This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new c74b24ac9b1 Update pmc verification docs (#61271)
c74b24ac9b1 is described below
commit c74b24ac9b133cc83af62ba35393b28efc7343cb
Author: Bugra Ozturk <[email protected]>
AuthorDate: Sat Jan 31 11:18:06 2026 +0100
Update pmc verification docs (#61271)
* Update Helm Chart release instructions for PMC Checks
* Update KEY download instructions for PMC Checks
* Update dev/README_RELEASE_HELM_CHART.md
---
dev/README_RELEASE_AIRFLOW.md | 1 +
dev/README_RELEASE_AIRFLOWCTL.md | 1 +
dev/README_RELEASE_HELM_CHART.md | 92 +++++++++++++++++++++++++++----------
dev/README_RELEASE_PROVIDERS.md | 1 +
dev/README_RELEASE_PYTHON_CLIENT.md | 1 +
5 files changed, 71 insertions(+), 25 deletions(-)
diff --git a/dev/README_RELEASE_AIRFLOW.md b/dev/README_RELEASE_AIRFLOW.md
index 29f71811ae7..b15f1b89147 100644
--- a/dev/README_RELEASE_AIRFLOW.md
+++ b/dev/README_RELEASE_AIRFLOW.md
@@ -960,6 +960,7 @@ Make sure you have imported into your GPG the PGP key of
the person signing the
You can import the whole KEYS file:
```shell script
+wget https://dist.apache.org/repos/dist/release/airflow/KEYS
gpg --import KEYS
```
diff --git a/dev/README_RELEASE_AIRFLOWCTL.md b/dev/README_RELEASE_AIRFLOWCTL.md
index 9eb06947ab1..0434346caa6 100644
--- a/dev/README_RELEASE_AIRFLOWCTL.md
+++ b/dev/README_RELEASE_AIRFLOWCTL.md
@@ -611,6 +611,7 @@ Download the KEYS file from the above link and save it
locally.
You can import the whole KEYS file into gpg by running the following command:
```shell script
+wget https://dist.apache.org/repos/dist/release/airflow/KEYS
gpg --import KEYS
```
diff --git a/dev/README_RELEASE_HELM_CHART.md b/dev/README_RELEASE_HELM_CHART.md
index 385b48df8bb..860e69479bf 100644
--- a/dev/README_RELEASE_HELM_CHART.md
+++ b/dev/README_RELEASE_HELM_CHART.md
@@ -467,24 +467,6 @@ The following files should be present (7 files):
* `airflow-{VERSION}.tgz` + .asc + .sha512
* `airflow-{VERSION}.tgz.prov`
-As a PMC member, you should be able to clone the SVN repository:
-
-```shell
-svn co https://dist.apache.org/repos/dist/dev/airflow
-```
-
-Or update it if you already checked it out:
-
-```shell
-svn update .
-```
-
-While in the directory, save the path to the repository root:
-
-```shell
-SVN_REPO_ROOT=$(pwd -P)
-```
-
## Source tarball reproducibility check
The source tarball should be reproducible. This means that if you build it
twice, you should get
@@ -503,12 +485,13 @@ AIRFLOW_REPO_ROOT=$(pwd -P)
```shell
VERSION=12.0.1
VERSION_SUFFIX=rc1
+VERSION_RC=${VERSION}${VERSION_SUFFIX}
```
3. Check-out the branch from which the release was made and cleanup dist
folder:
```shell
-git checkout helm-chart/${VERSION}${VERSION_SUFFIX}
+git checkout helm-chart/${VERSION_RC}
rm -rf dist/*
```
@@ -516,16 +499,37 @@ rm -rf dist/*
check and skip tagging. There is no need to specify version as it is stored
in Chart.yaml of the rc tag.
```shell
-breeze release-management prepare-helm-chart-tarball --version-suffix rc1
--ignore-version-check --skip-tagging
-breeze release-management prepare-helm-chart-package --version-suffix rc1
+breeze release-management prepare-helm-chart-tarball --version-suffix
${VERSION_SUFFIX} --ignore-version-check --skip-tagging
+breeze release-management prepare-helm-chart-package --version-suffix
${VERSION_SUFFIX}
```
5. Compare the produced tarball binary with ones in SVN:
+As a PMC member, you should be able to clone the SVN repository:
+
+```shell script
+cd ..
+[ -d asf-dist ] || svn checkout --depth=immediates
https://dist.apache.org/repos/dist asf-dist
+svn update --set-depth=infinity asf-dist/dev/airflow
+```
+
+Or update it if you already checked it out:
+
+```shell script
+cd asf-dist/dev/airflow
+svn update .
