Copilot commented on code in PR #282: URL: https://github.com/apache/fluss-rust/pull/282#discussion_r2778881205
########## bindings/python/README.md: ########## @@ -53,6 +53,8 @@ Used for writing data to tables, supports PyArrow and Pandas Used for scanning table log data + +# todo: we may move the following part to DEVELOPMENT.md Review Comment: `# todo: ...` introduces a second H1 and displays an internal note in the rendered README. Consider converting this to normal text or an HTML comment, and keep heading levels consistent (e.g., use `##`/`###` under the existing H1). ```suggestion <!-- TODO: we may move the following part to DEVELOPMENT.md --> ``` ########## docs/verifying-a-release-candidate.md: ########## @@ -0,0 +1,138 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +# How to Verify a Release Candidate + +This document describes how to verify a release candidate (RC) of the **Fluss clients** (fluss-rust, fluss-python, fluss-cpp) from the [fluss-rust](https://github.com/apache/fluss-rust) repository. It is intended for anyone participating in the release vote (binding or non-binding) and is based on [Verifying a Fluss Release](https://fluss.apache.org/community/how-to-release/verifying-a-fluss-release/) of the Apache Fluss project, adapted for the fluss-rust source distribution and tooling (Rust, Python, C++). + +## Validating distributions + +The release vote email includes links to: + +- **Distribution archive:** source tarball (`fluss-rust-${RELEASE_VERSION}-incubating.tar.gz`) on [dist.apache.org dev](https://dist.apache.org/repos/dist/dev/incubator/fluss/) +- **Signature file:** `fluss-rust-${RELEASE_VERSION}-incubating.tar.gz.asc` +- **Checksum file:** `fluss-rust-${RELEASE_VERSION}-incubating.tar.gz.sha512` +- **KEYS file:** [https://downloads.apache.org/incubator/fluss/KEYS](https://downloads.apache.org/incubator/fluss/KEYS) + +Download the archive, `.asc`, and `.sha512` from the RC directory (e.g. `fluss-rust-0.1.0-rc1/`) and the KEYS file. Then follow the steps below to verify signatures and checksums. + +## Verifying signatures + +First, import the keys into your local keyring: + +```bash +curl https://downloads.apache.org/incubator/fluss/KEYS -o KEYS +gpg --import KEYS +``` + +Next, verify all `.asc` files: + +```bash +for i in *.tgz; do echo $i; gpg --verify $i.asc $i; done +``` + +If verification succeeds, you will see a message like: + +```text +gpg: Signature made ... +gpg: using RSA key ... +gpg: Good signature from "Release Manager Name (CODE SIGNING KEY) <[email protected]>" +``` + +## Verifying checksums + +Next, verify all the checksums: + +```bash +shasum *.sha512 > checklist.chk; shasum -c checklist.chk +``` + +On Linux, use `sha512sum` instead of `shasum`: + +```bash +sha512sum *.sha512 > checklist.chk; sha512sum -c checklist.chk +``` + +If the verification is successful, you will see a message like this: + +```text +fluss-rust-0.1.0-incubating.tar.gz.sha512: OK +``` + +## Verifying build + +Extract the source release archive and verify that it builds (and optionally that tests pass). You need **Rust** (see [rust-toolchain.toml](https://github.com/apache/fluss-rust/blob/main/rust-toolchain.toml) for the expected version) and, for full builds, **protobuf** and **Python 3.11+** for bindings. Review Comment: This states **Python 3.11+** is required “for bindings”, but the Python package declares `requires-python = ">=3.9"` (see `bindings/python/pyproject.toml`). Consider changing this to the actual minimum supported Python version (and optionally mention that Python 3.11+ is only needed for the release tooling script in `docs/creating-a-release.md`). ```suggestion Extract the source release archive and verify that it builds (and optionally that tests pass). You need **Rust** (see [rust-toolchain.toml](https://github.com/apache/fluss-rust/blob/main/rust-toolchain.toml) for the expected version) and, for full builds, **protobuf** and **Python 3.9+** for bindings (Python 3.11+ is only required for the release tooling described in `docs/creating-a-release.md`). ``` ########## docs/verifying-a-release-candidate.md: ########## @@ -0,0 +1,138 