snazy commented on code in PR #2383: URL: https://github.com/apache/polaris/pull/2383#discussion_r2451906627
########## releasey/libs/_version.sh: ########## @@ -0,0 +1,176 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# +# Utility functions for version validation and version.txt manipulation +# + +LIBS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +source "$LIBS_DIR/_constants.sh" +source "$LIBS_DIR/_exec.sh" + +function validate_and_extract_branch_version { + # This function validates the format of a release branch version and extracts its components (major.minor). + # It now accepts the major.minor.x format (e.g., "1.1.x") instead of exact version format. + # It returns 0 if the version is valid and sets the global variables major, minor. + # The patch version is not extracted from the branch name as it uses the "x" placeholder. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${BRANCH_VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + # patch is not set from branch name since it uses "x" placeholder + + return 0 +} + +function validate_and_extract_git_tag_version { + # This function validates the format of a git tag version and extracts its components (major.minor.patch and rc number). + # It is similar to validate_and_extract_rc_version, but for git tag format. + # It returns 0 if the version is valid and sets the global variables major, minor, patch, and rc_number. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format without the rc number. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX_GIT_TAG} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + rc_number="${BASH_REMATCH[4]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function validate_and_extract_polaris_version { + # This function validates the format of a Polaris version and extracts its components (major.minor.patch). + # It accepts the full version format (e.g., "1.0.0-incubating") and sets the global variables major, minor, patch. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format. + # Returns 0 if the version is valid, 1 otherwise. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function update_version { + local version="$1" + local current_version=$(cat "$VERSION_FILE") + update_version_txt "${version}" + update_helm_version "${current_version}" "${version}" +} + +function update_version_txt { + local version="$1" + # This function is only there for dry-run support. Because of the + # redirection, we cannot use exec_process with the exact command that will be + # executed. + if [[ ${DRY_RUN:-1} -ne 1 ]]; then + exec_process echo ${version} >$VERSION_FILE + else + exec_process "echo ${version} > $VERSION_FILE" + fi +} + +function update_helm_version { + local old_version="$1" + local new_version="$2" + exec_process sed -i~ "s/${old_version}/${new_version}/g" "$HELM_CHART_YAML_FILE" + exec_process sed -i~ "s/${old_version}/${new_version}/g" "$HELM_README_FILE" + # The readme file may contain version with double dash for shields.io badges + # We need a second `sed` command to ensure that the version replacement preserves this double-dash syntax. + local current_version_with_dash=$(echo "$old_version" | sed 's/-/--/g') + local version_with_dash=$(echo "$version" | sed 's/-/--/g') + exec_process sed -i~ "s/${current_version_with_dash}/${version_with_dash}/" "$HELM_README_FILE" +} + +function find_next_rc_number { + # This function finds the next available RC number for a given version. + # It returns 0 and sets the global variable rc_number to the next available RC number. + # RC numbers start from 0. It takes the version_without_rc as input (e.g., "1.0.0-incubating"). + local version_without_rc="$1" + + # Get all existing RC tags for this version + local tag_pattern="apache-polaris-${version_without_rc}-rc*" + local existing_tags + existing_tags=$(git tag -l "${tag_pattern}" | sort -V) + + if [[ -z "${existing_tags}" ]]; then + # No existing RC tags, start with RC0 + rc_number=0 + else + # Extract the highest RC number and increment + local highest_rc + highest_rc=$(echo "${existing_tags}" | sed "s/apache-polaris-${version_without_rc}-rc//" | sort -n | tail -1) + rc_number=$((highest_rc + 1)) + fi + + return 0 +} + +function find_next_patch_number { + # This function finds the next available patch number for a given major.minor version. + # It returns 0 and sets the global variable patch to the next available patch number. + # Patch numbers start from 0. It takes major and minor as input (e.g., "1", "0"). + local major="$1" + local minor="$2" + + # Get all existing tags for this major.minor version + local tag_pattern="apache-polaris-${major}.${minor}.*-incubating-rc*" + local existing_tags + existing_tags=$(git tag -l "${tag_pattern}" | sort -V) Review Comment: Nit: could leverage array type here as well. ########## releasey/libs/_version.sh: ########## @@ -0,0 +1,176 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# +# Utility functions for version validation and version.txt manipulation +# + +LIBS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +source "$LIBS_DIR/_constants.sh" +source "$LIBS_DIR/_exec.sh" + +function validate_and_extract_branch_version { + # This function validates the format of a release branch version and extracts its components (major.minor). + # It now accepts the major.minor.x format (e.g., "1.1.x") instead of exact version format. + # It returns 0 if the version is valid and sets the global variables major, minor. + # The patch version is not extracted from the branch name as it uses the "x" placeholder. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${BRANCH_VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + # patch is not set from branch name since it uses "x" placeholder + + return 0 +} + +function validate_and_extract_git_tag_version { + # This function validates the format of a git tag version and extracts its components (major.minor.patch and rc number). + # It is similar to validate_and_extract_rc_version, but for git tag format. + # It returns 0 if the version is valid and sets the global variables major, minor, patch, and rc_number. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format without the rc number. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX_GIT_TAG} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + rc_number="${BASH_REMATCH[4]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function validate_and_extract_polaris_version { + # This function validates the format of a Polaris version and extracts its components (major.minor.patch). + # It accepts the full version format (e.g., "1.0.0-incubating") and sets the global variables major, minor, patch. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format. + # Returns 0 if the version is valid, 1 otherwise. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function update_version { + local version="$1" + local current_version=$(cat "$VERSION_FILE") Review Comment: To [prevent "masking" the return value](https://github.com/koalaman/shellcheck/wiki/SC2155) of `cat` ```suggestion local current_version current_version=$(cat "$VERSION_FILE") ``` ########## releasey/libs/_version.sh: ########## @@ -0,0 +1,176 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# +# Utility functions for version validation and version.txt manipulation +# + +LIBS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +source "$LIBS_DIR/_constants.sh" +source "$LIBS_DIR/_exec.sh" + +function validate_and_extract_branch_version { + # This function validates the format of a release branch version and extracts its components (major.minor). + # It now accepts the major.minor.x format (e.g., "1.1.x") instead of exact version format. + # It returns 0 if the version is valid and sets the global variables major, minor. + # The patch version is not extracted from the branch name as it uses the "x" placeholder. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${BRANCH_VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + # patch is not set from branch name since it uses "x" placeholder + + return 0 +} + +function validate_and_extract_git_tag_version { + # This function validates the format of a git tag version and extracts its components (major.minor.patch and rc number). + # It is similar to validate_and_extract_rc_version, but for git tag format. + # It returns 0 if the version is valid and sets the global variables major, minor, patch, and rc_number. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format without the rc number. