stevedlawrence commented on code in PR #20:
URL:
https://github.com/apache/daffodil-infrastructure/pull/20#discussion_r2505008040
##########
actions/release-candidate/dist/post/index.js:
##########
@@ -125551,16 +125550,29 @@ async function run() {
}
}
- if (publish) {
+ if (do_publish) {
await exec("svn", ["add", artifact_dir]);
- await exec("svn", ["commit", "--username",
svn_username, "--password", svn_password, "--message", `Stage ${ project_name }
${ release_version }`, artifact_dir]);
+ await exec("svn", ["commit", "--config-dir",
svn_config_dir, "--message", `Stage ${ project_name } ${ release_version }`,
artifact_dir]);
+ fs.rmSync(svn_config_dir, { recursive: true, force:
true });
} else {
// if publishing was disabled then this action was
likely just triggered
// just for testing, so upload the maven-local and
artifact directories so
// they can be verified. Note that we do not just
recurse the
// release-download directory since it could contain
files that already
// exist in the SVN checkout and were not artifacts
created by this action
const release_dir = `${ os.tmpdir() }/release-download`;
+
+ // if publishing is disabled, store public key as
artifact so it can be downloaded
+ // by the post step for verification
+ await exec("gpg", ["--armor", "--export",
gpg_signing_key_id], {
+ silent: true,
+ listeners: {
+ stdout: (data) => {
+ fs.appendFileSync(`${
release_dir }/public-key.asc`, data.toString().trim());
Review Comment:
I feel like I ran into issues doing the append sync in the stdout event. I
don't recall why though, maybe some async stuff ? Did you confirm this works
and is a safe way to do this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