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +# How to Verify a Release Candidate + +This document describes how to verify a release candidate (RC) of the **Fluss clients** (fluss-rust, fluss-python, fluss-cpp) from the [fluss-rust](https://github.com/apache/fluss-rust) repository. It is intended for anyone participating in the release vote (binding or non-binding) and is based on [Verifying a Fluss Release](https://fluss.apache.org/community/how-to-release/verifying-a-fluss-release/) of the Apache Fluss project, adapted for the fluss-rust source distribution and tooling (Rust, Python, C++). + +## Validating distributions + +The release vote email includes links to: + +- **Distribution archive:** source tarball (`fluss-rust-${RELEASE_VERSION}-incubating.tar.gz`) on [dist.apache.org dev](https://dist.apache.org/repos/dist/dev/incubator/fluss/) +- **Signature file:** `fluss-rust-${RELEASE_VERSION}-incubating.tar.gz.asc` +- **Checksum file:** `fluss-rust-${RELEASE_VERSION}-incubating.tar.gz.sha512` +- **KEYS file:** [https://downloads.apache.org/incubator/fluss/KEYS](https://downloads.apache.org/incubator/fluss/KEYS) + +Download the archive, `.asc`, and `.sha512` from the RC directory (e.g. `fluss-rust-0.1.0-rc1/`) and the KEYS file. Then follow the steps below to verify signatures and checksums. + +## Verifying signatures + +First, import the keys into your local keyring: + +```bash +curl https://downloads.apache.org/incubator/fluss/KEYS -o KEYS +gpg --import KEYS +``` + +Next, verify all `.asc` files: + +```bash +for i in *.tgz; do echo $i; gpg --verify $i.asc $i; done +``` + +If verification succeeds, you will see a message like: + +```text +gpg: Signature made ... +gpg: using RSA key ... +gpg: Good signature from "Release Manager Name (CODE SIGNING KEY) <[email protected]>" +``` + +## Verifying checksums + +Next, verify all the checksums: + +```bash +shasum *.sha512 > checklist.chk; shasum -c checklist.chk +``` + +On Linux, use `sha512sum` instead of `shasum`: + +```bash +sha512sum *.sha512 > checklist.chk; sha512sum -c checklist.chk +``` + +If the verification is successful, you will see a message like this: + +```text +fluss-rust-0.1.0-incubating.tar.gz.sha512: OK +``` + +## Verifying build + +Extract the source release archive and verify that it builds (and optionally that tests pass). You need **Rust** (see [rust-toolchain.toml](https://github.com/apache/fluss-rust/blob/main/rust-toolchain.toml) for the expected version) and, for full builds, **protobuf** and **Python 3.11+** for bindings. + +```bash +tar -xzf fluss-rust-${RELEASE_VERSION}-incubating.tar.gz +cd fluss-rust-${RELEASE_VERSION}-incubating +``` + +Build the workspace: + +```bash +cargo build --workspace --release +``` + +For Python bindings, see the project [README](https://github.com/apache/fluss-rust#readme) and [Development Guide](https://github.com/apache/fluss-rust/blob/main/DEVELOPMENT.md). For C++ bindings, see `bindings/cpp/`. + +## Verifying LICENSE and NOTICE + +Unzip the source release archive and verify that: Review Comment: The archive is a `.tar.gz`; saying “Unzip the source release archive” is misleading. Consider changing this to “Extract/untar” to match the commands shown above. ```suggestion Extract (untar) the source release archive and verify that: ``` ########## crates/fluss/README.md: ########## @@ -0,0 +1,43 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +# Apache Fluss™ Rust Client (Incubating) + +Rust client library for [Apache Fluss™](https://fluss.apache.org/). This crate provides the core client used by the fluss-rust workspace and by the Python and C++ bindings. + +# Todo: move how to use to the first, and how to build to the last, https://github.com/apache/opendal/blob/main/core/README.md +# is a good reference Review Comment: The two lines starting with `# Todo:` / `# is a good reference` render as additional top-level headings in the README (and show an internal note to users). Consider converting this into normal prose (or an HTML comment) and keeping only one H1 in the file. ```suggestion <!