-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add automatic signing and uploading releases #414
base: master
Are you sure you want to change the base?
Changes from all commits
eeec2e2
fb4ef79
9ef7d73
ef8a22a
4a8266a
be35669
1c85ca3
55effa8
73c322e
c8d78b1
b7ee61c
e0a6b0c
ccec187
f8cf184
45f8768
b910c1f
4b59cd3
b095f9b
b1dfdf2
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
#!/bin/bash | ||
# | ||
# Licensed to the Apache Software Foundation (ASF) under one or more | ||
# contributor license agreements. See the NOTICE file distributed with | ||
# this work for additional information regarding copyright ownership. | ||
# The ASF licenses this file to you under the Apache License, Version 2.0 | ||
# (the "License"); you may not use this file except in compliance with | ||
# the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
# | ||
|
||
# Enable strict mode | ||
set -euo pipefail | ||
IFS=$'\n\t' | ||
|
||
stderr() { | ||
echo "$*" 1>&2 | ||
} | ||
|
||
fail_for_invalid_args() { | ||
stderr "Invalid arguments!" | ||
stderr "Expected arguments: <vote|announce> <version> <commitId>" | ||
exit 1 | ||
} | ||
|
||
# Check arguments | ||
[ $# -ne 3 ] && fail_for_invalid_args | ||
|
||
# Constants | ||
PROJECT_NAME="Apache Log4cxx" | ||
PROJECT_ID="log4cxx" | ||
PROJECT_VERSION="$2" | ||
PROJECT_SITE="https://logging.apache.org/$PROJECT_ID" | ||
PROJECT_STAGING_SITE="${PROJECT_SITE/apache.org/staged.apache.org}" | ||
PROJECT_REPO="https://github.com/apache/logging-log4cxx" | ||
COMMIT_ID="$3" | ||
PROJECT_DIST_URL="https://dist.apache.org/repos/dist/dev/logging/$PROJECT_ID/$PROJECT_VERSION" | ||
|
||
case $1 in | ||
|
||
vote) | ||
cat <<EOF | ||
To: [email protected] | ||
Title: [VOTE] Release $PROJECT_NAME \`$PROJECT_VERSION\` | ||
|
||
This is a vote to release the $PROJECT_NAME \`$PROJECT_VERSION\`. | ||
|
||
Website: $PROJECT_STAGING_SITE/$PROJECT_VERSION/index.html | ||
GitHub: $PROJECT_REPO | ||
Commit: $COMMIT_ID | ||
Distribution: $PROJECT_DIST_URL | ||
Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 | ||
Review kit: https://logging.apache.org/logging-parent/release-review-instructions.html | ||
|
||
Please download, test, and cast your votes on this mailing list. | ||
|
||
[ ] +1, release the artifacts | ||
[ ] -1, don't release, because... | ||
|
||
This vote is open for 72 hours and will pass unless getting a | ||
net negative vote count. All votes are welcome and we encourage | ||
everyone to test the release, but only the Logging Services PMC | ||
votes are officially counted. At least 3 +1 votes and more | ||
positive than negative votes are required. | ||
|
||
== Release Notes | ||
EOF | ||
;; | ||
|
||
announce) | ||
cat <<EOF | ||
To: [email protected], [email protected] | ||
Title: [ANNOUNCE] $PROJECT_NAME \`$PROJECT_VERSION\` released | ||
|
||
${PROJECT_NAME} team is pleased to announce the \`$PROJECT_VERSION\` | ||
release. ${PROJECT_NAME} is a versatile, industrial-strength | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "Apache ${PROJECT_NAME} is a logging framework for C++" |
||
Java logging framework composed of an API, its implementation, | ||
and components to assist the deployment for various use cases. | ||
For further information (support, download, etc.) see the project | ||
website[1]. | ||
|
||
[1] $PROJECT_SITE/2.x/index.html | ||
|
||
== Release Notes | ||
EOF | ||
;; | ||
|
||
*) fail_for_invalid_args | ||
|
||
esac |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,8 @@ | ||
# | ||
# Licensed to the Apache Software Foundation (ASF) under one or more | ||
# contributor license agreements. See the NOTICE file distributed with | ||
# this work for additional information regarding copyright ownership. | ||
# The ASF licenses this file to You under the Apache License, Version 2.0 | ||
# The ASF licenses this file to you under the Apache License, Version 2.0 | ||
# (the "License"); you may not use this file except in compliance with | ||
# the License. You may obtain a copy of the License at | ||
# | ||
|