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX_GIT_TAG} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + rc_number="${BASH_REMATCH[4]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function validate_and_extract_polaris_version { + # This function validates the format of a Polaris version and extracts its components (major.minor.patch). + # It accepts the full version format (e.g., "1.0.0-incubating") and sets the global variables major, minor, patch. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format. + # Returns 0 if the version is valid, 1 otherwise. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function update_version { + local version="$1" + local current_version=$(cat "$VERSION_FILE") + update_version_txt "${version}" + update_helm_version "${current_version}" "${version}" +} + +function update_version_txt { + local version="$1" + # This function is only there for dry-run support. Because of the + # redirection, we cannot use exec_process with the exact command that will be + # executed. + if [[ ${DRY_RUN:-1} -ne 1 ]]; then + exec_process echo ${version} >$VERSION_FILE + else + exec_process "echo ${version} > $VERSION_FILE" + fi +} + +function update_helm_version { + local old_version="$1" + local new_version="$2" + exec_process sed -i~ "s/${old_version}/${new_version}/g" "$HELM_CHART_YAML_FILE" + exec_process sed -i~ "s/${old_version}/${new_version}/g" "$HELM_README_FILE" + # The readme file may contain version with double dash for shields.io badges + # We need a second `sed` command to ensure that the version replacement preserves this double-dash syntax. + local current_version_with_dash=$(echo "$old_version" | sed 's/-/--/g') + local version_with_dash=$(echo "$version" | sed 's/-/--/g') + exec_process sed -i~ "s/${current_version_with_dash}/${version_with_dash}/" "$HELM_README_FILE" +} + +function find_next_rc_number { + # This function finds the next available RC number for a given version. + # It returns 0 and sets the global variable rc_number to the next available RC number. + # RC numbers start from 0. It takes the version_without_rc as input (e.g., "1.0.0-incubating"). + local version_without_rc="$1" + + # Get all existing RC tags for this version + local tag_pattern="apache-polaris-${version_without_rc}-rc*" + local existing_tags + existing_tags=$(git tag -l "${tag_pattern}" | sort -V) + + if [[ -z "${existing_tags}" ]]; then + # No existing RC tags, start with RC0 + rc_number=0 + else + # Extract the highest RC number and increment + local highest_rc + highest_rc=$(echo "${existing_tags}" | sed "s/apache-polaris-${version_without_rc}-rc//" | sort -n | tail -1) Review Comment: Nit: could use an array and leverage that it's already sorted. ```suggestion existing_tags=($(git tag -l "${tag_pattern}" | sort -V)) if [[ ${#Fruits[@]} -eq 0 ]]; then # No existing RC tags, start with RC0 rc_number=0 else # Extract the highest RC number and increment local highest_rc highest_rc=$(echo "${existing_tags[-1]//apache-polaris-${version_without_rc}-rc/") ``` ########## .github/workflows/release-2-update-release-candidate.yml: ########## @@ -0,0 +1,200 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 2 - Update version and Changelog for Release Candidate + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + update-release-candidate: + name: Release - 2 - Update version and Changelog for Release Candidate + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + # Fetch full history. Branch operations require this. + fetch-depth: 0 + # Use a token with write permissions + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure Git + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Auto-determine release branch and next RC number + run: | + source "${LIBS_DIR}/_version.sh" + + # Get the current branch name + current_branch=$(git branch --show-current) + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + # Validate that we're on a release branch + if [[ ! "${current_branch}" =~ ^release/(.+)$ ]]; then + echo "❌ Invalid branch: \`${current_branch}\`. This workflow must be run from a release branch (release/major.minor.x)" >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Extract version from release branch name + branch_version="${BASH_REMATCH[1]}" + + # Validate branch version format and extract components + if ! validate_and_extract_branch_version "${branch_version}"; then + echo "❌ Invalid release branch version format: \`${branch_version}\`, expected: major.minor.x" >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Find the next available patch number for this major.minor version + find_next_patch_number "${major}" "${minor}" + + # Build the target version using branch major.minor and determined patch + version_without_rc="${major}.${minor}.${patch}-incubating" + + # Find the next available RC number by checking existing tags + find_next_rc_number "${version_without_rc}" + + # Build the new release tag + release_tag="apache-polaris-${version_without_rc}-rc${rc_number}" + + # Export all variables for next steps + echo "release_tag=${release_tag}" >> $GITHUB_ENV + echo "major=${major}" >> $GITHUB_ENV + echo "minor=${minor}" >> $GITHUB_ENV + echo "patch=${patch}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "release_branch=${current_branch}" >> $GITHUB_ENV + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Release branch | \`${current_branch}\` | + | Version without RC | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + | Release tag | \`${release_tag}\` | + EOT + + - name: Verify GitHub checks are passing + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + source "${LIBS_DIR}/_github.sh" + + # Get the current HEAD commit SHA + current_commit=$(git rev-parse HEAD) + + echo "## Validation" >> $GITHUB_STEP_SUMMARY + + # Verify all GitHub checks are passing + if ! check_github_checks_passed "${current_commit}"; then + echo "❌ GitHub checks are not all passing for commit \`${current_commit}\`. Please ensure all checks pass before updating the release candidate." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + echo "All GitHub checks are passing for commit \`${current_commit}\`" >> $GITHUB_STEP_SUMMARY + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Update project versions + run: | + source "${LIBS_DIR}/_version.sh" + + update_version "${version_without_rc}" + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Version update + All version files updated to \`${version_without_rc}\` + EOT + + - name: Update changelog + run: | + source "${LIBS_DIR}/_exec.sh" + exec_process ./gradlew patchChangelog + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Changelog + Changelog patched successfully + EOT + + - name: Commit and push changes + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + # Commit version files and changelog + exec_process git add "$VERSION_FILE" "$HELM_CHART_YAML_FILE" "$HELM_README_FILE" + exec_process git add "$CHANGELOG_FILE" Review Comment: Super nit: ```suggestion exec_process git add \ "$VERSION_FILE" \ "$HELM_CHART_YAML_FILE" \ "$HELM_README_FILE" \ "$CHANGELOG_FILE" ``` ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + prerequisite-checks: + name: Prerequisite Checks + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + dry_run: ${{ steps.set-outputs.outputs.dry_run }} + git_tag: ${{ steps.validate-tag.outputs.git_tag }} + version_without_rc: ${{ steps.validate-tag.outputs.version_without_rc }} + rc_number: ${{ steps.validate-tag.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + id: set-outputs + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "dry_run=1" >> $GITHUB_OUTPUT + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "dry_run=0" >> $GITHUB_OUTPUT + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Validate release candidate tag + id: validate-tag + run: | + source "${LIBS_DIR}/_version.sh" + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + if ! git_tag=$(git describe --tags --exact-match HEAD 2>/dev/null); then + echo "❌ Current HEAD is not on a release candidate tag. Please checkout a release candidate tag first." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Validate git tag format and extract version components + if ! validate_and_extract_git_tag_version "${git_tag}"; then + echo "❌ Invalid git tag format: \`${git_tag}\`. Expected format: apache-polaris-x.y.z-incubating-rcN." