Copilot commented on code in PR #1064: URL: https://github.com/apache/incubator-seata-website/pull/1064#discussion_r2726789203
########## i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md: ########## @@ -304,9 +304,78 @@ Create a release note through [New release · apache/incubator-seata (github.com Mark it as "Set as a pre-release". After the overall vote passes, set it as "Set as the latest release". -### 3. Voting Stage -#### 3.1 Community Internal Voting + +### 3. Verify Release Candidates + +A full check list can be found [here](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist) + +First, download the Release Candidate to your local environment from the following address: + +``` +https://dist.apache.org/repos/dist/dev/incubator/seata/${release_version}/ +``` + +Then, proceed to the validation phase, which includes but is not limited to the following items and formats: + +#### Check information such as signatures and hashes + +##### Verify the SHA-512 hash + +```sh +$ shasum -c apache-seata-${release_version}-incubating-bin.tar.gz.sha512 +$ shasum -c apache-seata-${release_version}-incubating-src.tar.gz.sha512 +``` +#### Check the GPG signature + +If this is your first time verifying, you will need to import the public key first. + +```sh + $ curl https://downloads.apache.org/incubator/seata/KEYS >> KEYS # Download the public key to your local machine + $ gpg --import KEYS # Import the public keys + $ gpg --edit-key xxx # Replace 'xxx' with your Apache ID + > trust # Type the 'trust' command to trust user xxx + ``` +Then, use the following command to verify the signature + + ```sh +gpg --verify apache-seata-${release_version}-incubating-src.tar.gz.asc apache-seata-${release_version}-incubating-src.tar.gz +gpg --verify apache-seata-${release_version}-incubating-bin.tar.gz.asc apache-seata-${release_version}-incubating-bin.tar.gz + ``` +#### Verify the contents of the source package + +Extract the archive`apache-seata-${release_version}-incubating-src.tar.gz`, and perform the following checks: + +- Directory with 'incubating' in name + `apache-seata-${release_version}-incubating-src` +- DISCLAIMER exists +- LICENSE and NOTICE exists and contents are good +- All files and no binary files exist Review Comment: This sentence is confusingly phrased; it can be misread as saying both that all files exist *and* that no files exist because they are binary. Rewording it to explicitly say that no binary files are included would make the intent clearer. ```suggestion - All files are source or text files; no compiled binary files are included ``` ########## i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md: ########## @@ -304,9 +304,78 @@ Create a release note through [New release · apache/incubator-seata (github.com Mark it as "Set as a pre-release". After the overall vote passes, set it as "Set as the latest release". -### 3. Voting Stage -#### 3.1 Community Internal Voting + +### 3. Verify Release Candidates + +A full check list can be found [here](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist) + +First, download the Release Candidate to your local environment from the following address: + +``` +https://dist.apache.org/repos/dist/dev/incubator/seata/${release_version}/ +``` + +Then, proceed to the validation phase, which includes but is not limited to the following items and formats: + +#### Check information such as signatures and hashes + +##### Verify the SHA-512 hash + +```sh +$ shasum -c apache-seata-${release_version}-incubating-bin.tar.gz.sha512 +$ shasum -c apache-seata-${release_version}-incubating-src.tar.gz.sha512 +``` +#### Check the GPG signature + +If this is your first time verifying, you will need to import the public key first. + +```sh + $ curl https://downloads.apache.org/incubator/seata/KEYS >> KEYS # Download the public key to your local machine + $ gpg --import KEYS # Import the public keys + $ gpg --edit-key xxx # Replace 'xxx' with your Apache ID + > trust # Type the 'trust' command to trust user xxx + ``` +Then, use the following command to verify the signature + + ```sh +gpg --verify apache-seata-${release_version}-incubating-src.tar.gz.asc