You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@fineract.apache.org by al...@apache.org on 2020/08/27 21:08:12 UTC

[fineract] branch 1.4.0 updated: FINERACT-1134: Backport FINERACT-1129 to release branch 1.4.0

This is an automated email from the ASF dual-hosted git repository.

aleks pushed a commit to branch 1.4.0
in repository https://gitbox.apache.org/repos/asf/fineract.git


The following commit(s) were added to refs/heads/1.4.0 by this push:
     new 78816d3  FINERACT-1134: Backport FINERACT-1129 to release branch 1.4.0
     new 64b8673  Merge pull request #1298 from vidakovic/feature/FINERACT-1134
78816d3 is described below

commit 78816d3391ecf45bd7db794f0ad22329f388a651
Author: Aleksandar Vidakovic <ch...@monkeysintown.com>
AuthorDate: Thu Aug 27 21:56:44 2020 +0200

    FINERACT-1134: Backport FINERACT-1129 to release branch 1.4.0
---
 README.md                           | 47 ++++++++++++++++++++-
 fineract-provider/build.gradle      | 84 +++++++++++++++++++++++++++++++++++++
 fineract-provider/gradle.properties |  2 +-
 3 files changed, 131 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index d387a8c..07263f4 100644
--- a/README.md
+++ b/README.md
@@ -351,7 +351,52 @@ Our `ClasspathHellDuplicatesCheckRuleTest` detects classes that appear in more t
 Releasing
 ---------
 
-[How to Release Apache Fineract](https://cwiki.apache.org/confluence/x/DRwIB) documents the process how we make the source code that is available here in this Git repository into a binary release ZIP available on http://fineract.apache.org.
+[How to Release Apache Fineract](https://cwiki.apache.org/confluence/x/DRwIB) documents the process how we make the source code that is available here in this Git repository into a binary release tar.gz available on http://fineract.apache.org.
+
+Before you use Gradle to create a release you need to make sure that you provide the proper GPG parameters. You have to options:
+
+1. Provide the parameters via ~/gradle/gradle.properties in your home folder:
+```
+signing.gnupg.keyName=7890ABCD
+signing.gnupg.passphrase=secret
+```
+
+IMPORTANT: Do not set your GPG secrets in one of the project gradle.properties and double check that you are not accidentally committing them to Git.
+
+The release command would look then look like this:
+```
+./gradlew -Pfineract.release clean build 
+```
+
+2. Another way to provide these parameters are via project parameters on the command line. A release command would then look like this:
+```
+./gradlew -Pfineract.release -Psigning.gnupg.keyName=7890ABCD -Psigning.gnupg.passphrase=secret clean build 
+```
+
+NOTE: Let's assume your GPG key ID would be "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890ABCD" then you have to use the last 8 characters (i. e. "7890ABCD") for the signing plugin property "signing.gnupg.keyName". 
+
+Above tasks will create the following files in folder build/distributions:
+
+- distribution file: apache-fineract-1.4.0-binary.tar.gz
+- ASCII armored signatures: apache-fineract-1.4.0-binary.tar.gz.asc
+- SHA512 checksum: apache-fineract-1.4.0-binary.tar.gz.sha512
+
+The signature is automatically verified by the build script. It will throw an exception if the verification fails.
+
+Additionally, you can verify the validity of the release distribution with:
+```
+gpg --verify build/distributions/apache-fineract-1.4.0-binary.tar.gz.asc
+```
+
+The output should look somewhat like this:
+```
+gpg: assuming signed data in 'build/distributions/apache-fineract-1.4.0-binary.tgz'
+gpg: Signature made Mi 26 Aug 2020 17:17:45 CEST
+gpg:                using RSA key ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890ABCD
+gpg: Good signature from "Aleksandar Vidakovic (Apache Fineract Release Manager) <al...@apache.org>" [ultimate]
+```
+
+NOTE: All commands shown above are assuming that the current working directory is the project root folder.
 