+```
+
+Set an environment variable: SVN_REPO_ROOT to the root of folder where you
have helm-chart
+
+```shell script
+cd asf-dist/dev/airflow
+export SVN_REPO_ROOT=$(pwd -P)
+```
```shell
-diff ${AIRFLOW_REPO_ROOT}/dist/airflow-chart-${VERSION}-source.tar.gz
${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION}${VERSION_SUFFIX}/airflow-chart-${VERSION}-source.tar.gz
-diff ${AIRFLOW_REPO_ROOT}/dist/airflow-${VERSION}.tgz
${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION}${VERSION_SUFFIX}/airflow-${VERSION}.tgz
+diff ${AIRFLOW_REPO_ROOT}/dist/airflow-chart-${VERSION}-source.tar.gz
${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION_RC}/airflow-chart-${VERSION}-source.tar.gz
+diff ${AIRFLOW_REPO_ROOT}/dist/airflow-${VERSION}.tgz
${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION_RC}/airflow-${VERSION}.tgz
```
There should be no differences reported. If you see "binary files differ"
message, it means that
@@ -537,7 +541,7 @@ and we need to fix it (so checking the differences would be
helpful also to find
Before proceeding next you want to go to the SVN directory
```shell
-cd ${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION}${VERSION_SUFFIX}
+cd ${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION_RC}
```
## Licence check
@@ -555,11 +559,48 @@ tar -xzf /tmp/apache-rat-0.17-bin.tar.gz -C /tmp
* Enter the sources folder run the check
```shell
-java -jar ${PATH_TO_RAT}/apache-rat-0.13/apache-rat-0.13.jar chart -E
.rat-excludes
+rm -rf /tmp/apache/airflow-src && mkdir -p /tmp/apache-airflow-src && tar -xzf
${SVN_REPO_ROOT}/dev/airflow/helm-chart/${VERSION_RC}/airflow-chart-*-source.tar.gz
--strip-components 1 -C /tmp/apache-airflow-src
+```
+
+```shell
+java -jar /tmp/apache-rat-0.17/apache-rat-0.17.jar --input-exclude-file
/tmp/apache-airflow-src/.rat-excludes /tmp/apache-airflow-src/ | grep -E "!
|INFO: "
```
where `.rat-excludes` is the file in the root of Chart source code.
+You should see no files reported as Unknown or with wrong licence and summary
of the check similar to:
+
+```
+INFO: Apache Creadur RAT 0.17 (Apache Software Foundation)
+INFO: Excluding patterns: .git-blame-ignore-revs, .github/*, .git ...
+INFO: Excluding MISC collection.
+INFO: Excluding HIDDEN_DIR collection.
+SLF4J(W): No SLF4J providers were found.
+SLF4J(W): Defaulting to no-operation (NOP) logger implementation
+SLF4J(W): See https://www.slf4j.org/codes.html#noProviders for further details.
+INFO: RAT summary:
+INFO: Approved: 15615
+INFO: Archives: 2
+INFO: Binaries: 813
+INFO: Document types: 5
+INFO: Ignored: 2392
+INFO: License categories: 2
+INFO: License names: 2
+INFO: Notices: 216
+INFO: Standards: 15609
+INFO: Unapproved: 0
+INFO: Unknown: 0
+```
+
+There should be no files reported as Unknown or Unapproved. The files that are
unknown or unapproved should be shown with a line starting with `!`.
+
+For example:
+
+```
+! Unapproved: 1 A count of unapproved licenses.
+! /CODE_OF_CONDUCT.md
+```
+
## Signature check
Make sure you have imported into your GPG the PGP key of the person signing
the release. You can find the valid keys in
@@ -568,6 +609,7 @@ Make sure you have imported into your GPG the PGP key of
the person signing the
You can import the whole KEYS file:
```shell script
+wget https://dist.apache.org/repos/dist/release/airflow/KEYS
gpg --import KEYS
```
diff --git a/dev/README_RELEASE_PROVIDERS.md b/dev/README_RELEASE_PROVIDERS.md
index 12e34c3e77c..547cfba7b5a 100644
--- a/dev/README_RELEASE_PROVIDERS.md
+++ b/dev/README_RELEASE_PROVIDERS.md
@@ -899,6 +899,7 @@ Download the KEYS file from the above link and save it
locally.
You can import the whole KEYS file into gpg by running the following command:
```shell script
+wget https://dist.apache.org/repos/dist/release/airflow/KEYS
gpg --import KEYS
```
diff --git a/dev/README_RELEASE_PYTHON_CLIENT.md
b/dev/README_RELEASE_PYTHON_CLIENT.md
index 16369a6d840..ffe3aed835f 100644
--- a/dev/README_RELEASE_PYTHON_CLIENT.md
+++ b/dev/README_RELEASE_PYTHON_CLIENT.md
@@ -524,6 +524,7 @@ Make sure you have imported into your GPG the PGP key of
the person signing the
You can import the whole KEYS file:
```shell script
+wget https://dist.apache.org/repos/dist/release/airflow/KEYS
gpg --import KEYS
```