apache-seata-${release_version}-incubating-src.tar.gz +gpg --verify apache-seata-${release_version}-incubating-bin.tar.gz.asc apache-seata-${release_version}-incubating-bin.tar.gz + ``` +#### Verify the contents of the source package + +Extract the archive`apache-seata-${release_version}-incubating-src.tar.gz`, and perform the following checks: + +- Directory with 'incubating' in name + `apache-seata-${release_version}-incubating-src` +- DISCLAIMER exists +- LICENSE and NOTICE exists and contents are good Review Comment: Grammatical agreement issue: since there are two items (LICENSE and NOTICE), the verb should be plural. ```suggestion - LICENSE and NOTICE exist and contents are good ``` ########## i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md: ########## @@ -304,9 +304,78 @@ Create a release note through [New release · apache/incubator-seata (github.com Mark it as "Set as a pre-release". After the overall vote passes, set it as "Set as the latest release". -### 3. Voting Stage -#### 3.1 Community Internal Voting + +### 3. Verify Release Candidates + +A full check list can be found [here](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist) + +First, download the Release Candidate to your local environment from the following address: + +``` +https://dist.apache.org/repos/dist/dev/incubator/seata/${release_version}/ +``` + +Then, proceed to the validation phase, which includes but is not limited to the following items and formats: + +#### Check information such as signatures and hashes + +##### Verify the SHA-512 hash + +```sh +$ shasum -c apache-seata-${release_version}-incubating-bin.tar.gz.sha512 +$ shasum -c apache-seata-${release_version}-incubating-src.tar.gz.sha512 +``` +#### Check the GPG signature + +If this is your first time verifying, you will need to import the public key first. + +```sh + $ curl https://downloads.apache.org/incubator/seata/KEYS >> KEYS # Download the public key to your local machine + $ gpg --import KEYS # Import the public keys + $ gpg --edit-key xxx # Replace 'xxx' with your Apache ID + > trust # Type the 'trust' command to trust user xxx + ``` +Then, use the following command to verify the signature + + ```sh +gpg --verify apache-seata-${release_version}-incubating-src.tar.gz.asc apache-seata-${release_version}-incubating-src.tar.gz +gpg --verify apache-seata-${release_version}-incubating-bin.tar.gz.asc apache-seata-${release_version}-incubating-bin.tar.gz + ``` +#### Verify the contents of the source package + +Extract the archive`apache-seata-${release_version}-incubating-src.tar.gz`, and perform the following checks: + +- Directory with 'incubating' in name + `apache-seata-${release_version}-incubating-src` +- DISCLAIMER exists +- LICENSE and NOTICE exists and contents are good +- All files and no binary files exist +- All files has standard ASF License header Review Comment: Subject–verb agreement: with plural "files", the verb should be "have" instead of "has". ```suggestion - All files have standard ASF License header ``` ########## i18n/zh-cn/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md: ########## @@ -304,9 +304,77 @@ git push upstream(seata仓库repo) vx.x.x 并设置为Set as a pre-release 整体投票通过后再设置为Set as the latest release -### 3.投票阶段 +### 3.验证Release Candidates -#### 3.1 社区内部投票 +详细的检查列表请参考官方的[check list](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist) + +首先,从以下地址下载要发布的Release Candidate到本地环境: + +``` +https://dist.apache.org/repos/dist/dev/incubator/seata/${release_version}/ +``` + +然后,开始验证环节,验证包含但不限于以下内容和形式 + +#### 检查签名和hash等信息 + +##### 检查sha512哈希 + +```sh +$ shasum -c apache-seata-${release_version}-incubating-bin.tar.gz.sha512 +$ shasum -c apache-seata-${release_version}-incubating-src.tar.gz.sha512 +``` + +#### 检查gpg签名 + +如果是第一次检查,需要首先导入公钥。 + +```sh + $ curl https://downloads.apache.org/incubator/seata/KEYS >> KEYS # 下载公钥到本地 + $ gpg --import KEYS # 导入公钥 + $ gpg --edit-key xxx # xxx为你的apache id,如xingfudeshi + > trust # 输入 trust 命令,信任xxx用户 + ``` +然后使用如下命令检查签名 + + ```sh +gpg --verify apache-seata-${release_version}-incubating-src.tar.gz.asc apache-seata-${release_version}-incubating-src.tar.gz +gpg --verify apache-seata-${release_version}-incubating-bin.tar.gz.asc apache-seata-${release_version}-incubating-bin.tar.gz + ``` +#### 检查源码包的文件内容 + +解压缩`apache-seata-${release_version}-incubating-src.tar.gz`,进行如下检查: + +- 目录名称中包含 'incubating' + `apache-seata-${release_version}-incubating-src` +- 存在DISCLAIMER文件 +- 存在LICENSE和NOTICE文件,且内容正确 +- 所有文件存在,且不包含二进制文件 +- 所有文件均带有符合ASF标准的许可证声明头 +- 能够从源代码编译 +- 所有单元测试均可通过 + ```sh + ./mvnw clean package -DskipTests=true Review Comment: This checklist item says that all unit tests should pass, but the example command runs Maven with `-DskipTests=true`, which skips executing the tests. To avoid confusion, please either remove the `-DskipTests=true` flag or rephrase the checklist item so it no longer implies that tests are actually executed and must pass. ```suggestion ./mvnw clean package ``` ########## i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md: ########## @@ -304,9 +304,78 @@ Create a release note through [New release · apache/incubator-seata (github.com Mark it as "Set as a pre-release". After the overall vote passes, set it as "Set as the latest release". -### 3. Voting Stage -#### 3.1 Community Internal Voting + +### 3. Verify Release Candidates + +A full check list can be found [here](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist) + +First, download the Release Candidate to your local environment from the following address: + +``` +https://dist.apache.org/repos/dist/dev/incubator/seata/${release_version}/ +``` + +Then, proceed to the validation phase, which includes but is not limited to the following items and formats: + +#### Check information such as signatures and hashes + +##### Verify the SHA-512 hash + +```sh +$ shasum -c apache-seata-${release_version}-incubating-bin.tar.gz.sha512 +$ shasum -c apache-seata-${release_version}-incubating-src.tar.gz.sha512 +``` +#### Check the GPG signature + +If this is your first time verifying, you will need to import the public key first. + +```sh + $ curl https://downloads.apache.org/incubator/seata/KEYS >> KEYS # Download the public key to your local machine + $ gpg --import KEYS # Import the public keys + $ gpg --edit-key xxx # Replace 'xxx' with your Apache ID + > trust # Type the 'trust' command to trust user xxx + ``` +Then, use the following command to verify the signature + + ```sh +gpg --verify apache-seata-${release_version}-incubating-src.tar.gz.asc apache-seata-${release_version}-incubating-src.tar.gz +gpg --verify apache-seata-${release_version}-incubating-bin.tar.gz.asc apache-seata-${release_version}-incubating-bin.tar.gz + ``` +#### Verify the contents of the source package + +Extract the archive`apache-seata-${release_version}-incubating-src.tar.gz`, and perform the following checks: + +- Directory with 'incubating' in name + `apache-seata-${release_version}-incubating-src` +- DISCLAIMER exists +- LICENSE and NOTICE exists and contents are good +- All files and no binary files exist +- All files has standard ASF License header +- Can compile from source +- All unit tests can pass + ```sh + ./mvnw clean package -DskipTests=true Review Comment: This checklist item states that all unit tests should pass, but the example command uses `-DskipTests=true`, which prevents tests from running. To make the instructions consistent, please either drop the `-DskipTests=true` flag or change the wording so it no longer claims that unit tests are executed and must pass. ```suggestion ./mvnw clean package ``` ########## i18n/en/docusaurus-plugin-content-docs/current/developers/release-guide/release-guide_dev.md: ########## @@ -304,9 +304,78 @@ Create a release note through [New release · apache/incubator-seata (github.com Mark it as "Set as a pre-release". After the overall vote passes, set it as "Set as the latest release". -### 3. Voting Stage -#### 3.1 Community Internal Voting + +### 3. Verify Release Candidates + +A full check list can be found [here](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist) Review Comment: "check list" should be written as a single word here for standard usage in the docs. ```suggestion A full checklist can be found [here](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist) ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
