Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add automatic signing and uploading releases #414

Draft
wants to merge 19 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 1 addition & 23 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -1,14 +1,5 @@
root = true

[.editorconfig]
charset = utf-8
end_of_line = lf
indent_size = 4
indent_style = tab
insert_final_newline = true
tab_width = 4
trim_trailing_whitespace = true

[*]
charset = utf-8
end_of_line = lf
Expand All @@ -18,20 +9,7 @@ insert_final_newline = true
tab_width = 4
trim_trailing_whitespace = true

[*.sh]
charset = utf-8
end_of_line = lf
indent_size = 2
indent_style = space
insert_final_newline = true
tab_width = 2
trim_trailing_whitespace = true

[CMakeLists.txt]
charset = utf-8
end_of_line = lf
[{*.sh,*.yml,CMakeLists.txt}]
indent_size = 2
indent_style = space
insert_final_newline = true
tab_width = 2
trim_trailing_whitespace = true
97 changes: 97 additions & 0 deletions .github/generate-email.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# Enable strict mode
set -euo pipefail
IFS=$'\n\t'

stderr() {
echo "$*" 1>&2
}

fail_for_invalid_args() {
stderr "Invalid arguments!"
stderr "Expected arguments: <vote|announce> <version> <commitId>"
exit 1
}

# Check arguments
[ $# -ne 3 ] && fail_for_invalid_args

# Constants
PROJECT_NAME="Apache Log4cxx"
PROJECT_ID="log4cxx"
PROJECT_VERSION="$2"
PROJECT_SITE="https://logging.apache.org/$PROJECT_ID"
PROJECT_STAGING_SITE="${PROJECT_SITE/apache.org/staged.apache.org}"
PROJECT_REPO="https://github.com/apache/logging-log4cxx"
COMMIT_ID="$3"
PROJECT_DIST_URL="https://dist.apache.org/repos/dist/dev/logging/$PROJECT_ID/$PROJECT_VERSION"

case $1 in

vote)
cat <<EOF
To: [email protected]
Title: [VOTE] Release $PROJECT_NAME \`$PROJECT_VERSION\`

This is a vote to release the $PROJECT_NAME \`$PROJECT_VERSION\`.

Website: $PROJECT_STAGING_SITE/$PROJECT_VERSION/index.html
GitHub: $PROJECT_REPO
Commit: $COMMIT_ID
Distribution: $PROJECT_DIST_URL
Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0
Review kit: https://logging.apache.org/logging-parent/release-review-instructions.html
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reviewer should confirm the uploaded source code is not corrupt and
is identical to the package generated by the Github action.

This is what I have put in the review kit I created


Please download, test, and cast your votes on this mailing list.

[ ] +1, release the artifacts
[ ] -1, don't release, because...

This vote is open for 72 hours and will pass unless getting a
net negative vote count. All votes are welcome and we encourage
everyone to test the release, but only the Logging Services PMC
votes are officially counted. At least 3 +1 votes and more
positive than negative votes are required.

== Release Notes
EOF
;;

announce)
cat <<EOF
To: [email protected], [email protected]
Title: [ANNOUNCE] $PROJECT_NAME \`$PROJECT_VERSION\` released

${PROJECT_NAME} team is pleased to announce the \`$PROJECT_VERSION\`
release. ${PROJECT_NAME} is a versatile, industrial-strength
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Apache ${PROJECT_NAME} is a logging framework for C++"

Java logging framework composed of an API, its implementation,
and components to assist the deployment for various use cases.
For further information (support, download, etc.) see the project
website[1].

[1] $PROJECT_SITE/2.x/index.html

== Release Notes
EOF
;;

*) fail_for_invalid_args

esac
209 changes: 166 additions & 43 deletions .github/workflows/package_code.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
Expand All @@ -12,58 +13,180 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: Generate release files

on:
workflow_dispatch:
Copy link
Contributor

@swebb2066 swebb2066 Oct 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that running an action on tag assignment is possible.