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps and job outputs + echo "git_tag=${git_tag}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + + echo "git_tag=${git_tag}" >> $GITHUB_OUTPUT + echo "version_without_rc=${version_without_rc}" >> $GITHUB_OUTPUT + echo "rc_number=${rc_number}" >> $GITHUB_OUTPUT + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Git tag | \`${git_tag}\` | + | Version | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + EOT + + build-and-publish-artifacts: + name: Build and Publish Release Artifacts + runs-on: ubuntu-latest + needs: prerequisite-checks + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Build source and binary distributions + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew assemble sourceTarball -Prelease -PuseGpgAgent + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Build + Source and binary distributions built successfully + EOT + + - name: Stage artifacts to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" + + version_dir="${dist_dev_dir}/${version_without_rc}" + exec_process mkdir -p "${version_dir}" + exec_process cp build/distributions/* "${version_dir}/" + exec_process cp runtime/distribution/build/distributions/* "${version_dir}/" + + exec_process cd "${dist_dev_dir}" + exec_process svn add "${version_without_rc}" + + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Stage Apache Polaris ${version_without_rc} RC${rc_number}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Staging to dist dev + Artifacts staged to Apache dist dev repository + EOT + + - name: Publish and close Apache Nexus staging repository + env: + ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.APACHE_USERNAME }} + ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_exec.sh" + + # Publish artifacts to staging repository + exec_process ./gradlew publishToApache closeApacheStagingRepository -Prelease -PuseGpgAgent --info > gradle_publish_output.txt 2>&1 Review Comment: Nit: maybe use 'tee` so the Gradle output is captured on the console. ```suggestion exec_process ./gradlew publishToApache closeApacheStagingRepository -Prelease -PuseGpgAgent --info 2>&1 | tee gradle_publish_output.txt ``` ########## releasey/libs/_version.sh: ########## @@ -0,0 +1,176 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# +# Utility functions for version validation and version.txt manipulation +# + +LIBS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +source "$LIBS_DIR/_constants.sh" +source "$LIBS_DIR/_exec.sh" + +function validate_and_extract_branch_version { + # This function validates the format of a release branch version and extracts its components (major.minor). + # It now accepts the major.minor.x format (e.g., "1.1.x") instead of exact version format. + # It returns 0 if the version is valid and sets the global variables major, minor. + # The patch version is not extracted from the branch name as it uses the "x" placeholder. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${BRANCH_VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + # patch is not set from branch name since it uses "x" placeholder + + return 0 +} + +function validate_and_extract_git_tag_version { + # This function validates the format of a git tag version and extracts its components (major.minor.patch and rc number). + # It is similar to validate_and_extract_rc_version, but for git tag format. + # It returns 0 if the version is valid and sets the global variables major, minor, patch, and rc_number. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format without the rc number. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX_GIT_TAG} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + rc_number="${BASH_REMATCH[4]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function validate_and_extract_polaris_version { + # This function validates the format of a Polaris version and extracts its components (major.minor.patch). + # It accepts the full version format (e.g., "1.0.0-incubating") and sets the global variables major, minor, patch. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format. + # Returns 0 if the version is valid, 1 otherwise. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function update_version { + local version="$1" + local current_version=$(cat "$VERSION_FILE") + update_version_txt "${version}" + update_helm_version "${current_version}" "${version}" +} + +function update_version_txt { + local version="$1" + # This function is only there for dry-run support. Because of the + # redirection, we cannot use exec_process with the exact command that will be + # executed. + if [[ ${DRY_RUN:-1} -ne 1 ]]; then + exec_process echo ${version} >$VERSION_FILE Review Comment: ```suggestion exec_process echo "${version}" >$VERSION_FILE ``` ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + prerequisite-checks: + name: Prerequisite Checks + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + dry_run: ${{ steps.set-outputs.outputs.dry_run }} + git_tag: ${{ steps.validate-tag.outputs.git_tag }} + version_without_rc: ${{ steps.validate-tag.outputs.version_without_rc }} + rc_number: ${{ steps.validate-tag.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + id: set-outputs + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "dry_run=1" >> $GITHUB_OUTPUT + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "dry_run=0" >> $GITHUB_OUTPUT + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Validate release candidate tag + id: validate-tag + run: | + source "${LIBS_DIR}/_version.sh" + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + if ! git_tag=$(git describe --tags --exact-match HEAD 2>/dev/null); then + echo "❌ Current HEAD is not on a release candidate tag. Please checkout a release candidate tag first." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Validate git tag format and extract version components + if ! validate_and_extract_git_tag_version "${git_tag}"; then + echo "❌ Invalid git tag format: \`${git_tag}\`. Expected format: apache-polaris-x.y.z-incubating-rcN." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps and job outputs + echo "git_tag=${git_tag}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + + echo "git_tag=${git_tag}" >> $GITHUB_OUTPUT + echo "version_without_rc=${version_without_rc}" >> $GITHUB_OUTPUT + echo "rc_number=${rc_number}" >> $GITHUB_OUTPUT + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Git tag | \`${git_tag}\` | + | Version | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + EOT + + build-and-publish-artifacts: + name: Build and Publish Release Artifacts + runs-on: ubuntu-latest + needs: prerequisite-checks + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Build source and binary distributions + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew assemble sourceTarball -Prelease -PuseGpgAgent + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Build + Source and binary distributions built successfully + EOT + + - name: Stage artifacts to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" + + version_dir="${dist_dev_dir}/${version_without_rc}" + exec_process mkdir -p "${version_dir}" + exec_process cp build/distributions/* "${version_dir}/" + exec_process cp runtime/distribution/build/distributions/* "${version_dir}/" + + exec_process cd "${dist_dev_dir}" + exec_process svn add "${version_without_rc}" + + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Stage Apache Polaris ${version_without_rc} RC${rc_number}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Staging to dist dev + Artifacts staged to Apache dist dev repository + EOT + + - name: Publish and close Apache Nexus staging repository + env: + ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.APACHE_USERNAME }} + ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_exec.sh" + + # Publish artifacts to staging repository + exec_process ./gradlew publishToApache closeApacheStagingRepository -Prelease -PuseGpgAgent --info > gradle_publish_output.txt 2>&1 + + # Extract staging repository ID and URL from Gradle output + staging_repo_id="" + staging_repo_url="" + + # Look for staging repository ID in the output + if grep -q "Created staging repository" gradle_publish_output.txt; then + staging_repo_id=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\1/") + staging_repo_url=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\2/") + fi + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Nexus Staging Repository + Artifacts published and staging repository closed successfully + + | Property | Value | + | --- | --- | + | Staging Repository ID | \`${staging_repo_id:-"Not extracted"}\` | + | Staging Repository URL | ${staging_repo_url:-"Not extracted"} | + + ## Summary + 🎉 Artifacts built and published successfully: + + | Operation | Status | + | --- | --- | + | Build source and binary distributions | ✅ | + | Stage artifacts to Apache dist dev repository | ✅ | + | Stage artifacts to Apache Nexus staging repository | ✅ | + | Close Nexus staging repository | ✅ | + EOT + + build-docker: + name: Build Docker Images + runs-on: ubuntu-latest + needs: [prerequisite-checks, build-and-publish-artifacts] + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Build Polaris Server Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-server:assemble :polaris-server:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" + + - name: Build Polaris Admin Tool Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-admin:assemble :polaris-admin:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" + + echo "## Docker Images Summary" >> $GITHUB_STEP_SUMMARY + cat <<EOT >> $GITHUB_STEP_SUMMARY + 🎉 Docker images built successfully: + + | Component | Status | + | --- | --- | + | Polaris Server Docker image | ✅ Built | + | Polaris Admin Tool Docker image | ✅ Built | + EOT + + build-and-stage-helm-chart: + name: Build and Stage Helm Chart + runs-on: ubuntu-latest + needs: [prerequisite-checks, build-docker] + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 + with: + version: 'latest' + + - name: Install Helm GPG plugin + run: | + helm plugin install https://github.com/technosophos/helm-gpg || true Review Comment: Why's the `|| true` needed? Mind adding a comment? ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + prerequisite-checks: + name: Prerequisite Checks + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + dry_run: ${{ steps.set-outputs.outputs.dry_run }} + git_tag: ${{ steps.validate-tag.outputs.git_tag }} + version_without_rc: ${{ steps.validate-tag.outputs.version_without_rc }} + rc_number: ${{ steps.validate-tag.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + id: set-outputs + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "dry_run=1" >> $GITHUB_OUTPUT + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "dry_run=0" >> $GITHUB_OUTPUT + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Validate release candidate tag + id: validate-tag + run: | + source "${LIBS_DIR}/_version.sh" + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + if ! git_tag=$(git describe --tags --exact-match HEAD 2>/dev/null); then + echo "❌ Current HEAD is not on a release candidate tag. Please checkout a release candidate tag first." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Validate git tag format and extract version components + if ! validate_and_extract_git_tag_version "${git_tag}"; then + echo "❌ Invalid git tag format: \`${git_tag}\`. Expected format: apache-polaris-x.y.z-incubating-rcN." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps and job outputs + echo "git_tag=${git_tag}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + + echo "git_tag=${git_tag}" >> $GITHUB_OUTPUT + echo "version_without_rc=${version_without_rc}" >> $GITHUB_OUTPUT + echo "rc_number=${rc_number}" >> $GITHUB_OUTPUT + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Git tag | \`${git_tag}\` | + | Version | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + EOT + + build-and-publish-artifacts: + name: Build and Publish Release Artifacts + runs-on: ubuntu-latest + needs: prerequisite-checks + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Build source and binary distributions + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew assemble sourceTarball -Prelease -PuseGpgAgent + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Build + Source and binary distributions built successfully + EOT + + - name: Stage artifacts to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" + + version_dir="${dist_dev_dir}/${version_without_rc}" + exec_process mkdir -p "${version_dir}" + exec_process cp build/distributions/* "${version_dir}/" + exec_process cp runtime/distribution/build/distributions/* "${version_dir}/" + + exec_process cd "${dist_dev_dir}" + exec_process svn add "${version_without_rc}" + + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Stage Apache Polaris ${version_without_rc} RC${rc_number}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Staging to dist dev + Artifacts staged to Apache dist dev repository + EOT + + - name: Publish and close Apache Nexus staging repository + env: + ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.APACHE_USERNAME }} + ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_exec.sh" + + # Publish artifacts to staging repository + exec_process ./gradlew publishToApache closeApacheStagingRepository -Prelease -PuseGpgAgent --info > gradle_publish_output.txt 2>&1 + + # Extract staging repository ID and URL from Gradle output + staging_repo_id="" + staging_repo_url="" + + # Look for staging repository ID in the output + if grep -q "Created staging repository" gradle_publish_output.txt; then + staging_repo_id=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\1/") + staging_repo_url=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\2/") + fi + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Nexus Staging Repository + Artifacts published and staging repository closed successfully + + | Property | Value | + | --- | --- | + | Staging Repository ID | \`${staging_repo_id:-"Not extracted"}\` | + | Staging Repository URL | ${staging_repo_url:-"Not extracted"} | + + ## Summary + 🎉 Artifacts built and published successfully: + + | Operation | Status | + | --- | --- | + | Build source and binary distributions | ✅ | + | Stage artifacts to Apache dist dev repository | ✅ | + | Stage artifacts to Apache Nexus staging repository | ✅ | + | Close Nexus staging repository | ✅ | + EOT + + build-docker: + name: Build Docker Images + runs-on: ubuntu-latest + needs: [prerequisite-checks, build-and-publish-artifacts] + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Build Polaris Server Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-server:assemble :polaris-server:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" Review Comment: Should this be ```suggestion -Dquarkus.container-image.tag="${version}" ``` ? ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + prerequisite-checks: + name: Prerequisite Checks + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + dry_run: ${{ steps.set-outputs.outputs.dry_run }} + git_tag: ${{ steps.validate-tag.outputs.git_tag }} + version_without_rc: ${{ steps.validate-tag.outputs.version_without_rc }} + rc_number: ${{ steps.validate-tag.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + id: set-outputs + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "dry_run=1" >> $GITHUB_OUTPUT + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "dry_run=0" >> $GITHUB_OUTPUT + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Validate release candidate tag + id: validate-tag + run: | + source "${LIBS_DIR}/_version.sh" + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + if ! git_tag=$(git describe --tags --exact-match HEAD 2>/dev/null); then + echo "❌ Current HEAD is not on a release candidate tag. Please checkout a release candidate tag first." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Validate git tag format and extract version components + if ! validate_and_extract_git_tag_version "${git_tag}"; then + echo "❌ Invalid git tag format: \`${git_tag}\`. Expected format: apache-polaris-x.y.z-incubating-rcN." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps and job outputs + echo "git_tag=${git_tag}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + + echo "git_tag=${git_tag}" >> $GITHUB_OUTPUT + echo "version_without_rc=${version_without_rc}" >> $GITHUB_OUTPUT + echo "rc_number=${rc_number}" >> $GITHUB_OUTPUT + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Git tag | \`${git_tag}\` | + | Version | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + EOT + + build-and-publish-artifacts: + name: Build and Publish Release Artifacts + runs-on: ubuntu-latest + needs: prerequisite-checks + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Build source and binary distributions + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew assemble sourceTarball -Prelease -PuseGpgAgent + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Build + Source and binary distributions built successfully + EOT + + - name: Stage artifacts to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" + + version_dir="${dist_dev_dir}/${version_without_rc}" + exec_process mkdir -p "${version_dir}" + exec_process cp build/distributions/* "${version_dir}/" + exec_process cp runtime/distribution/build/distributions/* "${version_dir}/" + + exec_process cd "${dist_dev_dir}" + exec_process svn add "${version_without_rc}" + + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Stage Apache Polaris ${version_without_rc} RC${rc_number}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Staging to dist dev + Artifacts staged to Apache dist dev repository + EOT + + - name: Publish and close Apache Nexus staging repository + env: + ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.APACHE_USERNAME }} + ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_exec.sh" + + # Publish