Merged
Conversation
snazy
force-pushed
the
releases-prep
branch
11 times, most recently
from
6f6e7a1 to
789a379
Compare
Merged
snazy
force-pushed
the
releases-prep
branch
9 times, most recently
from
55bc25d to
ea160e8
Compare
snazy
force-pushed
the
releases-prep
branch
4 times, most recently
from
e4e375d to
3b825fa
Compare
snazy
requested review from
RussellSpitzer,
jackye1995,
takidau and
vvcephei
as code owners
snazy
requested review from
RussellSpitzer,
ashvina,
jackye1995,
jbonofre,
takidau and
vvcephei
as code owners
Adds publishing for Maven artifacts, including signing. Includes most prerequisites to publish Maven artifacts to Maven Central. The build-code parts have been taken from Nessie, including the necessary special treatment of shadow-jars and support to publish a bom. `./gradlew publishToMavenLocal` works out of the box. On top of the Nessie parts, this change can also build a source tarball from using `git archive`, plus some Apache project specific adoptions. Fully signed invocation example, assuming GPG agent (there are alternative ways to provide the GPG key+passphrase): ```bash ./ gradlew \ publishToMavenLocal \ sourceTarball \ -Prelease \ -PuseGpgAgent ``` This change also introduces a `version.txt`, which contains `999-SNAPSHOT`. Using `999-SNAPSHOT` on the `main` branch makes it easier later on to enable multiple major/minor version branches and releases from those. `version.txt` on a major/minor version branch would contain something like `2.1-SNAPSHOT`. With `999-SNAPSHOT` on the `main` branch eliminates the need to update `version.txt` on the `main` branch when a new major version branch is created, eliminating the need to commit and push to multiple branches from a mostly automated release workflow infrastructure.
Member
Author
|
@jbonofre can you review? |
jbonofre
reviewed
Sep 9, 2024
|
|
||
| mailingLists.addAll("dev", "issues", "commits") | ||
|
|
||
| podlingPpmcAsfIds.addAll("anoop", "ashvin", "jackye", "russellspitzer", "snazy", "vvcephei") |
Member
There was a problem hiding this comment.
I would add the mentors here (very selfish, but I would like to be on the list :) ).
Member
Author
There was a problem hiding this comment.
It was a trick to verify that you review this change ;) ;) :disappear:
build.gradle.kts
Outdated
|
|
||
| repositories { | ||
| register("apache") { | ||
| this.nexusUrl // TODO configure |
Member
There was a problem hiding this comment.
Do you mean https://repository.apache.org ?
It's used for staging and snapshots.
The stagingProfileId is the one from the release managers, or the release bot. Right ?
Member
Author
There was a problem hiding this comment.
I'd like to keep these as TODOs for now until we can actually test at least snapshot-releases e2e.
BTW: stagingProfileId isn't the user/bot (credentials are configured in a different way) - it's an ID "per-release".
jbonofre
approved these changes
Sep 10, 2024
snazy
added a commit
to snazy/polaris
that referenced
this pull request
Feb 11, 2026
* fix(site): Bump the binary distribution version. (apache#3624) Co-authored-by: ChristopherQu <[email protected]> * chore(deps): update actions/stale digest to dcd2b94 (apache#3643) * security(getting-started): enforce stronger postgres password and restrict database access (apache#3570) * security(getting-started): enforce strong postgres passwords and restrict database access - Add POSTGRES_PASSWORD environment variable to specify the Postgres database password. - Add validation to reject weak default "postgres" password. - Generate random 16-character password if POSTGRES_PASSWORD is not provided. - Replace all hardcoded "postgres" password references with $POSTGRES_PASSWORD variable. - Restrict Azure PostgreSQL access to VM's public IP using `--public-access` flag. This aligns security posture across AWS (VPC-only), Azure (IP-restricted), and GCP (authorized-networks) - Update documentation site to describe the POSTGRES_PASSWORD environment variable. * OpenAPI specs: update README with detailed API specifications (apache#3629) * CI: simplify `ci-incr-build-cache-save` action usage (apache#3626) * CI: simplify upload-artifacts call + only on failure (apache#3627) * CI: simplify java-setup action usage (apache#3628) * STS roleArn: enable 3rd party STS services (apache#3619) Certain non-AWS STS service implementations use role ARNs that look quite different from AWS ones. This change shall enable those STS implementations. Example role ARNs that currently fail: * `urn:ecs:sts::s3:assumed-role/s3assumeRole/user1-105-temp` * `urn:sgws:identity::12345:group/foo-bar-abcdef` Related issue apache#2743 * Last merged commit 29ccdd1 --------- Co-authored-by: HJ Q. <[email protected]> Co-authored-by: ChristopherQu <[email protected]> Co-authored-by: Mend Renovate <[email protected]> Co-authored-by: Pierre Laporte <[email protected]> Co-authored-by: Alexandre Dutra <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds publishing for Maven artifacts, including signing. Includes most prerequisites to publish Maven artifacts to Maven Central.
The build-code parts have been taken from Nessie, including the necessary special treatment of shadow-jars and support to publish a bom.
./gradlew publishToMavenLocalworks out of the box.On top of the Nessie parts, this change can also build a source tarball from using
git archive, plus some Apache project specific adoptions.Fully signed invocation example, assuming GPG agent (there are alternative ways to provide the GPG key+passphrase):
This change also introduces a
version.txt, which contains999-SNAPSHOT. Using999-SNAPSHOTon themainbranch makes it easier later on to enable multiple major/minor version branches and releases from those.version.txton a major/minor version branch would contain something like2.1-SNAPSHOT. With999-SNAPSHOTon themainbranch eliminates the need to updateversion.txton themainbranch when a new major version branch is created, eliminating the need to commit and push to multiple branches from a mostly automated release workflow infrastructure.