2019-03-18 13:46:07 -04:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
#
|
|
|
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
|
|
# this work for additional information regarding copyright ownership.
|
|
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
|
|
# (the "License"); you may not use this file except in compliance with
|
|
|
|
# the License. You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# Creates a HBase release candidate. The script will update versions, tag the branch,
|
|
|
|
# build HBase binary packages and documentation, and upload maven artifacts to a staging
|
|
|
|
# repository. There is also a dry run mode where only local builds are performed, and
|
|
|
|
# nothing is uploaded to the ASF repos.
|
|
|
|
#
|
|
|
|
# Run with "-h" for options. For example, running below will do all
|
|
|
|
# steps above using the 'rm' dir under Downloads as workspace:
|
|
|
|
#
|
|
|
|
# $ ./do-release-docker.sh -d ~/Downloads/rm
|
|
|
|
#
|
|
|
|
# The scripts in this directory came originally from spark [1]. They were then
|
|
|
|
# modified to suite the hbase context. These scripts supercedes the old
|
|
|
|
# ../make_rc.sh script for making release candidates because what is here is more
|
|
|
|
# comprehensive doing more steps of the RM process as well as running in a
|
|
|
|
# container so the RM build environment can be a constant.
|
|
|
|
#
|
|
|
|
# It:
|
|
|
|
# * Tags release
|
|
|
|
# * Sets version to the release version
|
|
|
|
# * Sets version to next SNAPSHOT version.
|
|
|
|
# * Builds, signs, and hashes all artifacts.
|
|
|
|
# * Pushes release tgzs to the dev dir in a apache dist.
|
|
|
|
# * Pushes to repository.apache.org staging.
|
|
|
|
#
|
|
|
|
# The entry point is here, in the do-release-docker.sh script.
|
|
|
|
#
|
|
|
|
# 1. https://github.com/apache/spark/tree/master/dev/create-release
|
|
|
|
#
|
|
|
|
set -e
|
2019-10-02 12:14:17 -04:00
|
|
|
|
HBASE-24318 Create-release scripts fixes and enhancements (#1643)
* narrow 'dry-run' limits so see svn activity up to just before check-in.
* Fix several typos and, in case of dry run, enable build step to chain from tag step by keeping the tagged git repo.
* Improve Maven settings.xml file, and names of variables related to it. Remove unnecessary use of "-Dmaven.repo.local", put it in settings.xml instead. Stop putting password literals in settings.xml.
* stop deleting maven settings file, now that it doesn't contain password strings
* Merge 'tag' into release-build.sh as another stage. Also found and fixed a couple bugs in the current release-tag.sh.
* Delete redundant release-tag.sh script.
* Small changes to make dev-support/create-release tools less focused
on hbase project only, while retaining special behaviors for
hbase sub-projects which share the hbase dist and jira locations.
* Changed terminology of release publish steps, from <build|publish>
to <publish-dist|publish-release>. In fact, what was formerly called
"build" built the distribution tarballs AND published them to dist,
while "publish" built the maven artifacts AND published them to Nexus.
The new terminology clarifies what's happening, and removes the appearance
of order dependendency.
* Fix publish-snapshot so it does same checks as publish-release.
* Factor out common maven usages, and move them to build-util.sh.
* Change default polarity of DRY_RUN to default to true. Change -n ("no-publish") to -f ("force publish") to actually publish.
* Fix problems in do-release.sh so it runs correctly outside of docker,
including DRY_RUN being exported.
* Have do-release.sh set REPO (shared maven local repository) if doing all three stages.
* Cleaned up REPO directory creation.
* General cleanup of comments and usage.
* fix all 'shellcheck' errors
* use ${BASH_SOURCE[0]} instead of $0 to determine script directory path
* smarter way to read version from pom with mvn
* do maven-gpg-plugin config settings in maven settings file correctly as documented
* fix gpg signing failure on Mac due to gpg-agent timeout
* fix various bugs to enable publish-dist, publish-snapshot, and publish-release to work correctly as individual steps and/or without docker
* improve log reporting from publish-release step
* fix bug in argument to checkcompatibility.py: replace PACKAGE_VERSION with GIT_REF
* demote "PACKAGE_VERSION" to "package_version_name" and undocument it in favor of RELEASE_TAG. Still enable appropriate defaulting in case RELEASE_TAG is undefined.
* unify RELEASE_VERSION with VERSION, to remove ambiguity and allow it to be set when only running 'publish' step without 'tag'
* query confirm RELEASE_TAG
* emphasize that release-build.sh is called for a single action at a time, and should be called from do-release.sh.
* add '-s' option to do-release.sh
* suppress maven "Download from central:" messages
* Replace human wait for tag propagation
Signed-off-by: Cesar Delgado <cdelgado@apple.com>
Signed-off-by: stack <stack@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-05-09 11:46:41 -04:00
|
|
|
# Set this to build other hbase repos: e.g. PROJECT=hbase-operator-tools
|
2019-10-02 12:14:17 -04:00
|
|
|
export PROJECT="${PROJECT:-hbase}"
|
|
|
|
|
HBASE-24318 Create-release scripts fixes and enhancements (#1643)
* narrow 'dry-run' limits so see svn activity up to just before check-in.
