leaves12138 commented on code in PR #27:
URL: https://github.com/apache/paimon-mosaic/pull/27#discussion_r3279004308
##########
docs/creating-a-release.html:
##########
@@ -192,9 +192,21 @@ <h3>Create the RC Tag</h3>
<li><strong>Release Python</strong> — builds wheels for
4 platforms, publishes to TestPyPI</li>
</ul>
+ <h3>Verify and Generate Dependency Licenses</h3>
+ <p>ASF releases must include a declaration of third-party
dependency licenses. Use <code>cargo-deny</code> to check and generate the
license manifest:</p>
+<pre><code># Install cargo-deny (one-time)
+cargo install cargo-deny
+
+# Check all dependency licenses are approved
+python3 tools/dependencies.py check
+
+# Generate DEPENDENCIES.rust.tsv (included in source tarball)
+python3 tools/dependencies.py generate</code></pre>
+ <p>Fix any license violations before proceeding. The generated
<code>DEPENDENCIES.rust.tsv</code> file will be included in the source release
archive.</p>
Review Comment:
This says the generated `DEPENDENCIES.rust.tsv` files will be included in
the source archive, but `create_source_release.sh` builds the archive from `git
clone .`. Files generated by `python3 tools/dependencies.py generate` are
untracked unless the RM commits them, so they are omitted by the clone. I
verified this with a local simulation: generated `DEPENDENCIES.rust.tsv` files
were present in the working tree but absent from the cloned tree used for
packaging. Please either make the release script copy/include the generated
files from the working tree, or explicitly require committing them before
running `create_source_release.sh`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
