From 55309a3dba4d54fa3a361bdae13bcefffc115897 Mon Sep 17 00:00:00 2001 From: Sutou Kouhei Date: Thu, 16 Jan 2025 10:52:54 +0900 Subject: [PATCH 1/3] GH-522: [Release] Add support for signing .jar Fixes GH-522. --- .gitignore | 1 + ci/scripts/jni_full_build.sh | 8 +++++++- dev/release/release_rc.sh | 28 +++++++++++++++++++++------- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 8171952dad..8c7bd135e1 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ .settings/ /*-build/ /.mvn/.develocity/ +/apache-arrow-java-* /apache-arrow-java.tar.gz /build/ /dev/release/apache-rat-0.16.1.jar diff --git a/ci/scripts/jni_full_build.sh b/ci/scripts/jni_full_build.sh index 15cf72f21b..366bd59f64 100755 --- a/ci/scripts/jni_full_build.sh +++ b/ci/scripts/jni_full_build.sh @@ -17,11 +17,12 @@ # specific language governing permissions and limitations # under the License. -set -e +set -eu source_dir="$(cd "${1}" && pwd)" jni_build_dir="$(cd "${2}" && pwd)" dist_dir="${3}" +rm -rf "${dist_dir}" mkdir -p "${dist_dir}" dist_dir="$(cd "${dist_dir}" && pwd)" @@ -69,3 +70,8 @@ find ~/.m2/repository/org/apache/arrow \ ")" \ -exec echo "{}" ";" \ -exec cp "{}" "${dist_dir}" ";" + +for artifact in ${dist_dir}/*; do + sha256sum "${artifact}" >"${artifact}.sha256" + sha512sum "${artifact}" >"${artifact}.sha512" +done diff --git a/dev/release/release_rc.sh b/dev/release/release_rc.sh index c8f1024a3f..e1800e7e57 100755 --- a/dev/release/release_rc.sh +++ b/dev/release/release_rc.sh @@ -83,6 +83,9 @@ rc_hash="$(git rev-list --max-count=1 "${rc_tag}")" id="apache-arrow-java-${version}" tar_gz="${id}.tar.gz" +artifacts_dir="apache-arrow-java-${version}-rc${rc}" +signed_artifacts_dir="${artifacts_dir}-signed" + if [ "${RELEASE_SIGN}" -gt 0 ]; then git_origin_url="$(git remote get-url origin)" repository="${git_origin_url#*github.com?}" @@ -105,23 +108,34 @@ if [ "${RELEASE_SIGN}" -gt 0 ]; then echo "Found GitHub Actions workflow with ID: ${run_id}" gh run watch --repo "${repository}" --exit-status "${run_id}" - echo "Downloading .tar.gz from GitHub Releases" + echo "Downloading artifacts from GitHub Releases" gh release download "${rc_tag}" \ - --dir . \ - --pattern "${tar_gz}" \ + --dir "${artifacts_dir}" \ --repo "${repository}" \ --skip-existing - echo "Signing tar.gz and creating checksums" - gpg --armor --output "${tar_gz}.asc" --detach-sig "${tar_gz}" + echo "Signing artifacts" + rm -rf "${signed_artifacts_dir}" + mkdir -p "${signed_artifacts_dir}" + for artifact in ${artifacts_dir}/*; do + case "${artifact}" in + *.asc | *.sha256 | *.sha512) + continue + ;; + esac + gpg --armor \ + --detach-sig \ + --output "${signed_artifacts_dir}/$(basename "${artifact}").asc" \ + "${artifact}" + done fi if [ "${RELEASE_UPLOAD}" -gt 0 ]; then echo "Uploading signature" gh release upload "${rc_tag}" \ --clobber \ - --repo "${repository}" \ - "${tar_gz}.asc" + --repo "${repository:-kou/arrow-java}" \ + ${signed_artifacts_dir}/*.asc fi echo "Draft email for dev@arrow.apache.org mailing list" From abd1c2d9d8f1565e9a8bcffa2d7d11f8322bd618 Mon Sep 17 00:00:00 2001 From: Sutou Kouhei Date: Thu, 16 Jan 2025 10:59:40 +0900 Subject: [PATCH 2/3] Fix lint --- ci/scripts/jni_full_build.sh | 2 +- dev/release/release_rc.sh | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/ci/scripts/jni_full_build.sh b/ci/scripts/jni_full_build.sh index 366bd59f64..49cbdc138f 100755 --- a/ci/scripts/jni_full_build.sh +++ b/ci/scripts/jni_full_build.sh @@ -71,7 +71,7 @@ find ~/.m2/repository/org/apache/arrow \ -exec echo "{}" ";" \ -exec cp "{}" "${dist_dir}" ";" -for artifact in ${dist_dir}/*; do +for artifact in "${dist_dir}"/*; do sha256sum "${artifact}" >"${artifact}.sha256" sha512sum "${artifact}" >"${artifact}.sha512" done diff --git a/dev/release/release_rc.sh b/dev/release/release_rc.sh index e1800e7e57..a61761ba96 100755 --- a/dev/release/release_rc.sh +++ b/dev/release/release_rc.sh @@ -80,9 +80,6 @@ fi rc_hash="$(git rev-list --max-count=1 "${rc_tag}")" -id="apache-arrow-java-${version}" -tar_gz="${id}.tar.gz" - artifacts_dir="apache-arrow-java-${version}-rc${rc}" signed_artifacts_dir="${artifacts_dir}-signed" @@ -117,7 +114,7 @@ if [ "${RELEASE_SIGN}" -gt 0 ]; then echo "Signing artifacts" rm -rf "${signed_artifacts_dir}" mkdir -p "${signed_artifacts_dir}" - for artifact in ${artifacts_dir}/*; do + for artifact in "${artifacts_dir}"/*; do case "${artifact}" in *.asc | *.sha256 | *.sha512) continue @@ -135,7 +132,7 @@ if [ "${RELEASE_UPLOAD}" -gt 0 ]; then gh release upload "${rc_tag}" \ --clobber \ --repo "${repository:-kou/arrow-java}" \ - ${signed_artifacts_dir}/*.asc + "${signed_artifacts_dir}"/*.asc fi echo "Draft email for dev@arrow.apache.org mailing list" From ba6a511d6da00e04db7d4f55610f01f20cedfbc8 Mon Sep 17 00:00:00 2001 From: Sutou Kouhei Date: Thu, 16 Jan 2025 11:03:26 +0900 Subject: [PATCH 3/3] Remove a debug code --- dev/release/release_rc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/release/release_rc.sh b/dev/release/release_rc.sh index a61761ba96..de053578e0 100755 --- a/dev/release/release_rc.sh +++ b/dev/release/release_rc.sh @@ -131,7 +131,7 @@ if [ "${RELEASE_UPLOAD}" -gt 0 ]; then echo "Uploading signature" gh release upload "${rc_tag}" \ --clobber \ - --repo "${repository:-kou/arrow-java}" \ + --repo "${repository}" \ "${signed_artifacts_dir}"/*.asc fi