL not found"
exit 1
+ odbc-msvc-upload-dll:
+ needs: check-labels
+ name: ODBC Windows Upload Unsigned DLL
+ runs-on: windows-2022
+ if: >-
+ ${{
+ startsWith(github.ref_name, 'apache-arrow-') &&
+ contains(github.ref_name, '-rc') &&
+ !inputs.odbc_release_step
+ }}
Review Comment:
The release-step documentation example uses `--ref apache-arrow-test-...`,
but this job only runs when `github.ref_name` starts with `apache-arrow-`, and
later steps assume a GitHub Release exists with a tag matching
`GITHUB_REF_NAME`. Either adjust the job conditions/logic to support the
documented ref naming, or update the documentation to match the required
ref/tag.
##########
.github/actions/odbc-windows/action.yml:
##########
@@ -0,0 +1,95 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: ODBC Windows Reusable
+inputs:
+ github-token:
+ description: 'GITHUB_TOKEN for vcpkg caching'
+ required: true
+runs:
+ using: "composite"
+ steps:
+ - name: Disable Crash Dialogs
+ shell: pwsh
+ run: |
+ reg add `
+ "HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting" `
+ /v DontShowUI `
+ /t REG_DWORD `
+ /d 1 `
+ /f
+ - name: Download Timezone Database
+ shell: bash
+ run: ci/scripts/download_tz_database.sh
+ - name: Install ccache
+ shell: bash
+ run: |
+ ci/scripts/install_ccache.sh 4.12.1 /usr
+ - name: Setup ccache
+ shell: bash
+ run: |
+ ci/scripts/ccache_setup.sh
+ - name: ccache info
+ id: ccache-info
+ shell: bash
+ run: |
+ echo "cache-dir=$(ccache --get-config cache_dir)" >> $GITHUB_OUTPUT
+ - name: Cache ccache
+ uses: actions/cache@v5
+ with:
+ path: ${{ steps.ccache-info.outputs.cache-dir }}
+ key: cpp-odbc-ccache-windows-x64-${{ hashFiles('cpp/**') }}
+ restore-keys: cpp-odbc-ccache-windows-x64-
+ - name: Checkout vcpkg
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ path: vcpkg
+ repository: microsoft/vcpkg
Review Comment:
`actions/checkout` for vcpkg doesn’t set `persist-credentials: false`, while
other workflows (and the previous inline steps) do. Adding it helps avoid
persisting the token in git config during the rest of the composite action.
##########
.github/workflows/cpp_extra.yml:
##########
@@ -684,6 +632,130 @@ jobs:
Write-Error "ODBC DLL not found"
exit 1
+ odbc-msvc-upload-dll:
+ needs: check-labels
+ name: ODBC Windows Upload Unsigned DLL
+ runs-on: windows-2022
+ if: >-
+ ${{
+ startsWith(github.ref_name, 'apache-arrow-') &&
+ contains(github.ref_name, '-rc') &&
+ !inputs.odbc_release_step
+ }}
+ timeout-minutes: 240
+ permissions:
+ packages: write
+ env: *odbc_msvc_env
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Build ODBC Windows
+ uses: ./.github/actions/odbc-windows
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Rename Unsigned ODBC DLL
+ run: |
+ Rename-Item `
+ -Path build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc.dll `
+ -NewName arrow_flight_sql_odbc_unsigned.dll
+ - name: Upload ODBC DLL to the job
+ uses: actions/upload-artifact@v7
+ with:
+ name: flight-sql-odbc-dll
+ path: build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc_unsigned.dll
+ if-no-files-found: error
+
+ odbc-dll-release:
+ needs: odbc-msvc-upload-dll
+ name: Upload Unsigned ODBC DLL
+ runs-on: ubuntu-latest
+ permissions:
+ # Upload to GitHub Release
+ contents: write
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Download the artifacts
+ uses: actions/download-artifact@v8
+ with:
+ name: flight-sql-odbc-dll
+ - name: Wait for creating GitHub Release
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ dev/release/utils-watch-gh-workflow.sh \
+ ${GITHUB_REF_NAME} \
+ release_candidate.yml
+ - name: Upload the artifacts to GitHub Release
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ gh release upload ${GITHUB_REF_NAME} \
+ --clobber \
+ arrow_flight_sql_odbc_unsigned.dll
+
+ odbc-msvc-upload-msi:
+ needs: check-labels
+ name: ODBC Windows Build & Upload Unsigned MSI
+ runs-on: windows-2022
+ if: inputs.odbc_release_step
+ timeout-minutes: 240
+ permissions:
+ # Upload to GitHub Release
+ contents: write
+ packages: write
+ env: *odbc_msvc_env
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
Review Comment:
New checkout steps omit `persist-credentials: false`. Elsewhere in this
workflow it’s consistently set to avoid leaving the `GITHUB_TOKEN` in the git
config; consider adding it here as well.