We could perform this action GITHUB_REF matches v[0-9].[0-9].[0-9]-RC[0-9]

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In Log4j we run the release action on each push to a release/<version> branch. Would that be an option for Log4cxx?

The advantage of making a branch vs a tag is that we don't stall a release if the main branch receives new commits.

inputs:
project-version:
description: The version of Log4cxx
default: 1.3.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add
release-candidate:
description: The tag suffix (a number) appended to "v${{project-version}}-RC"
required: true

Rational: Preparing a release begins with the assignment of a tag. (e.g. I have already assigned v1.3.0-RC1 )

push:
branches:
- master
# pull_request:
# branches:
# - master

permissions: read-all

jobs:
job1:
name: 'Package code for release'
runs-on: ubuntu-20.04
timeout-minutes: 38

package:
name: Package code
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # 4.2.1
with:
persist-credentials: false # do not persist auth token in the local git config
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add ref: v${{project-version}}-RC${{release-candidate}

Rational: Preparing a release begins with the assignment of a tag. (e.g. I have already assigned v1.3.0-RC1 )


- name: Create release files
shell: bash
run: ./package.sh

- name: Upload artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # 4.4.3
if: always()
with:
name: apache-log4cxx
path: CMakeFiles/dist/*

verify-reproducibility:
name: Verify reproducibility
needs: package
runs-on: ${{ matrix.os }}

strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]

steps:
- uses: actions/checkout@v4
with:
persist-credentials: false # do not persist auth token in the local git config
path: clean-checkout

# Consider using CPack when it supports a white-list for included files
# - name: 'Install minimum dependencies'
# run: |
# sudo apt-get install -y libapr1-dev libaprutil1-dev
#
# - name: 'Create release files'
# run: |
# cmake -B package -S clean-checkout -DAPACHE_MAINTAINER=yes -DCPACK_PACKAGE_DIRECTORY=`pwd`
# cmake --build package --target dist
#
- name: 'Create release files'
run: |
cd clean-checkout
rm -r src/main/abi-symbols
VERSION=`grep 'set(log4cxx_VER ' src/cmake/projectVersionDetails.cmake|sed -Ee 's/.*log4cxx_VER ([0-9]*)\.([0-9]*)\.([0-9]*).*/\1.\2.\3/'`
tar -zcf "../apache-log4cxx-$VERSION.tar.gz" "--transform=s,^,apache-log4cxx-$VERSION/," INSTALL LICENSE NOTICE README.md CMakeLists.txt src liblog4cxx.pc.in liblog4cxx-qt.pc.in KEYS
cd ..
sha512sum "apache-log4cxx-$VERSION.tar.gz" > "apache-log4cxx-$VERSION.tar.gz.sha512"
sha256sum "apache-log4cxx-$VERSION.tar.gz" > "apache-log4cxx-$VERSION.tar.gz.sha256"
tar xf "apache-log4cxx-$VERSION.tar.gz"
zip -rm "apache-log4cxx-$VERSION.zip" apache-log4cxx-$VERSION
sha512sum "apache-log4cxx-$VERSION.zip" > "apache-log4cxx-$VERSION.zip.sha512"
sha256sum "apache-log4cxx-$VERSION.zip" > "apache-log4cxx-$VERSION.zip.sha256"

- uses: actions/upload-artifact@v4
if: always()
with:
name: 'Upload release files'
path: |
apache-log4cxx-*
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # 4.2.1
with:
persist-credentials: false # do not persist auth token in the local git config

- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8
with:
name: apache-log4cxx
path: CMakeFiles/reference

