Toshiya, Please check the Verify section of the website, the instructions are all there [1] [2]. I liked your approach regarding maven, but we have a lot of files that are not java based.
For Maven staged files in nexus, we don't need to verify the signature - as this is done in the upload phase by Nexus backend. Hope this helps. [1] - https://kie.apache.org/docs/community/verify [2] - https://kie.apache.org/docs/community/build On Wed, Oct 2, 2024 at 5:37 AM Toshiya Kobayashi <toshiyakobaya...@gmail.com> wrote: > > Hi, > > > the checks are for all the directories inside the > > source zips and all the files staged in rc1 folder > > I did the check only for drools, so I temporarily withdraw the vote for now. > > I hoped that we verify only the area where one has expertise. But if > verifying all projects by every single person is a hard requirement, I will > do my best. > > I'm sharing my steps to check PGP, hoping it helps others. > > 1. Create a pom.xml which has all artifacts as dependencies. I used > chaptgpt/perplexity.ai to create such a script (and some manual fix). Add > pgpverify-maven-plugin. For drools, > https://gist.github.com/tkobayas/34193e0318f071bcdb13792a10a4773f > 2. Import KEYS > wget https://downloads.apache.org/incubator/kie/KEYS > gpg --import KEYS > gpg --list-keys > 3. Use ID for Apache KIE Automated Release Signing. Put the ID in > <properties><gpg.keyname>ID</gpg.keyname></properties> in settings.xml. > Mine is https://gist.github.com/tkobayas/8972d63f2ef49bc65b540d96cd059d6b > 4. `mvn clean install` > > Cheers, > Toshiya > > > On Wed, Oct 2, 2024 at 6:01 PM Alex Porcelli <a...@porcelli.me> wrote: > > > Hi Paolo, > > > > You are correct, the checks are for all the directories inside the > > source zips and all the files staged in rc1 folder > > https://dist.apache.org/repos/dist/dev/incubator/kie/10.0.0-rc1/ > > > > On Wed, Oct 2, 2024 at 4:53 AM Paolo Bizzarri <pibi...@gmail.com> wrote: > > > > > > Hi Alex, to clarify. > > > > > > Each one of us is supposed to verify ALL the artifacts and to report that > > > he has verified ALL the artifacts. > > > > > > The checks cannot be reported for a single project - at least this is > > how I > > > understand it from your email. > > > > > > Am I right? Thank you. > > > > > > P. > > > > > > On Wed, Oct 2, 2024 at 1:56 AM Alex Porcelli <porce...@apache.org> > > wrote: > > > > > > > Hello, Apache KIE(incubating) Community: > > > > > > > > I'm thrilled to announce our first call for a vote to release Apache > > > > KIE(Incubating) under the Apache Foundation! This is a significant > > > > milestone for our project, and we're excited to share version > > 10.0.0-rc1 > > > > with the community. > > > > > > > > It's worth noting that our last community release was in September > > 2023. > > > > Since then, our dedicated community has worked tirelessly to adjust to > > our > > > > new home within the Apache Foundation. The effort and commitment shown > > > > during this transition period have been truly remarkable, and we > > couldn't > > > > be more excited about this release. > > > > > > > > The release candidate: > > > > https://dist.apache.org/repos/dist/dev/incubator/kie/10.0.0-rc1/ > > > > > > > > The maven staging for this release: > > > > Drools: > > > > https://repository.apache.org/content/repositories/orgapachekie-1042 > > > > Optaplanner: > > > > https://repository.apache.org/content/repositories/orgapachekie-1009 > > > > Kogito Runtimes: > > > > https://repository.apache.org/content/repositories/orgapachekie-1012 > > > > Kogito Apps: > > > > https://repository.apache.org/content/repositories/orgapachekie-1014 > > > > Kogito Apps (JIT Executor Native linux): > > > > https://repository.apache.org/content/repositories/orgapachekie-1018 > > > > Kogito Apps (JIT Executor Native windows): > > > > https://repository.apache.org/content/repositories/orgapachekie-1019 > > > > Kogito Apps (JIT Executor Native mac): > > > > https://repository.apache.org/content/repositories/orgapachekie-1020 > > > > KIE Tools (JBPM Quarkus DevUI): > > > > https://repository.apache.org/content/repositories/orgapachekie-1021 > > > > KIE Tools (Sonataflow Quarkus DevUI): > > > > https://repository.apache.org/content/repositories/orgapachekie-1039 > > > > > > > > The artifacts are signed with PGP key corresponding to [ > > > > priv...@kie.apache.org], that can be found in keys file: > > > > https://downloads.apache.org/incubator/kie/KEYS > > > > > > > > The vote will be open for at least 72 hours until the necessary number > > of > > > > votes are reached. > > > > > > > > Please vote accordingly: > > > > > > > > [ ] +1 approve > > > > [ ] +0 no opinion > > > > [ ] -1 disapprove with the reason > > > > > > > > To learn more about KIE, please see https://kie.apache.org/ > > > > > > > > *Valid check is a requirement for a vote.* Checklist for reference: > > > > > > > > [ ] Download KIE artifacts are valid. > > > > [ ] Checksums and PGP signatures are valid. > > > > [ ] Source code distributions have correct names matching the current > > > > release. > > > > [ ] LICENSE and NOTICE files are correct. > > > > [ ] All files have license headers if necessary. > > > > [ ] No compiled archives bundled in source archive. > > > > [ ] Can compile from source. > > > > > > > > More detail checklist please refer: > > > > > > > > > > https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist > > > > > > > > For more information on how to verify the release, please refer to: > > > > https://kie.apache.org/docs/community/verify > > > > > > > > For more information on how to how to build, please refer to: > > > > https://kie.apache.org/docs/community/build > > > > > > > > Thanks, > > > > Alex > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@kie.apache.org > > For additional commands, e-mail: dev-h...@kie.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@kie.apache.org For additional commands, e-mail: dev-h...@kie.apache.org
