You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ma...@apache.org on 2019/03/25 23:21:34 UTC
[incubator-superset] branch master updated: Scripts & instructions
to craft official Apache source releases (#7054)
This is an automated email from the ASF dual-hosted git repository.
maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new ebb3210 Scripts & instructions to craft official Apache source releases (#7054)
ebb3210 is described below
commit ebb32101c98dbbd4f1de92e9ed3cab1c6d0c2b11
Author: Maxime Beauchemin <ma...@gmail.com>
AuthorDate: Mon Mar 25 16:21:26 2019 -0700
Scripts & instructions to craft official Apache source releases (#7054)
* Apache Releases
https://github.com/mistercrunch/superset/blob/apache-releases/RELEASING.md#apache-releases
* npm run prod -> npm run build
---
.gitignore | 1 +
INSTALL.txt | 39 ++++++++++++++++++++
RELEASING.md | 112 ++++++++++++++++++++++++++++----------------------------
scripts/sign.sh | 28 ++++++++++++++
4 files changed, 123 insertions(+), 57 deletions(-)
diff --git a/.gitignore b/.gitignore
index b5af9b8..929abbd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -78,3 +78,4 @@ geckodriver.log
ghostdriver.log
testCSV.csv
.terser-plugin-cache/
+apache-superset-*.tar.gz*
diff --git a/INSTALL.txt b/INSTALL.txt
new file mode 100644
index 0000000..3fa5988
--- /dev/null
+++ b/INSTALL.txt
@@ -0,0 +1,39 @@
+# INSTALL / BUILD instructions for Apache Superset (incubating)
+
+# These instructions should work along sources releases under
+# https://dist.apache.org/repos/dist/dev/incubator/superset/*/*source.tar.gz$
+
+# [required] fetch the tarball and untar the source
+# change into the directory that was untarred.
+
+#############################
+# Dependencies
+#############################
+# Superset runs best on python3.6
+# Also recommended is the latest long term supported node / npm
+# For complementary information read our CONTRIBUTING.md
+# for OS level dependencies find instructions here:
+# http://superset.apache.org/installation.html
+
+# Fetch npm dependencies
+cd superset/assets/
+npm ci
+
+# Build the Javascript bundles
+npm run build
+
+# Back to the root of the repo
+cd ../..
+
+# [optional] Superset pulls in quite a lot of dependencies in order
+# to connect to other services. You might want to test or run Superset
+# from a virtual env to make sure those dependencies are separated
+# from your system wide versions
+python3 -m env36
+source env36/bin/activate
+
+# [required] building and installing by pip (preferred)
+pip install .
+
+# superset --help
+
diff --git a/RELEASING.md b/RELEASING.md
index b4b06bc..45db9e2 100644
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -46,66 +46,64 @@ git commit -a -m "New doc version"
git push origin master
```
-## Publishing a PyPI release
+# Apache Releases
-We create a branch that goes along each minor release `0.24`
-and micro releases get corresponding tags as in `0.24.0`. Git history should
-never be altered in release branches.
-Bug fixes and security-related patches get cherry-picked
-(usually from master) as in `git cherry-pick -x {SHA}`.
+You'll probably want to run these commands manually and understand what
+they do prior to doing so.
-Following a set of cherries being picked, a release can be pushed to
-PyPI as follows:
+First you need to setup a few things. This is a one-off and doesn't
+need to be done at every release.
```bash
-# branching off of master
-git checkout -b 0.25
-
-# cherry-picking a SHA
-git cherry-pick -x f9d85bd2e1fd9bc233d19c76bed09467522b968a
-# repeat with other SHAs, don't forget the -x
-
-# source of thruth for release numbers live in package.json
-vi superset/assets/package.json
-# hard code release in file, commit to the release branch
-git commit -a -m "0.25.0"
-
-# create the release tag in the release branch
-git tag 0.25.0
-git push apache 0.25 --tags
-
-# check travis to confirm the build succeeded as
-# you shouldn't assume that a clean cherry will be clean
-# when landing on a new sundae
-
-# compile the JS, and push to pypi
-# to run this part you'll need a pypi account and rights on the
-# superset package. Committers that want to ship releases
-# should have this access.
-# You'll also need a `.pypirc` as specified here:
-# https://gist.github.com/davydany/b08acef08f75fe297e13ae4d24ce9f4d
-./pypi_push.sh
-
-# publish an update to the CHANGELOG.md for the right version range
-# looking the latest CHANGELOG entry for the second argument
-./gen_changelog.sh 0.22.1 0.25.0
-# this will overwrite the CHANGELOG.md with only the version range
-# so you'll want to copy paste that on top of the previous CHANGELOG.md
-# open a PR against `master`
+ # Create PGP Key
+ gpg --gen-key
+
+ # Checkout ASF dist repo
+ svn checkout https://dist.apache.org/repos/dist/dev/incubator/superset/ ~/svn/superset
+ cd ~/svn/superset
+
+
+ # Add your GPG pub key to KEYS file. Replace "Maxime Beauchemin" with your name
+ export FULLNAME="Maxime Beauchemin"
+ (gpg --list-sigs $FULLNAME && gpg --armor --export $FULLNAME ) >> KEYS
+
+
+ # Commit the changes
+ svn commit -m "Add PGP keys of new Superset committer"
```
-In the future we'll start publishing release candidates for minor releases
-only, but typically not for micro release.
-The process will be similar to the process described above, expect the
-tags will be formatted `0.25.0rc1`, `0.25.0rc2`, ..., until consensus
-is reached.
-
-We should also have a Github PR label process to target the proper
-release, and tooling helping keeping track of all the cherries and
-target versions.
-
-For Apache releases, the process will be a bit heavier and should get
-documented here. There will be extra steps for signing the binaries,
-with a PGP key and providing MD5, Apache voting, as well as
-publishing to Apache's SVN repository. View the ASF docs for more
-information.
+Now let's craft a source release
+```bash
+ # Assuming these commands are executed from the root of the repo
+ # Setting a VERSION var will be useful
+ export VERSION=0.31.0rc18
+
+ # Let's create a git tag
+ git tag -f ${VERSION}
+
+ # [WARNING!] This command wipes everything in your repo that is
+ # gitignored in preparation for the source release.
+ # You may want to check that there's nothing your care about here first.
+ # Alternatively you could clone the repo into another location as in
+ # git clone git@github.com:apache/incubator-superset.git superset-releases
+ git clean -fxd
+ git archive \
+ --format=tar.gz ${VERSION} \
+ --prefix=apache-superset-${VERSION}/ \
+ -o apache-superset-${VERSION}-source.tar.gz
+
+ scripts/sign.sh apache-superset-${VERSION}-source.tar.gz
+```
+
+Now let's ship this into svn
+
+```bash
+ # cp or mv the files over to the svn repo
+ mkdir ~/svn/superset/${VERSION}/
+ cp apache-superset-${VERSION}* ~/svn/superset/${VERSION}/
+ cd ~/svn/superset/
+ svn add ${VERSION}
+ svn commit
+```
+
+Now you're ready to announce the release on the mailing list
diff --git a/scripts/sign.sh b/scripts/sign.sh
new file mode 100755
index 0000000..33054a1
--- /dev/null
+++ b/scripts/sign.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Use this to sign the tar balls generated from
+# python setup.py sdist --formats=gztar
+# ie. sign.sh <my_tar_ball>
+# you will still be required to type in your signing key password
+# or it needs to be available in your keychain
+
+NAME=${1}
+
+gpg --armor --output ${NAME}.asc --detach-sig ${NAME}
+gpg --print-md SHA512 ${NAME} > ${NAME}.sha512