##########
.github/workflows/cpp_extra.yml:
##########
@@ -684,6 +632,130 @@ jobs:
Write-Error "ODBC DLL not found"
exit 1
+ odbc-msvc-upload-dll:
+ needs: check-labels
+ name: ODBC Windows Upload Unsigned DLL
+ runs-on: windows-2022
+ if: >-
+ ${{
+ startsWith(github.ref_name, 'apache-arrow-') &&
+ contains(github.ref_name, '-rc') &&
+ !inputs.odbc_release_step
+ }}
+ timeout-minutes: 240
+ permissions:
+ packages: write
+ env: *odbc_msvc_env
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Build ODBC Windows
+ uses: ./.github/actions/odbc-windows
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Rename Unsigned ODBC DLL
+ run: |
+ Rename-Item `
+ -Path build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc.dll `
+ -NewName arrow_flight_sql_odbc_unsigned.dll
+ - name: Upload ODBC DLL to the job
+ uses: actions/upload-artifact@v7
+ with:
+ name: flight-sql-odbc-dll
+ path: build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc_unsigned.dll
+ if-no-files-found: error
+
+ odbc-dll-release:
+ needs: odbc-msvc-upload-dll
+ name: Upload Unsigned ODBC DLL
+ runs-on: ubuntu-latest
+ permissions:
+ # Upload to GitHub Release
+ contents: write
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
Review Comment:
New checkout steps omit `persist-credentials: false`. Elsewhere in this
workflow it’s consistently set to avoid leaving the `GITHUB_TOKEN` in the git
config; consider adding it here as well.
##########
.github/workflows/cpp_extra.yml:
##########
@@ -684,6 +632,130 @@ jobs:
Write-Error "ODBC DLL not found"
exit 1
+ odbc-msvc-upload-dll:
+ needs: check-labels
+ name: ODBC Windows Upload Unsigned DLL
+ runs-on: windows-2022
+ if: >-
+ ${{
+ startsWith(github.ref_name, 'apache-arrow-') &&
+ contains(github.ref_name, '-rc') &&
+ !inputs.odbc_release_step
+ }}
+ timeout-minutes: 240
+ permissions:
+ packages: write
+ env: *odbc_msvc_env
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Build ODBC Windows
+ uses: ./.github/actions/odbc-windows
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Rename Unsigned ODBC DLL
+ run: |
+ Rename-Item `
+ -Path build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc.dll `
+ -NewName arrow_flight_sql_odbc_unsigned.dll
+ - name: Upload ODBC DLL to the job
+ uses: actions/upload-artifact@v7
+ with:
+ name: flight-sql-odbc-dll
+ path: build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc_unsigned.dll
+ if-no-files-found: error
+
+ odbc-dll-release:
+ needs: odbc-msvc-upload-dll
+ name: Upload Unsigned ODBC DLL
+ runs-on: ubuntu-latest
+ permissions:
+ # Upload to GitHub Release
+ contents: write
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Download the artifacts
+ uses: actions/download-artifact@v8
+ with:
+ name: flight-sql-odbc-dll
+ - name: Wait for creating GitHub Release
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ dev/release/utils-watch-gh-workflow.sh \
+ ${GITHUB_REF_NAME} \
+ release_candidate.yml
+ - name: Upload the artifacts to GitHub Release
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ gh release upload ${GITHUB_REF_NAME} \
+ --clobber \
+ arrow_flight_sql_odbc_unsigned.dll
+
+ odbc-msvc-upload-msi:
+ needs: check-labels
+ name: ODBC Windows Build & Upload Unsigned MSI
+ runs-on: windows-2022
+ if: inputs.odbc_release_step
+ timeout-minutes: 240
+ permissions:
+ # Upload to GitHub Release
+ contents: write
+ packages: write
+ env: *odbc_msvc_env
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Download signed ODBC DLL
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ gh release download $env:GITHUB_REF_NAME `
+ --pattern arrow_flight_sql_odbc.dll `
+ --clobber
+ - name: Build ODBC Windows
+ uses: ./.github/actions/odbc-windows
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Replace signed DLL with unsigned DLL
+ run: |
+ Move-Item `
+ -Path ./arrow_flight_sql_odbc.dll `
+ -Destination build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc.dll `
+ -Force
Review Comment:
Step name is inverted/misleading: this moves the signed DLL into the build
output, replacing the unsigned DLL. Renaming the step to reflect that (e.g.,
"Replace unsigned DLL with signed DLL") would avoid confusion during the manual
release process.
