Re: [PR] Add python wheel staging to GitHub Actions build_release_candidate [beam]

via GitHub Wed, 04 Oct 2023 13:38:01 -0700


damccorm commented on code in PR #28822:
URL: https://github.com/apache/beam/pull/28822#discussion_r1346427713



##########
.github/workflows/build_release_candidate.yml:
##########
@@ -147,7 +147,72 @@ jobs:
             svn status
             svn commit -m "Staging Java artifacts for Apache Beam ${{ 
github.event.inputs.RELEASE }} RC${{ github.event.inputs.RC }}" 
--non-interactive --username ${{ github.event.inputs.APACHE_ID }} --password 
${{ github.event.inputs.APACHE_PASSWORD }} 
         
-      
+  stage_python_artifacts:
+    if: ${{github.event.inputs.STAGE_PYTHON_SOURCE == 'yes'}}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate and mask apache id/password
+        run: |
+          echo "::add-mask::${{ github.event.inputs.APACHE_PASSWORD }}"
+          if [ "${{ github.event.inputs.APACHE_ID }}" == "" ]
+          then
+            echo "Must provide an apache id to stage artifacts to 
https://dist.apache.org/repos/dist/dev/beam/";
+          fi
+          if [ "${{ github.event.inputs.APACHE_PASSWORD }}" == "" ]
+          then
+            echo "Must provide an apache password to stage artifacts to 
https://dist.apache.org/repos/dist/dev/beam/";
+          fi
+      - name: Setup environment
+        uses: ./.github/actions/setup-environment-action
+        with:
+          python-version: 3.8
+      - name: Import GPG key
+        id: import_gpg
+        uses: 
crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+      - name: stage python artifacts
+        env:
+          RC_TAG: "v${{ github.event.inputs.RELEASE }}-RC${{ 
github.event.inputs.RC }}"
+          GIT_REPO_BASE_URL: https://github.com/apache/beam
+          RELEASE_DIR: "beam/${{ github.event.inputs.RELEASE }}"
+          SCRIPT_DIR: release/src/main/scripts

Review Comment:
   We still need to se the GITHUB_TOKEN here as an env var (it won't be 
automatically visible).
   
   So `GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`



##########
.github/workflows/build_release_candidate.yml:
##########
@@ -147,7 +147,72 @@ jobs:
             svn status
             svn commit -m "Staging Java artifacts for Apache Beam ${{ 
github.event.inputs.RELEASE }} RC${{ github.event.inputs.RC }}" 
--non-interactive --username ${{ github.event.inputs.APACHE_ID }} --password 
${{ github.event.inputs.APACHE_PASSWORD }} 
         
-      
+  stage_python_artifacts:
+    if: ${{github.event.inputs.STAGE_PYTHON_SOURCE == 'yes'}}

Review Comment:
   We need to add `STAGE_PYTHON_SOURCE` as an input at the top of the file.



##########
.github/workflows/build_release_candidate.yml:
##########
@@ -147,7 +147,72 @@ jobs:
             svn status
             svn commit -m "Staging Java artifacts for Apache Beam ${{ 
github.event.inputs.RELEASE }} RC${{ github.event.inputs.RC }}" 
--non-interactive --username ${{ github.event.inputs.APACHE_ID }} --password 
${{ github.event.inputs.APACHE_PASSWORD }} 
         
