Re: Signing releases using automated release infra
Thanks for bringing this to our attention, Stamatis. This is definitely a huge step forward and something I'd love to see implemented for all Calcite projects. The only downside at the moment is that the artifacts are not automatically uploaded to dist.a.o svn server. The way log4j implemented their workflow is for the RM to download those artifacts from GitHub and upload them manually. This can probably be implemented using a script that the RM would run locally on their system, but isn't ideal. I will reply to that thread to see if there's some possibility of automating the uploading of artifacts to svn via CI as well. For me, the ideal release process would be to completely eliminate all mechanical steps in the release process. The ideal release process would be for the RM to only deal with the people and project management side of things, e.g. 1. RM opens a PR containing changes to the changelog and dates in the NOTICE and LICENSE files, etc. 2. RM shepherds PRs and other changes to the release and gets them committed in main. 3. Contributors can comment on the PR for the release with suggestions, etc for the changelog. 4. Once the rc is ready, the PR is merged and an rc release is tagged. 5. CI picks up the tag and automatically builds and uploads all release artifacts. The vote email is automatically generated in CI, which the RM sends to the list. 6. RM tallys votes and if the vote fails, builds the next RC, starting from step 1. 7. If the vote passes, RM tags a final release. 8. CI picks up the tag and automatically build and signs artifacts. 9. RM announces to the list and updates the website announcing the release. Francis On 19/07/2023 6:43 pm, Stamatis Zampetakis wrote: Hello, Allowing CI to automate part of the release process is now approved by LEGAL and some projects are already taking advantage of it. For more information check out the respective thread [1]. The Calcite release preparation is quite automated already so we may not really need this at this point but sharing the news since it is a topic that has been discussed a lot in ASF the past few years. Best, Stamatis [1] https://lists.apache.org/thread/y5b375054p1yjb2yprnnt16bt4qyccc2
Re: Signing releases using automated release infra
If I remember well it is intentional that some part of the process (svn upload, nexus close, etc.) is not fully automated and explicitly requires human intervention for legal purposes. Best, Stamatis On Wed, Jul 19, 2023 at 12:13 PM Francis Chuang wrote: > > Thanks for bringing this to our attention, Stamatis. > > This is definitely a huge step forward and something I'd love to see > implemented for all Calcite projects. > > The only downside at the moment is that the artifacts are not > automatically uploaded to dist.a.o svn server. The way log4j implemented > their workflow is for the RM to download those artifacts from GitHub and > upload them manually. This can probably be implemented using a script > that the RM would run locally on their system, but isn't ideal. > > I will reply to that thread to see if there's some possibility of > automating the uploading of artifacts to svn via CI as well. > > For me, the ideal release process would be to completely eliminate all > mechanical steps in the release process. The ideal release process would > be for the RM to only deal with the people and project management side > of things, e.g. > > 1. RM opens a PR containing changes to the changelog and dates in the > NOTICE and LICENSE files, etc. > 2. RM shepherds PRs and other changes to the release and gets them > committed in main. > 3. Contributors can comment on the PR for the release with suggestions, > etc for the changelog. > 4. Once the rc is ready, the PR is merged and an rc release is tagged. > 5. CI picks up the tag and automatically builds and uploads all release > artifacts. The vote email is automatically generated in CI, which the RM > sends to the list. > 6. RM tallys votes and if the vote fails, builds the next RC, starting > from step 1. > 7. If the vote passes, RM tags a final release. > 8. CI picks up the tag and automatically build and signs artifacts. > 9. RM announces to the list and updates the website announcing the release. > > Francis > > On 19/07/2023 6:43 pm, Stamatis Zampetakis wrote: > > Hello, > > > > Allowing CI to automate part of the release process is now approved by > > LEGAL and some projects are already taking advantage of it. For more > > information check out the respective thread [1]. > > > > The Calcite release preparation is quite automated already so we may > > not really need this at this point but sharing the news since it is a > > topic that has been discussed a lot in ASF the past few years. > > > > Best, > > Stamatis > > > > [1] https://lists.apache.org/thread/y5b375054p1yjb2yprnnt16bt4qyccc2
Re: Signing releases using automated release infra
According to [1], infra is exploring uploading artifacts from CI, so there's a possibility we can do this in the future. Regarding closing the nexus repository, we already automate this when running `./gradlew prepareVote`, so given that infra can give CI access to the nexus repository, we can already automate this. I'll definitely be keeping an eye on the thread on dev@community and once the pieces are all available, we can discuss on vote here to see how we want to proceed :) [1] https://lists.apache.org/thread/h4pkrnlygygb1mdyncnvw74xzrzls9ww On 19/07/2023 8:11 pm, Stamatis Zampetakis wrote: If I remember well it is intentional that some part of the process (svn upload, nexus close, etc.) is not fully automated and explicitly requires human intervention for legal purposes. Best, Stamatis On Wed, Jul 19, 2023 at 12:13 PM Francis Chuang wrote: Thanks for bringing this to our attention, Stamatis. This is definitely a huge step forward and something I'd love to see implemented for all Calcite projects. The only downside at the moment is that the artifacts are not automatically uploaded to dist.a.o svn server. The way log4j implemented their workflow is for the RM to download those artifacts from GitHub and upload them manually. This can probably be implemented using a script that the RM would run locally on their system, but isn't ideal. I will reply to that thread to see if there's some possibility of automating the uploading of artifacts to svn via CI as well. For me, the ideal release process would be to completely eliminate all mechanical steps in the release process. The ideal release process would be for the RM to only deal with the people and project management side of things, e.g. 1. RM opens a PR containing changes to the changelog and dates in the NOTICE and LICENSE files, etc. 2. RM shepherds PRs and other changes to the release and gets them committed in main. 3. Contributors can comment on the PR for the release with suggestions, etc for the changelog. 4. Once the rc is ready, the PR is merged and an rc release is tagged. 5. CI picks up the tag and automatically builds and uploads all release artifacts. The vote email is automatically generated in CI, which the RM sends to the list. 6. RM tallys votes and if the vote fails, builds the next RC, starting from step 1. 7. If the vote passes, RM tags a final release. 8. CI picks up the tag and automatically build and signs artifacts. 9. RM announces to the list and updates the website announcing the release. Francis On 19/07/2023 6:43 pm, Stamatis Zampetakis wrote: Hello, Allowing CI to automate part of the release process is now approved by LEGAL and some projects are already taking advantage of it. For more information check out the respective thread [1]. The Calcite release preparation is quite automated already so we may not really need this at this point but sharing the news since it is a topic that has been discussed a lot in ASF the past few years. Best, Stamatis [1] https://lists.apache.org/thread/y5b375054p1yjb2yprnnt16bt4qyccc2