- name: Check release files
id: check
shell: bash
run: |
./package.sh
VERSION=$(sed -n -e "s/^set(log4cxx_VER \(.*\)\.[[:digit:]]\+)/\1/p" < src/cmake/projectVersionDetails.cmake)
current=CMakeFiles/dist/apache-log4cxx-$VERSION
reference=CMakeFiles/reference/apache-log4cxx-$VERSION
for format in tar.gz zip; do
if ! cmp --silent "$reference.$format" "$current.$format"; then
echo Files apache-log4cxx-$VERSION.$format differ\! >& 2
exit 1
fi
done

- name: Upload reproducibility results
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # 4.4.3
if: ${{ failure() && steps.check.conclusion == 'failure' }}
with:
name: apache-log4cxx-reproducibility-${{ matrix.os }}
path: CMakeFiles/dist/*

sign-and-upload:
name: Sign and upload
if: ${{ github.event_name == 'workflow_dispatch' }}
needs:
- package
- verify-reproducibility
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # 4.2.1
with:
persist-credentials: false # do not persist auth token in the local git config

- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8
with:
name: apache-log4cxx

- name: Setup GPG
# uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # 6.1.0
# with:
# gpg_private_key: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
# Using `setup-java` as temporary workaround, since `crazy-max` is not authorized
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # 3.7.0
with:
distribution: temurin
java-version: 17
gpg-private-key: ${{ secrets.LOGGING_GPG_SECRET_KEY }}

- name: Check files and sign
env:
PROJECT_VERSION: ${{ inputs.project-version }}
shell: bash
run: |
for format in tar.gz zip; do
tmp=(apache-log4cxx-*.$format)
name="${tmp[@]}"
version=$(echo "$name" | sed -e "s/apache-log4cxx-\(.*\)\.$format/\1/")
if [ "$PROJECT_VERSION" != "$version" ]; then
echo Unexpected version number for file "$name" >& 2
exit 1
fi
sha256sum -c "$name.sha256"
sha512sum -c "$name.sha512"
# Sign
gpg --armor --detach-sign --yes --pinentry-mode error "$name"
done

- name: Upload to Subversion
shell: bash
env:
DIST_FILENAME_PREFIX: apache-log4cxx
DIST_FILENAME_VERSIONED_PREFIX: apache-log4cxx-${{ inputs.project-version }}
PROJECT_ID: log4cxx
PROJECT_VERSION: ${{ inputs.project-version }}
SVN_USERNAME: ${{ secrets.LOGGING_SVN_DEV_USERNAME }}
SVN_PASSWORD: ${{ secrets.LOGGING_SVN_DEV_PASSWORD }}
run: |
# Find the effective Git commit ID
export COMMIT_ID="$GITHUB_SHA"

# Checkout the SVN repository
export SVN_DIR="$(mktemp -d)/svn-repo"
svn co \
"https://dist.apache.org/repos/dist/dev/logging/$PROJECT_ID" \
"$SVN_DIR"
cd "$SVN_DIR"

# Switch to the distribution folder
[ -d "$PROJECT_VERSION" ] || {
mkdir "$PROJECT_VERSION"
svn add "$PROJECT_VERSION"
}
cd "$PROJECT_VERSION"

# Clean up old files
find . -name "${DIST_FILENAME_PREFIX}*" -type f -print0 | xargs -0 -r svn delete

# Generate emails
for EMAIL_TYPE in vote announce; do
"$GITHUB_WORKSPACE/.github/generate-email.sh" \
"$EMAIL_TYPE" "$PROJECT_VERSION" "$COMMIT_ID" \
> "${DIST_FILENAME_VERSIONED_PREFIX}-email-${EMAIL_TYPE}.txt"
done

# Copy the distribution
cp "$GITHUB_WORKSPACE/$DIST_FILENAME_VERSIONED_PREFIX"* .

# Add & commit changes
svn add "$DIST_FILENAME_PREFIX"*
svn commit \
--username "$SVN_USERNAME" \
--password "$SVN_PASSWORD" \
-m "Added \`${DIST_FILENAME_PREFIX}\` artifacts for release \`${PROJECT_VERSION}\`"
Loading
Loading