github-actions[bot] commented on code in PR #64062: URL: https://github.com/apache/doris/pull/64062#discussion_r3353406227
########## tools/release-tools/release.env: ########## @@ -0,0 +1,71 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Shared config for the Apache Doris release helper scripts. +# Edit values here; 01/02/03 all `source` this file. +# +# This release: 4.0.6-rc02 (tag already created & pushed to apache/doris) + +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" + +# --- Repo & version --- +REPO_DIR="${ROOT}/../../" +VERSION="4.0.6" +RC="rc02" +TAG="${VERSION}-${RC}" # 4.0.6-rc02 +GIT_REMOTE="upstream-apache" # remote pointing at github.com/apache/doris + +# --- Artifact naming --- +# Matches the live convention in release/doris/4.0/4.0.5/ : +# the rc IS kept in the file name; only the release *folder* drops it. +PKG_BASE="apache-doris-${TAG}-src" # -> apache-doris-4.0.6-rc02-src.tar.gz +ARCHIVE_PREFIX="${PKG_BASE}/" # top-level dir inside the tarball + +# --- Work area (OUTSIDE the git repo: artifacts + svn checkouts live here) --- +WORK_DIR="${ROOT}/${TAG}" + +# --- Prebuilt binary artifacts (signed locally; uploaded MANUALLY by you) --- +# Step 02 writes a .asc signature and a .sha512 checksum NEXT TO each file below. +# These are NOT uploaded by the scripts and are NOT part of the source-only vote SVN; +# you upload the binaries together with their .asc/.sha512 yourself, wherever they go. +# Set absolute paths to your three prebuilt binary tarballs (adjust the directory): Review Comment: This default makes binary signing mandatory even though the PR/README describe a source-release workflow where `BIN_FILES` is optional and can be left empty. With this file as committed, `02-package-sign-upload.sh` computes `bin_count=3` and dies on the first missing `${WORK_DIR}/apache-doris-${VERSION}-bin-*.tar.gz` before reaching the dev SVN upload. Please make the default `BIN_FILES=()` and leave these paths as commented examples, or otherwise gate binary signing so the source-only path works out of the box. ########## tools/release-tools/03-vote-mail.sh: ########## @@ -0,0 +1,110 @@ +#!/usr/bin/env bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Step 03 - generate the [VOTE] email draft for [email protected]. +# Draft only: it writes a .txt and .eml; you send it from your @apache.org mail. +set -euo pipefail +HERE="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +# shellcheck source=release.env +source "${HERE}/release.env" + +ok() { echo "[ OK ] $*"; } +die() { echo "[FAIL] $*" >&2; exit 1; } + +# release notes link (prompt if not preset) +rn="${RELEASE_NOTES_URL}" +if [[ -z "$rn" ]]; then read -r -p "Release Notes URL (the issue link): " rn; fi +[[ -n "$rn" ]] || die "release notes url required" + +# signer fingerprint +if [[ -n "${SIGNING_KEY}" ]]; then + SIGNER="${SIGNING_KEY}" +else + SIGNER="$(gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="sec"{w=1} $1=="fpr"&&w{print $10; exit}')" +fi +[[ -n "$SIGNER" ]] || die "no signing key found; run ./01-check-env.sh first" +FPR="$(gpg --list-keys --with-colons "$SIGNER" | awk -F: '/^fpr:/{print $10; exit}')" + +mkdir -p "$WORK_DIR" +subject="[VOTE] Release Apache Doris ${TAG}" +body_file="$WORK_DIR/vote-email.txt" +eml_file="$WORK_DIR/vote-email.eml" + +read -r -d '' BODY <<EOF || true +Hi all, + +Please review and vote on Apache Doris ${TAG} release. + +The release candidate has been tagged in GitHub as ${TAG}, available here: +https://github.com/apache/doris/releases/tag/${TAG} + +Release Notes are here: +${rn} + +Thanks to everyone who has contributed to this release. + +The artifacts (source, signature and checksum) corresponding to this release +candidate can be found here: +${DEV_SVN_DIR}/ + Review Comment: The vote draft always advertises these three hard-coded convenience binary URLs, independent of `BIN_FILES` and independent of whether the RM actually signed/uploaded binaries. That contradicts the optional binary flow and can produce a public VOTE email with broken or stale links. The email should derive this section from configured/uploaded binary artifacts, or omit/prompt for it when binaries are not part of the RC. ########## tools/release-tools/03-vote-mail.sh: ########## @@ -0,0 +1,110 @@ +#!/usr/bin/env bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Step 03 - generate the [VOTE] email draft for [email protected]. +# Draft only: it writes a .txt and .eml; you send it from your @apache.org mail. +set -euo pipefail +HERE="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +# shellcheck source=release.env +source "${HERE}/release.env" + +ok() { echo "[ OK ] $*"; } +die() { echo "[FAIL] $*" >&2; exit 1; } + +# release notes link (prompt if not preset) +rn="${RELEASE_NOTES_URL}" +if [[ -z "$rn" ]]; then read -r -p "Release Notes URL (the issue link): " rn; fi +[[ -n "$rn" ]] || die "release notes url required" + +# signer fingerprint +if [[ -n "${SIGNING_KEY}" ]]; then + SIGNER="${SIGNING_KEY}" +else + SIGNER="$(gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="sec"{w=1} $1=="fpr"&&w{print $10; exit}')" +fi +[[ -n "$SIGNER" ]] || die "no signing key found; run ./01-check-env.sh first" +FPR="$(gpg --list-keys --with-colons "$SIGNER" | awk -F: '/^fpr:/{print $10; exit}')" + +mkdir -p "$WORK_DIR" +subject="[VOTE] Release Apache Doris ${TAG}" +body_file="$WORK_DIR/vote-email.txt" +eml_file="$WORK_DIR/vote-email.eml" + +read -r -d '' BODY <<EOF || true +Hi all, + +Please review and vote on Apache Doris ${TAG} release. + +The release candidate has been tagged in GitHub as ${TAG}, available here: +https://github.com/apache/doris/releases/tag/${TAG} + +Release Notes are here: +${rn} + +Thanks to everyone who has contributed to this release. + +The artifacts (source, signature and checksum) corresponding to this release +candidate can be found here: +${DEV_SVN_DIR}/ + +The convenience binaries can be downloaded here: +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-x64.tar.gz +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-x64.tar.gz.asc +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-x64.tar.gz.sha512 +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-x64-noavx2.tar.gz +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-x64-noavx2.tar.gz.asc +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-x64-noavx2.tar.gz.sha512 +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-arm64.tar.gz +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-arm64.tar.gz.asc +https://apache-doris-releases.oss-accelerate.aliyuncs.com/apache-doris-${VERSION}-bin-arm64.tar.gz.sha512 + +This has been signed with PGP key ${FPR}, corresponding to ${APACHE_EMAIL}. +KEYS file is available here: +${KEYS_URL} +It is also listed here: +https://people.apache.org/keys/committer/${APACHE_ID}.asc + +To verify and build, you can refer to following link: +${VERIFY_GUIDE_URL} + +The vote will be open for at least 72 hours. +[ ] +1 Approve the release Review Comment: The scripts make `APACHE_ID` and `APACHE_EMAIL` configurable, but the generated mail still hard-codes `Mingyu Chen`. If another RM edits `release.env`, the draft signs their vote email with someone else's display name. Please move the display name to `release.env` or prompt/derive it consistently with the configured Apache identity. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