##########
.github/workflows/cpp_extra.yml:
##########
@@ -73,6 +73,13 @@ on:
schedule:
- cron: |
0 0 * * *
+ workflow_dispatch:
+ inputs:
+ odbc_release_step:
+ description: 'ODBC MSI release step'
+ required: true
Review Comment:
`workflow_dispatch` input `odbc_release_step` is marked `required: true`
while also having `default: false`. For a boolean flag, `required: false` is
usually clearer and still provides a default; consider dropping `required:
true` to avoid implying the user must set it explicitly.
##########
.github/workflows/cpp_extra.yml:
##########
@@ -684,6 +632,130 @@ jobs:
Write-Error "ODBC DLL not found"
exit 1
+ odbc-msvc-upload-dll:
+ needs: check-labels
+ name: ODBC Windows Upload Unsigned DLL
+ runs-on: windows-2022
+ if: >-
+ ${{
+ startsWith(github.ref_name, 'apache-arrow-') &&
+ contains(github.ref_name, '-rc') &&
+ !inputs.odbc_release_step
+ }}
+ timeout-minutes: 240
+ permissions:
+ packages: write
+ env: *odbc_msvc_env
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Build ODBC Windows
+ uses: ./.github/actions/odbc-windows
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Rename Unsigned ODBC DLL
+ run: |
+ Rename-Item `
+ -Path build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc.dll `
+ -NewName arrow_flight_sql_odbc_unsigned.dll
+ - name: Upload ODBC DLL to the job
+ uses: actions/upload-artifact@v7
+ with:
+ name: flight-sql-odbc-dll
+ path: build/cpp/${{ env.ARROW_BUILD_TYPE
}}/arrow_flight_sql_odbc_unsigned.dll
+ if-no-files-found: error
+
+ odbc-dll-release:
+ needs: odbc-msvc-upload-dll
+ name: Upload Unsigned ODBC DLL
+ runs-on: ubuntu-latest
+ permissions:
+ # Upload to GitHub Release
+ contents: write
+ steps:
+ - name: Checkout Arrow
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Download the artifacts
+ uses: actions/download-artifact@v8
+ with:
+ name: flight-sql-odbc-dll
+ - name: Wait for creating GitHub Release
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ dev/release/utils-watch-gh-workflow.sh \
+ ${GITHUB_REF_NAME} \
+ release_candidate.yml
+ - name: Upload the artifacts to GitHub Release
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ gh release upload ${GITHUB_REF_NAME} \
+ --clobber \
+ arrow_flight_sql_odbc_unsigned.dll
+
+ odbc-msvc-upload-msi:
+ needs: check-labels
+ name: ODBC Windows Build & Upload Unsigned MSI
+ runs-on: windows-2022
+ if: inputs.odbc_release_step
Review Comment:
`odbc-msvc-upload-msi` currently runs on any `workflow_dispatch` ref as long
as `odbc_release_step` is true. This can easily be triggered on e.g. `main`,
where it will then fail trying to download a non-existent GitHub Release named
`main`. Consider adding the same RC ref guard as the DLL job (or otherwise
validating the ref/tag) to prevent accidental runs and make the intended usage
explicit.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