@@ -12,58 +13,180 @@ | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
# | ||
name: Generate release files | ||
|
||
on: | ||
workflow_dispatch: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I see that running an action on tag assignment is possible. We could perform this action GITHUB_REF matches v[0-9].[0-9].[0-9]-RC[0-9] There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In Log4j we run the release action on each push to a The advantage of making a branch vs a tag is that we don't stall a release if the main branch receives new commits. |
||
inputs: | ||
project-version: | ||
description: The version of Log4cxx | ||
default: 1.3.0 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Add Rational: Preparing a release begins with the assignment of a tag. (e.g. I have already assigned v1.3.0-RC1 ) |
||
push: | ||
branches: | ||
- master | ||
# pull_request: | ||
# branches: | ||
# - master | ||
|
||
permissions: read-all | ||
|
||
jobs: | ||
job1: | ||
name: 'Package code for release' | ||
runs-on: ubuntu-20.04 | ||
timeout-minutes: 38 | ||
|
||
package: | ||
name: Package code | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # 4.2.1 | ||
with: | ||
persist-credentials: false # do not persist auth token in the local git config | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Add ref: v${{project-version}}-RC${{release-candidate} Rational: Preparing a release begins with the assignment of a tag. (e.g. I have already assigned v1.3.0-RC1 ) |
||
|
||
- name: Create release files | ||
shell: bash | ||
run: ./package.sh | ||
|
||
- name: Upload artifacts | ||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # 4.4.3 | ||
if: always() | ||
with: | ||
name: apache-log4cxx | ||
path: CMakeFiles/dist/* | ||
|
||
verify-reproducibility: | ||
name: Verify reproducibility | ||
needs: package | ||
runs-on: ${{ matrix.os }} | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
os: [ ubuntu-latest ] | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
persist-credentials: false # do not persist auth token in the local git config | ||
path: clean-checkout | ||
|
||
# Consider using CPack when it supports a white-list for included files | ||
# - name: 'Install minimum dependencies' | ||
# run: | | ||
# sudo apt-get install -y libapr1-dev libaprutil1-dev | ||
# | ||
# - name: 'Create release files' | ||
# run: | | ||
# cmake -B package -S clean-checkout -DAPACHE_MAINTAINER=yes -DCPACK_PACKAGE_DIRECTORY=`pwd` | ||
# cmake --build package --target dist | ||
# | ||
- name: 'Create release files' | ||
run: | | ||
cd clean-checkout | ||
rm -r src/main/abi-symbols | ||
VERSION=`grep 'set(log4cxx_VER ' src/cmake/projectVersionDetails.cmake|sed -Ee 's/.*log4cxx_VER ([0-9]*)\.([0-9]*)\.([0-9]*).*/\1.\2.\3/'` | ||
tar -zcf "../apache-log4cxx-$VERSION.tar.gz" "--transform=s,^,apache-log4cxx-$VERSION/," INSTALL LICENSE NOTICE README.md CMakeLists.txt src liblog4cxx.pc.in liblog4cxx-qt.pc.in KEYS | ||
cd .. | ||
sha512sum "apache-log4cxx-$VERSION.tar.gz" > "apache-log4cxx-$VERSION.tar.gz.sha512" | ||
sha256sum "apache-log4cxx-$VERSION.tar.gz" > "apache-log4cxx-$VERSION.tar.gz.sha256" | ||
tar xf "apache-log4cxx-$VERSION.tar.gz" | ||
zip -rm "apache-log4cxx-$VERSION.zip" apache-log4cxx-$VERSION | ||
sha512sum "apache-log4cxx-$VERSION.zip" > "apache-log4cxx-$VERSION.zip.sha512" | ||
sha256sum "apache-log4cxx-$VERSION.zip" > "apache-log4cxx-$VERSION.zip.sha256" | ||
|
||
- uses: actions/upload-artifact@v4 | ||
if: always() | ||
with: | ||
name: 'Upload release files' | ||
path: | | ||
apache-log4cxx-* | ||
- name: Checkout repository | ||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # 4.2.1 | ||
with: | ||
persist-credentials: false # do not persist auth token in the local git config | ||
|
||
- name: Download artifacts | ||
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 | ||
with: | ||
name: apache-log4cxx | ||
path: CMakeFiles/reference | ||
|
||
- name: Check release files | ||
id: check | ||
shell: bash | ||
