snazy commented on code in PR #2824: URL: https://github.com/apache/polaris/pull/2824#discussion_r2549099946
########## tools/verify-release/verify-release.sh: ########## @@ -0,0 +1,534 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +set -e + +maven_repo_url_prefix="https://repository.apache.org/content/repositories/orgapachepolaris-"; + +function usage() { + cat << ! > /dev/stderr + +Apache Polaris release candidate verification tool. + +Usage: $0 [options] + + Mandatory options: + -s | --git-sha | --sha <GIT_SHA> Git commit (full, not abbreviated) + Example: b7188a07511935e7c9c64128dc047107c26f97f6 + -v | --version <version> Release version (without RC and 'incubating') + Example: 1.2.0 + -r | --rc <rc-number> RC number (without a leading 'rc') + Example: 1 + -m | --maven-repo-id <staging-ID> Staging Maven repository staging ID + Example: 1032 + This will be prefixed with ${maven_repo_url_prefix} + + Optional arguments: + -k | --keep-temp-dir Keep the temporary directory (default is to purge it once the script exits) + -h | --help Show usage information (exits early) + + +Full example for RC1 of 1.2.0, staging repo ID 1032. + ./verify-release.sh -s b7188a07511935e7c9c64128dc047107c26f97f6 -v 1.2.0 -r 1 -m 1032 +! +} + +git_sha="" +version="" +rc_num="" +maven_repo_id="" +keep_temp_dir=0 + +while [[ $# -gt 0 ]]; do + arg="$1" + case "$arg" in + -s | --git-sha | --sha) + git_sha="$2" + shift + ;; + -v | --version) + version="$2" + shift + ;; + -r | --rc) + rc_num="$2" + shift + ;; + -m | --maven-repo-id) + maven_repo_id="$2" + shift + ;; + -h | --help) + usage + exit 0 + ;; + -k | --keep-temp-dir) + keep_temp_dir=1 + ;; + esac + shift +done + +RED='\033[0;31m' +ORANGE='\033[0;33m' +RESET='\033[m' + +run_id="polaris-release-verify-$(date "+%Y-%m-%d-%k-%M-%S")" +temp_dir="$(mktemp --tmpdir --directory "${run_id}-XXXXXXXXX")" +function purge_temp_dir { + if [[ $keep_temp_dir -eq 0 ]] ; then + echo "Purging ${temp_dir}..." + rm -rf "${temp_dir}" + else + echo "Leaving ${temp_dir} around, you may want to purge it." + fi +} +trap purge_temp_dir EXIT + +dist_dir="${temp_dir}/dist" +helm_dir="${temp_dir}/helm" +helm_work_dir="${temp_dir}/helm_work" +worktree_dir="${temp_dir}/worktree" +maven_repo_dir="${temp_dir}/maven-repo" +maven_local_dir="${temp_dir}/maven-local" +keys_file="${temp_dir}/KEYS" +gpg_keyring="${temp_dir}/keyring.gpg" + +failures_file="$(pwd)/${run_id}.log" + +dist_url_prefix="https://dist.apache.org/repos/dist/dev/incubator/polaris/"; +keys_file_url="https://downloads.apache.org/incubator/polaris/KEYS"; + +version_full="${version}-incubating" +git_tag_full="apache-polaris-${version_full}-rc${rc_num}" + +GITHUB=0 +[[ -n ${GITHUB_ENV} ]] && GITHUB=1 + +# Common excludes for "find' +find_excludes=( + # Exclude GPG signatures and checksums + '!' '-name' '*.asc' + '!' '-name' '*.md5' + '!' '-name' '*.sha1' + '!' '-name' '*.sha256' + '!' '-name' '*.sha512' + # file with that name is created by wget when mirroring from 'dist' + '!' '-name' "${version_full}" + # ignore Maven repository metadata + '!' '-name' 'maven-metadata*.xml' + '!' '-name' 'archetype-catalog.xml' +) + +dist_url="${dist_url_prefix}${version_full}" +helm_url="${dist_url_prefix}helm-chart/${version_full}" +maven_repo_url="${maven_repo_url_prefix}${maven_repo_id}/" + +function log_part_start { + local heading + local separator + heading="${*}" + [ ${GITHUB} == 1 ] && echo "::group::$heading" + echo "" + # shellcheck disable=SC2046 + separator="--$(printf -- '-%0.s' $(eval "echo {1..${#heading}}"))--" + echo "${separator}" + echo " ${heading}" + echo "${separator}" +} + +function log_part_end { + [ ${GITHUB} == 1 ] && echo "::endgroup::" + echo "" +} + +function log_fatal { + echo -n -e "${RED}" + echo -n "$1" + echo -e "${RESET}" + echo "" >> "${failures_file}" + for i in "${@}"; do + echo "$i" >> "${failures_file}" + done +} + +function log_warn { + echo -ne "${ORANGE}" + echo -n "$1" + echo -e "${RESET}" +} + +function log_info { + echo "$1" +} + +# Executes a process and captures a fatal error if the process did not complete successfully. +# The full output of the process execution will be logged in the FAILURES file, but not printed to the console. +# First argument: log message for 'log_fatal' +# Following arguments: process arguments +function proc_exec { + local err_msg + local output + err_msg=$1 + shift + output=() + IFS=$'\n' read -r -d '' -a output < <( "${@}" 2>&1 && printf '\0' ) || ( + log_fatal "${err_msg}" "${output[@]}" + return 1 + ) +} + +function mirror { + local url + local dir + local cut + local wget_executable + url="$1" + dir="$2" + cut="$3" + wget_executable="wget" + # Prefer wget2 as it allows parallel downloads (wget does not) + (which wget2 > /dev/null) && wget_executable="wget2 --max-threads=8" + log_part_start "Mirroring $url, this may take a while..." + mkdir -p "${dir}" + (cd "${dir}" ; ${wget_executable} \ + --no-parent \ + --no-verbose \ + --no-host-directories \ + --mirror \ + -e robots=off \ + --cut-dirs="${cut}" \ + "${url}/") + # Nuke the directory listings (index.html from server) and robots.txt... + # (only wget2 downloads the robots.txt :( ) + find "${dir}" \( -name index.html -o -name robots.txt \) -exec rm {} + + find "${dir}" -name "*.prov" | while read -r helmProv; do Review Comment: Oh, this is a workaround for wget2. A nasty one: ``` # The following is a hack for wget2, which behaves a bit different than wget. # If the server returns `Content-Type: application/x-gzip`, the file is stored gzipped, # although it's "plain text". Leaving it as gzip breaks signature + checksum tests. ``` Added the comment for clarification. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