-      
+  stage_python_artifacts:
+    if: ${{github.event.inputs.STAGE_PYTHON_SOURCE == 'yes'}}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate and mask apache id/password
+        run: |
+          echo "::add-mask::${{ github.event.inputs.APACHE_PASSWORD }}"
+          if [ "${{ github.event.inputs.APACHE_ID }}" == "" ]
+          then
+            echo "Must provide an apache id to stage artifacts to 
https://dist.apache.org/repos/dist/dev/beam/";
+          fi
+          if [ "${{ github.event.inputs.APACHE_PASSWORD }}" == "" ]
+          then
+            echo "Must provide an apache password to stage artifacts to 
https://dist.apache.org/repos/dist/dev/beam/";
+          fi
+      - name: Setup environment
+        uses: ./.github/actions/setup-environment-action
+        with:
+          python-version: 3.8
+      - name: Import GPG key
+        id: import_gpg
+        uses: 
crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+      - name: stage python artifacts
+        env:
+          RC_TAG: "v${{ github.event.inputs.RELEASE }}-RC${{ 
github.event.inputs.RC }}"
+          GIT_REPO_BASE_URL: https://github.com/apache/beam
+          RELEASE_DIR: "beam/${{ github.event.inputs.RELEASE }}"
+          SCRIPT_DIR: release/src/main/scripts

Review Comment:
   I'd also still prefer we pass the env location into the script to be 
explicit.



##########
.github/workflows/build_release_candidate.yml:
##########
@@ -147,7 +147,72 @@ jobs:
             svn status
             svn commit -m "Staging Java artifacts for Apache Beam ${{ 
github.event.inputs.RELEASE }} RC${{ github.event.inputs.RC }}" 
--non-interactive --username ${{ github.event.inputs.APACHE_ID }} --password 
${{ github.event.inputs.APACHE_PASSWORD }} 
         
-      
+  stage_python_artifacts:
+    if: ${{github.event.inputs.STAGE_PYTHON_SOURCE == 'yes'}}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate and mask apache id/password
+        run: |
+          echo "::add-mask::${{ github.event.inputs.APACHE_PASSWORD }}"
+          if [ "${{ github.event.inputs.APACHE_ID }}" == "" ]
+          then
+            echo "Must provide an apache id to stage artifacts to 
https://dist.apache.org/repos/dist/dev/beam/";
+          fi
+          if [ "${{ github.event.inputs.APACHE_PASSWORD }}" == "" ]
+          then
+            echo "Must provide an apache password to stage artifacts to 
https://dist.apache.org/repos/dist/dev/beam/";
+          fi
+      - name: Setup environment
+        uses: ./.github/actions/setup-environment-action
+        with:
+          python-version: 3.8
+      - name: Import GPG key
+        id: import_gpg
+        uses: 
crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+      - name: stage python artifacts
+        env:
+          RC_TAG: "v${{ github.event.inputs.RELEASE }}-RC${{ 
github.event.inputs.RC }}"
+          GIT_REPO_BASE_URL: https://github.com/apache/beam
+          RELEASE_DIR: "beam/${{ github.event.inputs.RELEASE }}"
+          SCRIPT_DIR: release/src/main/scripts
+        run: |
+          svn co https://dist.apache.org/repos/dist/dev/beam
+          mkdir -p "${SVN_ARTIFACTS_DIR}"
+          
+          RELEASE_COMMIT=$(git rev-list -n 1 "tags/${RC_TAG}")
+          
+          python "${SCRIPT_DIR}/download_github_actions_artifacts.py" \
+            --repo-url "${GIT_REPO_BASE_URL}" \
+            --rc-tag "${RC_TAG}" \
+            --release-commit "${RELEASE_COMMIT}" \
+            --artifacts_dir "${RELEASE_DIR}/python"
+        
+          cd "${RELEASE_DIR}"/python
+        
+          echo "------Checking Hash Value for apache-beam-${RELEASE}.zip-----"
+          sha512sum -c "apache-beam-${RELEASE}.zip.sha512"
+        
+          echo "------Signing Source Release apache-beam-${RELEASE}.zip------"
+          gpg --local-user "${SIGNING_KEY}" --armor --detach-sig 
"apache-beam-${RELEASE}.zip"

Review Comment:
   signing_key is not assigned, you can include it as an env var using 
`${{steps.import_gpg.outputs.name}}` like we do above.
   
   Also note that local-user here is actually the name of the key, not the key 
itself



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] Add python wheel staging to GitHub Actions build_release_candidate [beam]

Reply via email to