artifacts to staging repository + exec_process ./gradlew publishToApache closeApacheStagingRepository -Prelease -PuseGpgAgent --info > gradle_publish_output.txt 2>&1 + + # Extract staging repository ID and URL from Gradle output + staging_repo_id="" + staging_repo_url="" + + # Look for staging repository ID in the output + if grep -q "Created staging repository" gradle_publish_output.txt; then + staging_repo_id=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\1/") + staging_repo_url=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\2/") + fi + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Nexus Staging Repository + Artifacts published and staging repository closed successfully + + | Property | Value | + | --- | --- | + | Staging Repository ID | \`${staging_repo_id:-"Not extracted"}\` | + | Staging Repository URL | ${staging_repo_url:-"Not extracted"} | + + ## Summary + 🎉 Artifacts built and published successfully: + + | Operation | Status | + | --- | --- | + | Build source and binary distributions | ✅ | + | Stage artifacts to Apache dist dev repository | ✅ | + | Stage artifacts to Apache Nexus staging repository | ✅ | + | Close Nexus staging repository | ✅ | + EOT + + build-docker: + name: Build Docker Images + runs-on: ubuntu-latest + needs: [prerequisite-checks, build-and-publish-artifacts] + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Build Polaris Server Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-server:assemble :polaris-server:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" + + - name: Build Polaris Admin Tool Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-admin:assemble :polaris-admin:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" + + echo "## Docker Images Summary" >> $GITHUB_STEP_SUMMARY + cat <<EOT >> $GITHUB_STEP_SUMMARY + 🎉 Docker images built successfully: + + | Component | Status | + | --- | --- | + | Polaris Server Docker image | ✅ Built | + | Polaris Admin Tool Docker image | ✅ Built | + EOT + + build-and-stage-helm-chart: + name: Build and Stage Helm Chart + runs-on: ubuntu-latest + needs: [prerequisite-checks, build-docker] + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 + with: + version: 'latest' + + - name: Install Helm GPG plugin + run: | + helm plugin install https://github.com/technosophos/helm-gpg || true + helm plugin list + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Create Helm package + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process cd helm + exec_process helm package polaris + exec_process helm gpg sign polaris-${version_without_rc}.tgz + calculate_sha512 polaris-${version_without_rc}.tgz polaris-${version_without_rc}.tgz.sha512 + exec_process gpg --armor --output polaris-${version_without_rc}.tgz.asc --detach-sig polaris-${version_without_rc}.tgz + calculate_sha512 polaris-${version_without_rc}.tgz.prov polaris-${version_without_rc}.tgz.prov.sha512 + exec_process gpg --armor --output polaris-${version_without_rc}.tgz.prov.asc --detach-sig polaris-${version_without_rc}.tgz.prov + + - name: Stage Helm chart to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" Review Comment: (similar svn/credentials as above) ########## .github/workflows/release-2-update-release-candidate.yml: ########## @@ -0,0 +1,200 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 2 - Update version and Changelog for Release Candidate + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + update-release-candidate: + name: Release - 2 - Update version and Changelog for Release Candidate + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + # Fetch full history. Branch operations require this. + fetch-depth: 0 + # Use a token with write permissions + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure Git + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Auto-determine release branch and next RC number + run: | + source "${LIBS_DIR}/_version.sh" + + # Get the current branch name + current_branch=$(git branch --show-current) + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + # Validate that we're on a release branch + if [[ ! "${current_branch}" =~ ^release/(.+)$ ]]; then + echo "❌ Invalid branch: \`${current_branch}\`. This workflow must be run from a release branch (release/major.minor.x)" >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Extract version from release branch name + branch_version="${BASH_REMATCH[1]}" + + # Validate branch version format and extract components + if ! validate_and_extract_branch_version "${branch_version}"; then + echo "❌ Invalid release branch version format: \`${branch_version}\`, expected: major.minor.x" >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Find the next available patch number for this major.minor version + find_next_patch_number "${major}" "${minor}" + Review Comment: Just to prevent some potential debugging round trips, it might be nice to print the results like ```suggestion echo "Next patch number: ${patch}" ``` here and after the other calls that "return" (change) a global variable. We can later remove that, if necessary. I'm just thinking that the initial runs may go sideways - Murphy's law and such... ;) ########## .github/workflows/release-4-publish-release.yml: ########## @@ -0,0 +1,359 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 4 - Publish Release After Vote Success + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + staging_repository_id: + description: 'Nexus staging repository ID to release (e.g., orgapachepolaris-1234)' + required: true + type: string + +jobs: Review Comment: Mind adding a final job (maybe in a follow-up) to print the proposed `[ANNOUNCE]` email subject and content? ########## releasey/libs/_exec.sh: ########## @@ -0,0 +1,46 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +LIBS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +source "$LIBS_DIR/_constants.sh" +source "$LIBS_DIR/_log.sh" + +function exec_process { + if [[ ${DRY_RUN:-1} -ne 1 ]]; then + print_command "Executing '${*}'" + "$@" + else + print_command "Dry-run, WOULD execute '${*}'" + fi +} + +function calculate_sha512 { + local source_file="$1" + local target_file="$2" + # This function is only there for dry-run support. Because of the + # redirection, we cannot use exec_process with the exact command that will be + # executed. + if [[ ${DRY_RUN:-1} -ne 1 ]]; then + exec_process shasum -a 512 "${source_file}" > "${target_file}" + else + exec_process "shasum -a 512 ${source_file} > ${target_file}" Review Comment: Nit: could remove the 2nd argument ```suggestion exec_process shasum -a 512 "${source_file}" > "${source_file}.sha512" else exec_process "shasum -a 512 ${source_file} > ${source_file}.sha512" ``` ########## releasey/libs/_version.sh: ########## @@ -0,0 +1,176 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# +# Utility functions for version validation and version.txt manipulation +# + +LIBS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +source "$LIBS_DIR/_constants.sh" +source "$LIBS_DIR/_exec.sh" + +function validate_and_extract_branch_version { + # This function validates the format of a release branch version and extracts its components (major.minor). + # It now accepts the major.minor.x format (e.g., "1.1.x") instead of exact version format. + # It returns 0 if the version is valid and sets the global variables major, minor. + # The patch version is not extracted from the branch name as it uses the "x" placeholder. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${BRANCH_VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + # patch is not set from branch name since it uses "x" placeholder + + return 0 +} + +function validate_and_extract_git_tag_version { + # This function validates the format of a git tag version and extracts its components (major.minor.patch and rc number). + # It is similar to validate_and_extract_rc_version, but for git tag format. + # It returns 0 if the version is valid and sets the global variables major, minor, patch, and rc_number. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format without the rc number. + # Otherwise, it returns 1. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX_GIT_TAG} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + rc_number="${BASH_REMATCH[4]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function validate_and_extract_polaris_version { + # This function validates the format of a Polaris version and extracts its components (major.minor.patch). + # It accepts the full version format (e.g., "1.0.0-incubating") and sets the global variables major, minor, patch. + # It also sets the global variable version_without_rc to the "major.minor.patch-incubating" format. + # Returns 0 if the version is valid, 1 otherwise. + local version="$1" + + if [[ ! ${version} =~ ${VERSION_REGEX} ]]; then + return 1 + fi + + major="${BASH_REMATCH[1]}" + minor="${BASH_REMATCH[2]}" + patch="${BASH_REMATCH[3]}" + version_without_rc="${major}.