 
 More Information
diff --git a/fineract-provider/build.gradle b/fineract-provider/build.gradle
index ca10794..5c53efe 100644
--- a/fineract-provider/build.gradle
+++ b/fineract-provider/build.gradle
@@ -81,6 +81,8 @@ apply plugin: "net.ltgt.errorprone"
 apply plugin: "com.diffplug.spotless"
 apply plugin: "io.swagger.core.v3.swagger-gradle-plugin"
 apply plugin: "org.hidetake.swagger.generator"
+apply plugin: 'distribution'
+apply plugin: 'signing'
 
 dependencyManagement {
     imports {
@@ -823,6 +825,77 @@ bootJar {
     duplicatesStrategy = DuplicatesStrategy.EXCLUDE
 }
 
+task sourcesJar(type: Jar) {
+    classifier 'sources'
+    from sourceSets.main.allSource
+}
+
+tasks.withType(Tar){
+    compression Compression.GZIP
+    extension 'tar.gz'
+    dependsOn 'buildSwaggerCodeFineract'
+}
+
+distributions {
+    main {
+        baseName "apache-fineract-$releaseVersion-binary"
+        contents {
+            from sourcesJar
+            from bootJar
+            from bootWar
+            from('../build/swagger-code-fineract/build/libs/') {
+                include '**/*.jar'
+                rename 'client-(.+)\\.jar', 'fineract-client.jar'
+            }
+            from('../licenses/binary/') {
+                into "licenses/binary/"
+            }
+            from '../LICENSE_RELEASE'
+            from '../NOTICE_RELEASE'
+            rename ('LICENSE_RELEASE', 'LICENSE')
+            rename ('NOTICE_RELEASE', 'NOTICE')
+
+            from '../DISCLAIMER'
+            from '../README.md'
+        }
+    }
+}
+
+tasks.distZip.enabled false
+
+// create signatures and checksums only if project parameter "fineract.release" is provided on the command line
+if( project.hasProperty("fineract.release") ) {
+    signing {
+        useGpgCmd()
+        sign distTar
+    }
+
+    tasks.withType(Tar) { task ->
+        task.doLast {
+            ant.checksum file: task.archivePath, algorithm: 'SHA-512', fileext: '.sha512'
+        }
+    }
+    tasks.withType(Sign) { task ->
+        task.doLast {
+            new ByteArrayOutputStream().withStream { os ->
+                def result = exec {
+                    workingDir '../build/distributions'
+                    executable 'sh'
+                    args '-c', "gpg --verify apache-fineract-$releaseVersion-binary.tar.gz.asc"
+                    standardOutput = os
+                }
+
+                if(result.exitValue==0) {
+                    println '+++++++ GPG signature correct!'
+                } else {
+                    println '------- GPG signature incorrect!'
+                    throw new RuntimeException('GPG signature incorrect!')
+                }
+            }
+        }
+    }
+}
+
 // Configuration for spotbugs plugin
 // https://github.com/spotbugs/spotbugs-gradle-plugin
 
@@ -899,3 +972,14 @@ swaggerSources {
 }
 
 generateSwaggerCodeFineract.dependsOn prepareConfigJson
+
+// TODO: fix version information for client jar
+// TODO: refactor to multi-module project and make client a separate module; cleaner than running exec
+task buildSwaggerCodeFineract(type:Exec, dependsOn: [
+    'resolve',
+    'generateSwaggerCodeFineract'
+]) {
+    workingDir '../build/swagger-code-fineract'
+    executable 'sh'
+    args '-c', 'chmod +x gradlew && ./gradlew clean build'
+}
diff --git a/fineract-provider/gradle.properties b/fineract-provider/gradle.properties
index fc5aad8..55ff45d 100644
--- a/fineract-provider/gradle.properties
+++ b/fineract-provider/gradle.properties
@@ -16,5 +16,5 @@
 # specific language governing permissions and limitations
 # under the License.
 #
-releaseVersion=1.0.0
+releaseVersion=1.4.0
 buildType=BUILD