You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hugegraph.apache.org by ji...@apache.org on 2023/01/08 13:35:11 UTC

[incubator-hugegraph] 01/01: chore: support validate apache release automatically

This is an automated email from the ASF dual-hosted git repository.

jin pushed a commit to branch validate-release
in repository https://gitbox.apache.org/repos/asf/incubator-hugegraph.git

commit 4d79f3677615807d6eff32ac7ff3abe2a47dfe39
Author: imbajin <ji...@apache.org>
AuthorDate: Sun Jan 8 17:20:17 2023 +0800

    chore: support validate apache release automatically
---
 .github/workflows/validate-release.yml     | 37 ++++++++++++
 hugegraph-dist/scripts/validate-release.sh | 93 ++++++++++++++++++++++++++++++
 2 files changed, 130 insertions(+)

diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml
new file mode 100644
index 000000000..896db776f
--- /dev/null
+++ b/.github/workflows/validate-release.yml
@@ -0,0 +1,37 @@
+name: validate apache release
+
+on:
+  workflow_dispatch:
+    inputs:
+      current_version:
+        required: true
+        default: '1.0.0'
+      deploy_maven:
+        required: true
+        default: 'false'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      SCRIPT_PATH: hugegraph-dist/scripts/
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v3
+      - name: Install JDK ${{ matrix.JAVA_VERSION }}
+        uses: actions/setup-java@v3
+        with:
+          java-version: ${{ matrix.JAVA_VERSION }}
+          distribution: 'adopt'
+      # TODO: do we need svn & gpg environment?
+      - name: Test Building Source & Running
+        run: |
+          bash $SCRIPT_PATH/validate-release.sh ${{ github.event.inputs.current_version }}
+      - name: Test Running Binary
+        run: |
+          echo "TODO: separate script to test binary"
+
+  strategy:
+    fail-fast: true
+    matrix:
+      JAVA_VERSION: [ '8', '11' ]
diff --git a/hugegraph-dist/scripts/validate-release.sh b/hugegraph-dist/scripts/validate-release.sh
new file mode 100755
index 000000000..000adb39c
--- /dev/null
+++ b/hugegraph-dist/scripts/validate-release.sh
@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script is used to validate the release package, including:
+# 1. Check the release package name & content
+# 3. Check the release package sha512
+# 4. Check the release package gpg signature
+
+URL_PREFIX="https://dist.apache.org/repos/dist/dev/incubator/hugegraph/"
+# release version (input by committer)
+RELEASE_VERSION=$1
+# git release branch (check it carefully)
+#GIT_BRANCH="release-${RELEASE_VERSION}"
+
+RELEASE_VERSION=${RELEASE_VERSION:?"Please input the release version behind script"}
+
+# step1: download svn files
+rm -rf dist/"$RELEASE_VERSION" && svn co ${URL_PREFIX}/"$RELEASE_VERSION" dist/"$RELEASE_VERSION"
+cd dist/"$RELEASE_VERSION" || exit
+
+# step2: check environment & import public keys
+shasum --version 1>/dev/null || exit
+gpg --version 1>/dev/null || exit
+
+wget https://downloads.apache.org/incubator/hugegraph/KEYS
+gpg --import KEYS || exit
+# TODO: how to trust all public keys once?
+
+# step3: check sha512 & gpg signature
+for i in *.tar.gz; do
+  echo "$i"
+  shasum -a 512 --check "$i".sha512 || exit
+done
+
+for i in *.tar.gz; do
+  echo "$i"
+  eval gpg "${GPG_OPT}" --verify "$i".asc "$i" || exit
+done
+
+# step4: validate source packages
+for i in *src.tar.gz; do
+  echo "$i"
+  #### step4.0: check the directory include "incubating"
+  if [[ ! "$i" =~ "incubating" ]]; then
+    echo "The package name should include incubating" && exit 1
+  fi
+  tar xzf "$i" || exit
+  cd "$(basename "$i" .tar.gz)" || exit
+
+  #### step4.1: check the directory include "NOTICE" and "LICENSE" file
+  if [[ ! -f "LICENSE" ]]; then
+    echo "The package should include LICENSE file" && exit 1
+  fi
+  if [[ ! -f "NOTICE" ]]; then
+    echo "The package should include NOTICE file" && exit 1
+  fi
+
+  #### step4.2: compile the packages
+  mvn clean package -DskipTests || exit
+  cd .. || exit
+done
+
+#### step4.3: run the compiled packages in server
+cd ./*hugegraph-incubating*src/*hugegraph*"${RELEASE_VERSION}" || exit
+bin/start-hugegraph.sh || exit
+sleep 5
+bin/stop-hugegraph.sh
+cd .. || exit
+
+#### step4.4: run the compiled packages in toolchain (include loader/tool/hubble)
+cd ./*hugegraph-toolchain*src/*hugegraph*"${RELEASE_VERSION}" || exit
+# loader
+
+# step5: validate the binary packages
+#### step5.0: check the directory include "incubating"
+#### step5.1: check the directory include "NOTICE" and "LICENSE" file
+#### step5.4: run the binary packages
+
+echo "Finished validate, please check all steps manually again!"