${minor}.${patch}-incubating" + + return 0 +} + +function update_version { + local version="$1" + local current_version=$(cat "$VERSION_FILE") + update_version_txt "${version}" + update_helm_version "${current_version}" "${version}" +} + +function update_version_txt { + local version="$1" + # This function is only there for dry-run support. Because of the + # redirection, we cannot use exec_process with the exact command that will be + # executed. + if [[ ${DRY_RUN:-1} -ne 1 ]]; then + exec_process echo ${version} >$VERSION_FILE + else + exec_process "echo ${version} > $VERSION_FILE" + fi +} + +function update_helm_version { + local old_version="$1" + local new_version="$2" + exec_process sed -i~ "s/${old_version}/${new_version}/g" "$HELM_CHART_YAML_FILE" + exec_process sed -i~ "s/${old_version}/${new_version}/g" "$HELM_README_FILE" + # The readme file may contain version with double dash for shields.io badges + # We need a second `sed` command to ensure that the version replacement preserves this double-dash syntax. + local current_version_with_dash=$(echo "$old_version" | sed 's/-/--/g') + local version_with_dash=$(echo "$version" | sed 's/-/--/g') Review Comment: Nit: simplify ((SC2001)[https://github.com/koalaman/shellcheck/wiki/SC2001]) ```suggestion local current_version_with_dash local version_with_dash current_version_with_dash="$(echo "${old_version//-/--}")" version_with_dash="$(echo "$version//-/--}")" ``` ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + prerequisite-checks: + name: Prerequisite Checks + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + dry_run: ${{ steps.set-outputs.outputs.dry_run }} + git_tag: ${{ steps.validate-tag.outputs.git_tag }} + version_without_rc: ${{ steps.validate-tag.outputs.version_without_rc }} + rc_number: ${{ steps.validate-tag.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + id: set-outputs + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "dry_run=1" >> $GITHUB_OUTPUT + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "dry_run=0" >> $GITHUB_OUTPUT + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Validate release candidate tag + id: validate-tag + run: | + source "${LIBS_DIR}/_version.sh" + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + if ! git_tag=$(git describe --tags --exact-match HEAD 2>/dev/null); then + echo "❌ Current HEAD is not on a release candidate tag. Please checkout a release candidate tag first." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Validate git tag format and extract version components + if ! validate_and_extract_git_tag_version "${git_tag}"; then + echo "❌ Invalid git tag format: \`${git_tag}\`. Expected format: apache-polaris-x.y.z-incubating-rcN." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps and job outputs + echo "git_tag=${git_tag}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + + echo "git_tag=${git_tag}" >> $GITHUB_OUTPUT + echo "version_without_rc=${version_without_rc}" >> $GITHUB_OUTPUT + echo "rc_number=${rc_number}" >> $GITHUB_OUTPUT + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Git tag | \`${git_tag}\` | + | Version | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + EOT + + build-and-publish-artifacts: + name: Build and Publish Release Artifacts + runs-on: ubuntu-latest + needs: prerequisite-checks + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Build source and binary distributions + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew assemble sourceTarball -Prelease -PuseGpgAgent + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Build + Source and binary distributions built successfully + EOT + + - name: Stage artifacts to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" Review Comment: This one worries me, as `exec_process` logs all arguments. I'm not sure how good GH's secrets masking is 🤷 Sadly I couldn't find an easy way to provide SVN the credentials. It doesn't seem to support env vars for this and updating the auth-cache is also not that easy. Mind adding an `exec_process` variant that doesn't log the whole command line but rather a provided string? Something like ``` exec_process2 "Performing svn checkout ..." svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" ``` ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + prerequisite-checks: + name: Prerequisite Checks + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + dry_run: ${{ steps.set-outputs.outputs.dry_run }} + git_tag: ${{ steps.validate-tag.outputs.git_tag }} + version_without_rc: ${{ steps.validate-tag.outputs.version_without_rc }} + rc_number: ${{ steps.validate-tag.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + id: set-outputs + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "dry_run=1" >> $GITHUB_OUTPUT + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "dry_run=0" >> $GITHUB_OUTPUT + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Validate release candidate tag + id: validate-tag + run: | + source "${LIBS_DIR}/_version.sh" + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + if ! git_tag=$(git describe --tags --exact-match HEAD 2>/dev/null); then + echo "❌ Current HEAD is not on a release candidate tag. Please checkout a release candidate tag first." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Validate git tag format and extract version components + if ! validate_and_extract_git_tag_version "${git_tag}"; then + echo "❌ Invalid git tag format: \`${git_tag}\`. Expected format: apache-polaris-x.y.z-incubating-rcN." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps and job outputs + echo "git_tag=${git_tag}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + + echo "git_tag=${git_tag}" >> $GITHUB_OUTPUT + echo "version_without_rc=${version_without_rc}" >> $GITHUB_OUTPUT + echo "rc_number=${rc_number}" >> $GITHUB_OUTPUT + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Git tag | \`${git_tag}\` | + | Version | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + EOT + + build-and-publish-artifacts: + name: Build and Publish Release Artifacts + runs-on: ubuntu-latest + needs: prerequisite-checks + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Build source and binary distributions + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew assemble sourceTarball -Prelease -PuseGpgAgent + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Build + Source and binary distributions built successfully + EOT + + - name: Stage artifacts to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" + + version_dir="${dist_dev_dir}/${version_without_rc}" + exec_process mkdir -p "${version_dir}" + exec_process cp build/distributions/* "${version_dir}/" + exec_process cp runtime/distribution/build/distributions/* "${version_dir}/" + + exec_process cd "${dist_dev_dir}" + exec_process svn add "${version_without_rc}" + + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Stage Apache Polaris ${version_without_rc} RC${rc_number}" Review Comment: Similar here (`exec_process` + credentials) ########## .github/workflows/release-4-publish-release.yml: ########## @@ -0,0 +1,359 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 4 - Publish Release After Vote Success + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + staging_repository_id: + description: 'Nexus staging repository ID to release (e.g., orgapachepolaris-1234)' + required: true + type: string + +jobs: + publish-release: + name: Release - 4 - Publish Release After Vote Success + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + # Fetch full history for proper branch operations + fetch-depth: 0 + # Use a token with write permissions + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure Git + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + # Validate staging repository ID parameter + staging_repo_id="${{ github.event.inputs.staging_repository_id }}" + if [[ -z "${staging_repo_id}" ]]; then + echo "❌ Staging repository ID is required but not provided." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + echo "STAGING_REPOSITORY_ID=${staging_repo_id}" >> $GITHUB_ENV + + echo "## Input Parameters" >> $GITHUB_STEP_SUMMARY + echo "| Parameter | Value |" >> $GITHUB_STEP_SUMMARY + echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY + echo "| Staging Repository ID | \`${staging_repo_id}\` |" >> $GITHUB_STEP_SUMMARY + + - name: Auto-determine release parameters from branch and Git state + run: | + source "${LIBS_DIR}/_version.sh" + + # Get the current branch name + current_branch=$(git branch --show-current) + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + # Validate that we're on a release branch + if [[ ! "${current_branch}" =~ ^release/(.