You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@pekko.apache.org by "jrudolph (via GitHub)" <gi...@apache.org> on 2023/02/15 13:32:39 UTC
[GitHub] [incubator-pekko] jrudolph opened a new pull request, #188: [DRAFT] Some rudimentary version of how releasing could work
jrudolph opened a new pull request, #188:
URL: https://github.com/apache/incubator-pekko/pull/188
Here are some ideas how releasing could later work. It's far from finished.
In this setup, a docker image provides the base installation to use for building.
GPG keys are provided from the outside of the container by providing access to the host gpg-agent. Alternatively, we could provide keys similarly as `sbt-ci-release` does it by actually providing the secret as an environment value. Both options don't seem super compelling. The use of `gpg-agent` at least provides the possibility to also use smartcards/yubikeys for signing automatically.
The setup of `gpg-agent` propagation to the docker container is right now quite brittle:
* it requires that the user id must match between host and container
* it assumes a certain setup of how gpg-agent is connected that works on Ubuntu/Linux but might not work on other distros
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko] mdedetrich commented on a diff in pull request #188: [DRAFT] Some rudimentary version of how releasing could work
Posted by "mdedetrich (via GitHub)" <gi...@apache.org>.
mdedetrich commented on code in PR #188:
URL: https://github.com/apache/incubator-pekko/pull/188#discussion_r1108443296
##########
scripts/release/build-release.sh:
##########
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+set -o pipefail
+
+# check config
+# BUILD_COMMIT
+# NEXUS_USER
+# NEXUS_PW
+# GPG_SIGNING_KEY
+
+# checkout
+git checkout $BUILD_COMMIT
+
+# generate source artifacts
+sbt sourceDistGenerate
+
+# sign source artifacts
+find target/dist -regex '.*\(tgz\|zip\)' | xargs -I{} sh -c "sha512sum {} > {}.sha512"
Review Comment:
So the PR has been merged (see https://github.com/apache/incubator-pekko/pull/195) so you don't need to worry about manually creating digests of the files.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko] mdedetrich commented on a diff in pull request #188: [DRAFT] Some rudimentary version of how releasing could work
Posted by "mdedetrich (via GitHub)" <gi...@apache.org>.
mdedetrich commented on code in PR #188:
URL: https://github.com/apache/incubator-pekko/pull/188#discussion_r1107471757
##########
scripts/release/build-release.sh:
##########
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+set -o pipefail
+
+# check config
+# BUILD_COMMIT
+# NEXUS_USER
+# NEXUS_PW
+# GPG_SIGNING_KEY
+
+# checkout
+git checkout $BUILD_COMMIT
+
+# generate source artifacts
+sbt sourceDistGenerate
+
+# sign source artifacts
+find target/dist -regex '.*\(tgz\|zip\)' | xargs -I{} sh -c "sha512sum {} > {}.sha512"
Review Comment:
I will make a PR to update version now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko] pjfanning commented on a diff in pull request #188: [DRAFT] Some rudimentary version of how releasing could work
Posted by "pjfanning (via GitHub)" <gi...@apache.org>.
pjfanning commented on code in PR #188:
URL: https://github.com/apache/incubator-pekko/pull/188#discussion_r1107145014
##########
scripts/release/build-release.sh:
##########
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+set -o pipefail
+
+# check config
+# BUILD_COMMIT
+# NEXUS_USER
+# NEXUS_PW
+# GPG_SIGNING_KEY
+
+# checkout
+git checkout $BUILD_COMMIT
+
+# generate source artifacts
+sbt sourceDistGenerate
+
+# sign source artifacts
+find target/dist -regex '.*\(tgz\|zip\)' | xargs -I{} sh -c "sha512sum {} > {}.sha512"
Review Comment:
newer versions (that already exist, but not yet uptaken here) produce the sha digests automatically
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko] jrudolph commented on a diff in pull request #188: [DRAFT] Some rudimentary version of how releasing could work
Posted by "jrudolph (via GitHub)" <gi...@apache.org>.
jrudolph commented on code in PR #188:
URL: https://github.com/apache/incubator-pekko/pull/188#discussion_r1107144568
##########
scripts/release/README.md:
##########
@@ -0,0 +1,29 @@
+# Release build scripts
+
+## Build environment
+
+The build environment can be setup using this command:
+
+```sh
+docker build pekko:build
+```
+
+## Release script
+
+`build-release.sh` will run the build, and provided gpg credentials by forwarding the GPG agent connection to the docker container.
