[jira] [Resolved] (LOG4J2-3466) Automate artifact publishing and release preparation

Fri, 01 Dec 2023 14:20:38 -0800 


     [ 
https://issues.apache.org/jira/browse/LOG4J2-3466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matt Sicker resolved LOG4J2-3466.
---------------------------------
    Resolution: Fixed

This has been completed as of 2.20.something (I forget which) after Volkan 
implemented this in smaller repos here first. 🎉

> Automate artifact publishing and release preparation
> ----------------------------------------------------
>
>                 Key: LOG4J2-3466
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3466
>             Project: Log4j 2
>          Issue Type: Improvement
>          Components: Build
>    Affects Versions: 3.0.0, 2.18.0
>            Reporter: Matt Sicker
>            Assignee: Volkan Yazici
>            Priority: Major
>
> Ever since migrating from Jenkins to GitHub Actions, we no longer have 
> snapshots being published. Besides remedying just that missing piece, we 
> should step things up here and automate as much of the snapshot and release 
> process as possible. This will allow interested users following development 
> to try out snapshots again, and it will enable release managers in the PMC to 
> almost trivially cut release candidates for a release vote.
> To do this, this will involve updating our workflows to support building, 
> testing, packaging, signing, and publishing the resulting artifacts to the 
> ASF Maven repository. On Jenkins, it was simple to publish snapshots as there 
> was an included Maven settings file for doing so. In order to do the same 
> from an Action, a Nexus API key would likely need to be generated and 
> imported as a secret into Actions.
> For signing purposes, there's the [sigstore 
> project|https://www.sigstore.dev/] that has an interesting approach to 
> signing artifacts built in these types of automation environments. This 
> should hopefully alleviate the need for importing GPG keys into Actions. See 
> [https://github.com/sigstore/sigstore-maven-plugin] for a Maven plugin.
> [Airflow|https://cwiki.apache.org/confluence/display/INFRA/Github+Actions+to+DockerHub]
>  has some docs related to how they've managed to automate things similarly 
> and how to work with the existing ASF release policy (it may be that a 
> release manager will still have to manually add GPG sigs to staged artifacts 
> or something like that).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to