-- Todo: move "how to use" earlier and "how to build" later in this README. See https://github.com/apache/opendal/blob/main/core/README.md as a good reference. --> ``` ########## bindings/cpp/README.md: ########## @@ -0,0 +1,57 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +# Apache Fluss™ C++ Bindings (Incubating) + +C++ bindings for Fluss, built on top of the [fluss-rust](../../crates/fluss) client. The API is exposed via a C++ header ([include/fluss.hpp](include/fluss.hpp)) and implemented with Rust FFI. + +## Requirements + +- Rust (see [rust-toolchain.toml](../../rust-toolchain.toml) at repo root) +- C++17-capable compiler +- CMake 3.18+ and/or Bazel +- Apache Arrow (for Arrow-based APIs) + +## Build + +From the repository root or from `bindings/cpp`: + +**With CMake:** + +```bash +cd bindings/cpp +mkdir build && cd build +cmake .. +cmake --build . +``` + +**With Bazel:** + +```bash +cd bindings/cpp +bazel build //... +``` +See [ci.sh](ci.sh) for the CI build sequence. + + +## TODO + +- [] How to introduce fluss-cpp in your own project, https://github.com/apache/opendal/blob/main/bindings/cpp/README.md is a good reference Review Comment: The first TODO item uses `- []`, which isn’t valid Markdown task-list syntax and won’t render as a checkbox. Use `- [ ]` (and consider formatting the reference URL as a proper Markdown link for readability). ```suggestion - [ ] How to introduce fluss-cpp in your own project, [this README is a good reference](https://github.com/apache/opendal/blob/main/bindings/cpp/README.md) ``` ########## docs/verifying-a-release-candidate.md: ########## @@ -0,0 +1,138 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +# How to Verify a Release Candidate + +This document describes how to verify a release candidate (RC) of the **Fluss clients** (fluss-rust, fluss-python, fluss-cpp) from the [fluss-rust](https://github.com/apache/fluss-rust) repository. It is intended for anyone participating in the release vote (binding or non-binding) and is based on [Verifying a Fluss Release](https://fluss.apache.org/community/how-to-release/verifying-a-fluss-release/) of the Apache Fluss project, adapted for the fluss-rust source distribution and tooling (Rust, Python, C++). + +## Validating distributions + +The release vote email includes links to: + +- **Distribution archive:** source tarball (`fluss-rust-${RELEASE_VERSION}-incubating.tar.gz`) on [dist.apache.org dev](https://dist.apache.org/repos/dist/dev/incubator/fluss/) +- **Signature file:** `fluss-rust-${RELEASE_VERSION}-incubating.tar.gz.asc` +- **Checksum file:** `fluss-rust-${RELEASE_VERSION}-incubating.tar.gz.sha512` +- **KEYS file:** [https://downloads.apache.org/incubator/fluss/KEYS](https://downloads.apache.org/incubator/fluss/KEYS) + +Download the archive, `.asc`, and `.sha512` from the RC directory (e.g. `fluss-rust-0.1.0-rc1/`) and the KEYS file. Then follow the steps below to verify signatures and checksums. + +## Verifying signatures + +First, import the keys into your local keyring: + +```bash +curl https://downloads.apache.org/incubator/fluss/KEYS -o KEYS +gpg --import KEYS +``` + +Next, verify all `.asc` files: + +```bash +for i in *.tgz; do echo $i; gpg --verify $i.asc $i; done +``` + +If verification succeeds, you will see a message like: + +```text +gpg: Signature made ... +gpg: using RSA key ... +gpg: Good signature from "Release Manager Name (CODE SIGNING KEY) <[email protected]>" +``` + +## Verifying checksums + +Next, verify all the checksums: + +```bash +shasum *.sha512 > checklist.chk; shasum -c checklist.chk +``` + +On Linux, use `sha512sum` instead of `shasum`: + +```bash +sha512sum *.sha512 > checklist.chk; sha512sum -c checklist.chk +``` + +If the verification is successful, you will see a message like this: + +```text +fluss-rust-0.1.0-incubating.tar.gz.sha512: OK +``` Review Comment: The checksum verification commands are incorrect: `shasum *.sha512 > checklist.chk; shasum -c checklist.chk` (and the `sha512sum` variant) verifies checksums of the `.sha512` files themselves, not the tarball. Use the standard `-c` flow against the provided `.sha512` file(s) (and adjust the expected output example accordingly, which should report the `.tar.gz` file as OK). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