+Understand the risk of exposing the gpg-agent to a container.
+
+```sh
+docker run \
+ -ti --rm \
+ -v `pwd`:/scripts:ro \
+ -v ${HOME}/.gnupg/:/home/user/.gnupg/:ro -v /run/user/$(id -u)/:/run/user/$(id -u)/:ro \
+ -e BUILD_COMMIT=origin/main \
+ -e GPG_SIGNING_KEY=8DEF770BCFC57CEC83BF0410DC20AD935AC6CEF4 \
Review Comment:
This is a real id of an example key.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko] mdedetrich commented on a diff in pull request #188: [DRAFT] Some rudimentary version of how releasing could work
Posted by "mdedetrich (via GitHub)" <gi...@apache.org>.
mdedetrich commented on code in PR #188:
URL: https://github.com/apache/incubator-pekko/pull/188#discussion_r1107464465
##########
scripts/release/build-release.sh:
##########
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+set -o pipefail
+
+# check config
+# BUILD_COMMIT
+# NEXUS_USER
+# NEXUS_PW
+# GPG_SIGNING_KEY_ID
+
+# checkout
+git checkout $BUILD_COMMIT
+
+# generate source artifacts
+sbt sourceDistGenerate
+
+# sign source artifacts
+find target/dist -regex '.*\(tgz\|zip\)' | xargs -I{} sh -c "sha512sum {} > {}.sha512"
+find target/dist -regex '.*\(tgz\|zip\)' | xargs -n1 gpg --sign --armor --default-key $GPG_SIGNING_KEY_ID --detach-sig
+
+# upload source artifacts
+# TODO
+
+# publish to Apache Nexus Staging
+echo "pgpSigningKey := Some(\"$GPG_SIGNING_KEY_ID\")" > pgp-signing-key.sbt
+sbt +publishSigned
+
+# generate and upload docs
+# TODO
Review Comment:
nit: new line here
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko] seveneves commented on a diff in pull request #188: [DRAFT] Some rudimentary version of how releasing could work
Posted by "seveneves (via GitHub)" <gi...@apache.org>.
seveneves commented on code in PR #188:
URL: https://github.com/apache/incubator-pekko/pull/188#discussion_r1107139418
##########
scripts/release/README.md:
##########
@@ -0,0 +1,29 @@
+# Release build scripts
+
+## Build environment
+
+The build environment can be setup using this command:
+
+```sh
+docker build pekko:build
+```
+
+## Release script
+
+`build-release.sh` will run the build, and provided gpg credentials by forwarding the GPG agent connection to the docker container.
+Understand the risk of exposing the gpg-agent to a container.
+
+```sh
+docker run \
+ -ti --rm \
+ -v `pwd`:/scripts:ro \
+ -v ${HOME}/.gnupg/:/home/user/.gnupg/:ro -v /run/user/$(id -u)/:/run/user/$(id -u)/:ro \
+ -e BUILD_COMMIT=origin/main \
+ -e GPG_SIGNING_KEY=8DEF770BCFC57CEC83BF0410DC20AD935AC6CEF4 \
Review Comment:
Is this a real signing key?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko] mdedetrich commented on pull request #188: [DRAFT] Some rudimentary version of how releasing could work
Posted by "mdedetrich (via GitHub)" <gi...@apache.org>.
mdedetrich commented on PR #188:
URL: https://github.com/apache/incubator-pekko/pull/188#issuecomment-1431753183
> GPG keys are provided from the outside of the container by providing access to the host gpg-agent. Alternatively, we could provide keys similarly as sbt-ci-release does it by actually providing the secret as an environment value. Both options don't seem super compelling. The use of gpg-agent at least provides the possibility to also use smartcards/yubikeys for signing automatically.
This is more of a long term idea, but I always imagined using sbt-pgp directly rather than sbt-ci-release since sbt-pgp just wraps over gpg so there is no reason why it should have the same problems as sbt-ci-release. In fact I think in general sbt-ci-release is not really needed for pekko projects, the only functionality we use from it is sbt-dynver considering there is broad agreement on how to do a proper release which is not going to be via pushing a git tag.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org