+)$ ]]; then + echo "❌ This workflow must be run from a release branch (release/major.minor.x). Current branch: \`${current_branch}\`." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Extract version from release branch name + branch_version="${BASH_REMATCH[1]}" + + # Validate branch version format and extract components + if ! validate_and_extract_branch_version "${branch_version}"; then + echo "❌ Invalid release branch version format: \`${branch_version}\`. Expected format: major.minor.x." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Find the next patch number for this major.minor version by looking at existing tags + find_next_patch_number "${major}" "${minor}" + next_patch=$((patch)) + latest_patch=$((next_patch - 1)) + + if [[ ${next_patch} -eq 0 ]]; then + echo "❌ No existing tags found for version \`${major}.${minor}.0\`. Expected at least one RC to be created before publishing a release." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Build the version string for the latest existing patch + version_without_rc="${major}.${minor}.${latest_patch}-incubating" + + # Find the latest RC tag for this version + find_next_rc_number "${version_without_rc}" + latest_rc=$((rc_number - 1)) + + if [[ ${latest_rc} -lt 0 ]]; then + echo "❌ No RC tags found for version \`${version_without_rc}\`. Expected at least one RC to be created before publishing a release." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + rc_tag="apache-polaris-${version_without_rc}-rc${latest_rc}" + + # Verify the RC tag exists + if ! git rev-parse "${rc_tag}" >/dev/null 2>&1; then + echo "❌ RC tag \`${rc_tag}\` does not exist in repository." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Create final release tag name + final_release_tag="apache-polaris-${version_without_rc}" + + # Check if final release tag already exists + if git rev-parse "${final_release_tag}" >/dev/null 2>&1; then + echo "❌ Final release tag \`${final_release_tag}\` already exists. This release may have already been published." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_tag=${rc_tag}" >> $GITHUB_ENV + echo "final_release_tag=${final_release_tag}" >> $GITHUB_ENV + echo "release_branch=${current_branch}" >> $GITHUB_ENV + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Version | \`${version_without_rc}\` | + | RC tag to promote | \`${rc_tag}\` | + | Final release tag | \`${final_release_tag}\` | + | Release branch | \`${current_branch}\` | + EOT + + - name: Copy distribution from SVN dev to release space + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + # Define source and destination URLs + dev_artifacts_url="${APACHE_DIST_URL}/dev/incubator/polaris/${version_without_rc}" + release_artifacts_url="${APACHE_DIST_URL}/release/incubator/polaris/${version_without_rc}" + + dev_helm_url="${APACHE_DIST_URL}/dev/incubator/polaris/helm-chart/${version_without_rc}" + release_helm_url="${APACHE_DIST_URL}/release/incubator/polaris/helm-chart/${version_without_rc}" + + exec_process svn mv --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive \ Review Comment: (exec_process / svn creds, as above) and `svn` below ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + prerequisite-checks: + name: Prerequisite Checks + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + dry_run: ${{ steps.set-outputs.outputs.dry_run }} + git_tag: ${{ steps.validate-tag.outputs.git_tag }} + version_without_rc: ${{ steps.validate-tag.outputs.version_without_rc }} + rc_number: ${{ steps.validate-tag.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + id: set-outputs + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "dry_run=1" >> $GITHUB_OUTPUT + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "dry_run=0" >> $GITHUB_OUTPUT + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Validate release candidate tag + id: validate-tag + run: | + source "${LIBS_DIR}/_version.sh" + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + if ! git_tag=$(git describe --tags --exact-match HEAD 2>/dev/null); then + echo "❌ Current HEAD is not on a release candidate tag. Please checkout a release candidate tag first." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Validate git tag format and extract version components + if ! validate_and_extract_git_tag_version "${git_tag}"; then + echo "❌ Invalid git tag format: \`${git_tag}\`. Expected format: apache-polaris-x.y.z-incubating-rcN." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps and job outputs + echo "git_tag=${git_tag}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + + echo "git_tag=${git_tag}" >> $GITHUB_OUTPUT + echo "version_without_rc=${version_without_rc}" >> $GITHUB_OUTPUT + echo "rc_number=${rc_number}" >> $GITHUB_OUTPUT + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Git tag | \`${git_tag}\` | + | Version | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + EOT + + build-and-publish-artifacts: + name: Build and Publish Release Artifacts + runs-on: ubuntu-latest + needs: prerequisite-checks + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Build source and binary distributions + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew assemble sourceTarball -Prelease -PuseGpgAgent + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Build + Source and binary distributions built successfully + EOT + + - name: Stage artifacts to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" + + version_dir="${dist_dev_dir}/${version_without_rc}" + exec_process mkdir -p "${version_dir}" + exec_process cp build/distributions/* "${version_dir}/" + exec_process cp runtime/distribution/build/distributions/* "${version_dir}/" + + exec_process cd "${dist_dev_dir}" + exec_process svn add "${version_without_rc}" + + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Stage Apache Polaris ${version_without_rc} RC${rc_number}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Staging to dist dev + Artifacts staged to Apache dist dev repository + EOT + + - name: Publish and close Apache Nexus staging repository + env: + ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.APACHE_USERNAME }} + ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_exec.sh" + + # Publish artifacts to staging repository + exec_process ./gradlew publishToApache closeApacheStagingRepository -Prelease -PuseGpgAgent --info > gradle_publish_output.txt 2>&1 + + # Extract staging repository ID and URL from Gradle output + staging_repo_id="" + staging_repo_url="" + + # Look for staging repository ID in the output + if grep -q "Created staging repository" gradle_publish_output.txt; then + staging_repo_id=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\1/") + staging_repo_url=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\2/") + fi + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Nexus Staging Repository + Artifacts published and staging repository closed successfully + + | Property | Value | + | --- | --- | + | Staging Repository ID | \`${staging_repo_id:-"Not extracted"}\` | + | Staging Repository URL | ${staging_repo_url:-"Not extracted"} | + + ## Summary + 🎉 Artifacts built and published successfully: + + | Operation | Status | + | --- | --- | + | Build source and binary distributions | ✅ | + | Stage artifacts to Apache dist dev repository | ✅ | + | Stage artifacts to Apache Nexus staging repository | ✅ | + | Close Nexus staging repository | ✅ | + EOT + + build-docker: + name: Build Docker Images + runs-on: ubuntu-latest + needs: [prerequisite-checks, build-and-publish-artifacts] + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Build Polaris Server Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-server:assemble :polaris-server:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" + + - name: Build Polaris Admin Tool Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-admin:assemble :polaris-admin:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" Review Comment: ```suggestion -Dquarkus.container-image.tag="${version}" ``` ? ########## .github/workflows/release-4-publish-release.yml: ########## @@ -0,0 +1,359 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 4 - Publish Release After Vote Success + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + staging_repository_id: + description: 'Nexus staging repository ID to release (e.g., orgapachepolaris-1234)' + required: true + type: string Review Comment: For the future: I think we could store the staging repo ID as a separate file in SVN and read it in this workflow. WDYT? ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + prerequisite-checks: + name: Prerequisite Checks + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + dry_run: ${{ steps.set-outputs.outputs.dry_run }} + git_tag: ${{ steps.validate-tag.outputs.git_tag }} + version_without_rc: ${{ steps.validate-tag.outputs.version_without_rc }} + rc_number: ${{ steps.validate-tag.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + id: set-outputs + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "dry_run=1" >> $GITHUB_OUTPUT + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "dry_run=0" >> $GITHUB_OUTPUT + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Validate release candidate tag + id: validate-tag + run: | + source "${LIBS_DIR}/_version.sh" + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + if ! git_tag=$(git describe --tags --exact-match HEAD 2>/dev/null); then + echo "❌ Current HEAD is not on a release candidate tag. Please checkout a release candidate tag first." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Validate git tag format and extract version components + if ! validate_and_extract_git_tag_version "${git_tag}"; then + echo "❌ Invalid git tag format: \`${git_tag}\`. Expected format: apache-polaris-x.y.z-incubating-rcN." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps and job outputs + echo "git_tag=${git_tag}" >> $GITHUB_ENV + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_number=${rc_number}" >> $GITHUB_ENV + + echo "git_tag=${git_tag}" >> $GITHUB_OUTPUT + echo "version_without_rc=${version_without_rc}" >> $GITHUB_OUTPUT + echo "rc_number=${rc_number}" >> $GITHUB_OUTPUT + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Git tag | \`${git_tag}\` | + | Version | \`${version_without_rc}\` | + | RC number | \`${rc_number}\` | + EOT + + build-and-publish-artifacts: + name: Build and Publish Release Artifacts + runs-on: ubuntu-latest + needs: prerequisite-checks + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Build source and binary distributions + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew assemble sourceTarball -Prelease -PuseGpgAgent + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Build + Source and binary distributions built successfully + EOT + + - name: Stage artifacts to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" + + version_dir="${dist_dev_dir}/${version_without_rc}" + exec_process mkdir -p "${version_dir}" + exec_process cp build/distributions/* "${version_dir}/" + exec_process cp runtime/distribution/build/distributions/* "${version_dir}/" + + exec_process cd "${dist_dev_dir}" + exec_process svn add "${version_without_rc}" + + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Stage Apache Polaris ${version_without_rc} RC${rc_number}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Staging to dist dev + Artifacts staged to Apache dist dev repository + EOT + + - name: Publish and close Apache Nexus staging repository + env: + ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.APACHE_USERNAME }} + ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_exec.sh" + + # Publish artifacts to staging repository + exec_process ./gradlew publishToApache closeApacheStagingRepository -Prelease -PuseGpgAgent --info > gradle_publish_output.txt 2>&1 + + # Extract staging repository ID and URL from Gradle output + staging_repo_id="" + staging_repo_url="" + + # Look for staging repository ID in the output + if grep -q "Created staging repository" gradle_publish_output.txt; then + staging_repo_id=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\1/") + staging_repo_url=$(grep "Created staging repository" gradle_publish_output.txt | sed --regexp-extended "s/^Created staging repository .([a-z0-9-]+). at (.*)/\2/") + fi + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Nexus Staging Repository + Artifacts published and staging repository closed successfully + + | Property | Value | + | --- | --- | + | Staging Repository ID | \`${staging_repo_id:-"Not extracted"}\` | + | Staging Repository URL | ${staging_repo_url:-"Not extracted"} | + + ## Summary + 🎉 Artifacts built and published successfully: + + | Operation | Status | + | --- | --- | + | Build source and binary distributions | ✅ | + | Stage artifacts to Apache dist dev repository | ✅ | + | Stage artifacts to Apache Nexus staging repository | ✅ | + | Close Nexus staging repository | ✅ | + EOT + + build-docker: + name: Build Docker Images + runs-on: ubuntu-latest + needs: [prerequisite-checks, build-and-publish-artifacts] + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Build Polaris Server Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-server:assemble :polaris-server:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" + + - name: Build Polaris Admin Tool Docker image + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-admin:assemble :polaris-admin:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=false \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${git_tag}" + + echo "## Docker Images Summary" >> $GITHUB_STEP_SUMMARY + cat <<EOT >> $GITHUB_STEP_SUMMARY + 🎉 Docker images built successfully: + + | Component | Status | + | --- | --- | + | Polaris Server Docker image | ✅ Built | + | Polaris Admin Tool Docker image | ✅ Built | + EOT + + build-and-stage-helm-chart: + name: Build and Stage Helm Chart + runs-on: ubuntu-latest + needs: [prerequisite-checks, build-docker] + permissions: + contents: read + env: + DRY_RUN: ${{ needs.prerequisite-checks.outputs.dry_run }} + git_tag: ${{ needs.prerequisite-checks.outputs.git_tag }} + version_without_rc: ${{ needs.prerequisite-checks.outputs.version_without_rc }} + rc_number: ${{ needs.prerequisite-checks.outputs.rc_number }} + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 + with: + version: 'latest' + + - name: Install Helm GPG plugin + run: | + helm plugin install https://github.com/technosophos/helm-gpg || true + helm plugin list + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Create Helm package + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process cd helm + exec_process helm package polaris + exec_process helm gpg sign polaris-${version_without_rc}.tgz + calculate_sha512 polaris-${version_without_rc}.tgz polaris-${version_without_rc}.tgz.sha512 + exec_process gpg --armor --output polaris-${version_without_rc}.tgz.asc --detach-sig polaris-${version_without_rc}.tgz + calculate_sha512 polaris-${version_without_rc}.tgz.prov polaris-${version_without_rc}.tgz.prov.sha512 + exec_process gpg --armor --output polaris-${version_without_rc}.tgz.prov.asc --detach-sig polaris-${version_without_rc}.tgz.prov + + - name: Stage Helm chart to Apache dist dev repository + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + dist_dev_dir=${RELEASEY_DIR}/polaris-dist-dev + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${APACHE_DIST_URL}${APACHE_DIST_PATH}" "${dist_dev_dir}" + + exec_process mkdir -p "${dist_dev_dir}/helm-chart/${version_without_rc}" + exec_process cp helm/polaris-${version_without_rc}.tgz* "${dist_dev_dir}/helm-chart/${version_without_rc}/" + + exec_process cd "${dist_dev_dir}/helm-chart" + exec_process helm repo index . + + exec_process cd "${dist_dev_dir}" + exec_process svn add "helm-chart/${version_without_rc}" + + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Stage Apache Polaris Helm chart ${version_without_rc} RC${rc_number}" Review Comment: (similar svn/credentials as above) ########## .github/workflows/release-3-build-and-publish-artifacts.yml: ########## @@ -0,0 +1,357 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 3 - Build and Publish Release Artifacts + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: Review Comment: Mind adding a final job (maybe in a follow-up) to print the proposed `[VOTE]` email subject and content? ########## .github/workflows/release-1-create-release-branch.yml: ########## @@ -0,0 +1,119 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 1 - Create Release Branch + +on: + workflow_dispatch: + inputs: + version: + description: 'Release version without RC number (e.g., 1.0.0-incubating)' + required: true + type: string + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + create-release-branch: + name: Release - 1 - Create Release Branch + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + # Fetch full history for proper branch operations + fetch-depth: 0 + # Use a token with write permissions + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + Review Comment: Nit: Mind adding this to all jobs that may pull Docker images to use GH's docker.io mirror? ``` - name: Setup test environment uses: ./.github/actions/setup-test-env ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