run: | | ||
./package.sh | ||
VERSION=$(sed -n -e "s/^set(log4cxx_VER \(.*\)\.[[:digit:]]\+)/\1/p" < src/cmake/projectVersionDetails.cmake) | ||
current=CMakeFiles/dist/apache-log4cxx-$VERSION | ||
reference=CMakeFiles/reference/apache-log4cxx-$VERSION | ||
for format in tar.gz zip; do | ||
if ! cmp --silent "$reference.$format" "$current.$format"; then | ||
echo Files apache-log4cxx-$VERSION.$format differ\! >& 2 | ||
exit 1 | ||
fi | ||
done | ||
|
||
- name: Upload reproducibility results | ||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # 4.4.3 | ||
if: ${{ failure() && steps.check.conclusion == 'failure' }} | ||
with: | ||
name: apache-log4cxx-reproducibility-${{ matrix.os }} | ||
path: CMakeFiles/dist/* | ||
|
||
sign-and-upload: | ||
name: Sign and upload | ||
if: ${{ github.event_name == 'workflow_dispatch' }} | ||
needs: | ||
- package | ||
- verify-reproducibility | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # 4.2.1 | ||
with: | ||
persist-credentials: false # do not persist auth token in the local git config | ||
|
||
- name: Download artifacts | ||
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # 4.1.8 | ||
with: | ||
name: apache-log4cxx | ||
|
||
- name: Setup GPG | ||
# uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # 6.1.0 | ||
# with: | ||
# gpg_private_key: ${{ secrets.LOGGING_GPG_SECRET_KEY }} | ||
# Using `setup-java` as temporary workaround, since `crazy-max` is not authorized | ||
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # 3.7.0 | ||
with: | ||
distribution: temurin | ||
java-version: 17 | ||
gpg-private-key: ${{ secrets.LOGGING_GPG_SECRET_KEY }} | ||
|
||
- name: Check files and sign | ||
env: | ||
PROJECT_VERSION: ${{ inputs.project-version }} | ||
shell: bash | ||
run: | | ||
for format in tar.gz zip; do | ||
tmp=(apache-log4cxx-*.$format) | ||
name="${tmp[@]}" | ||
version=$(echo "$name" | sed -e "s/apache-log4cxx-\(.*\)\.$format/\1/") | ||
if [ "$PROJECT_VERSION" != "$version" ]; then | ||
echo Unexpected version number for file "$name" >& 2 | ||
exit 1 | ||
fi | ||
sha256sum -c "$name.sha256" | ||
sha512sum -c "$name.sha512" | ||
# Sign | ||
gpg --armor --detach-sign --yes --pinentry-mode error "$name" | ||
done | ||
|
||
- name: Upload to Subversion | ||
shell: bash | ||
env: | ||
DIST_FILENAME_PREFIX: apache-log4cxx | ||
DIST_FILENAME_VERSIONED_PREFIX: apache-log4cxx-${{ inputs.project-version }} | ||
PROJECT_ID: log4cxx | ||
PROJECT_VERSION: ${{ inputs.project-version }} | ||
SVN_USERNAME: ${{ secrets.LOGGING_SVN_DEV_USERNAME }} | ||
SVN_PASSWORD: ${{ secrets.LOGGING_SVN_DEV_PASSWORD }} | ||
run: | | ||
# Find the effective Git commit ID | ||
export COMMIT_ID="$GITHUB_SHA" | ||
|
||
# Checkout the SVN repository | ||
export SVN_DIR="$(mktemp -d)/svn-repo" | ||
svn co \ | ||
"https://dist.apache.org/repos/dist/dev/logging/$PROJECT_ID" \ | ||
"$SVN_DIR" | ||
cd "$SVN_DIR" | ||
|
||
# Switch to the distribution folder | ||
[ -d "$PROJECT_VERSION" ] || { | ||
mkdir "$PROJECT_VERSION" | ||
svn add "$PROJECT_VERSION" | ||
} | ||
cd "$PROJECT_VERSION" | ||
|
||
# Clean up old files | ||
find . -name "${DIST_FILENAME_PREFIX}*" -type f -print0 | xargs -0 -r svn delete | ||
|
||
# Generate emails | ||
for EMAIL_TYPE in vote announce; do | ||
"$GITHUB_WORKSPACE/.github/generate-email.sh" \ | ||
"$EMAIL_TYPE" "$PROJECT_VERSION" "$COMMIT_ID" \ | ||
> "${DIST_FILENAME_VERSIONED_PREFIX}-email-${EMAIL_TYPE}.txt" | ||
done | ||
|
||
# Copy the distribution | ||
cp "$GITHUB_WORKSPACE/$DIST_FILENAME_VERSIONED_PREFIX"* . | ||
|
||
# Add & commit changes | ||
svn add "$DIST_FILENAME_PREFIX"* | ||
svn commit \ | ||
--username "$SVN_USERNAME" \ | ||
--password "$SVN_PASSWORD" \ | ||
-m "Added \`${DIST_FILENAME_PREFIX}\` artifacts for release \`${PROJECT_VERSION}\`" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reviewer should confirm the uploaded source code is not corrupt and
is identical to the package generated by the Github action.
This is what I have put in the review kit I created