* Fix several typos and, in case of dry run, enable build step to chain from tag step by keeping the tagged git repo.
* Improve Maven settings.xml file, and names of variables related to it. Remove unnecessary use of "-Dmaven.repo.local", put it in settings.xml instead. Stop putting password literals in settings.xml.
* stop deleting maven settings file, now that it doesn't contain password strings
* Merge 'tag' into release-build.sh as another stage. Also found and fixed a couple bugs in the current release-tag.sh.
* Delete redundant release-tag.sh script.
* Small changes to make dev-support/create-release tools less focused
on hbase project only, while retaining special behaviors for
hbase sub-projects which share the hbase dist and jira locations.
* Changed terminology of release publish steps, from <build|publish>
to <publish-dist|publish-release>. In fact, what was formerly called
"build" built the distribution tarballs AND published them to dist,
while "publish" built the maven artifacts AND published them to Nexus.
The new terminology clarifies what's happening, and removes the appearance
of order dependendency.
* Fix publish-snapshot so it does same checks as publish-release.
* Factor out common maven usages, and move them to build-util.sh.
* Change default polarity of DRY_RUN to default to true. Change -n ("no-publish") to -f ("force publish") to actually publish.
* Fix problems in do-release.sh so it runs correctly outside of docker,
including DRY_RUN being exported.
* Have do-release.sh set REPO (shared maven local repository) if doing all three stages.
* Cleaned up REPO directory creation.
* General cleanup of comments and usage.
* fix all 'shellcheck' errors
* use ${BASH_SOURCE[0]} instead of $0 to determine script directory path
* smarter way to read version from pom with mvn
* do maven-gpg-plugin config settings in maven settings file correctly as documented
* fix gpg signing failure on Mac due to gpg-agent timeout
* fix various bugs to enable publish-dist, publish-snapshot, and publish-release to work correctly as individual steps and/or without docker
* improve log reporting from publish-release step
* fix bug in argument to checkcompatibility.py: replace PACKAGE_VERSION with GIT_REF
* demote "PACKAGE_VERSION" to "package_version_name" and undocument it in favor of RELEASE_TAG. Still enable appropriate defaulting in case RELEASE_TAG is undefined.
* unify RELEASE_VERSION with VERSION, to remove ambiguity and allow it to be set when only running 'publish' step without 'tag'
* query confirm RELEASE_TAG
* emphasize that release-build.sh is called for a single action at a time, and should be called from do-release.sh.
* add '-s' option to do-release.sh
* suppress maven "Download from central:" messages
* Replace human wait for tag propagation
Signed-off-by: Cesar Delgado <cdelgado@apple.com>
Signed-off-by: stack <stack@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-05-09 11:46:41 -04:00
|
|
|
SELF="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
# shellcheck source=SCRIPTDIR/release-util.sh
|
2019-03-18 13:46:07 -04:00
|
|
|
. "$SELF/release-util.sh"
|
2020-05-06 15:34:55 -04:00
|
|
|
ORIG_PWD="$(pwd)"
|
2019-03-18 13:46:07 -04:00
|
|
|
|
|
|
|
function usage {
|
2019-10-02 12:14:17 -04:00
|
|
|
local NAME
|
HBASE-24318 Create-release scripts fixes and enhancements (#1643)
* narrow 'dry-run' limits so see svn activity up to just before check-in.
* Fix several typos and, in case of dry run, enable build step to chain from tag step by keeping the tagged git repo.
* Improve Maven settings.xml file, and names of variables related to it. Remove unnecessary use of "-Dmaven.repo.local", put it in settings.xml instead. Stop putting password literals in settings.xml.
* stop deleting maven settings file, now that it doesn't contain password strings
* Merge 'tag' into release-build.sh as another stage. Also found and fixed a couple bugs in the current release-tag.sh.
* Delete redundant release-tag.sh script.
* Small changes to make dev-support/create-release tools less focused
on hbase project only, while retaining special behaviors for
hbase sub-projects which share the hbase dist and jira locations.
* Changed terminology of release publish steps, from <build|publish>
to <publish-dist|publish-release>. In fact, what was formerly called
"build" built the distribution tarballs AND published them to dist,
while "publish" built the maven artifacts AND published them to Nexus.
The new terminology clarifies what's happening, and removes the appearance
of order dependendency.
* Fix publish-snapshot so it does same checks as publish-release.
* Factor out common maven usages, and move them to build-util.sh.
* Change default polarity of DRY_RUN to default to true. Change -n ("no-publish") to -f ("force publish") to actually publish.
* Fix problems in do-release.sh so it runs correctly outside of docker,
including DRY_RUN being exported.
* Have do-release.sh set REPO (shared maven local repository) if doing all three stages.
* Cleaned up REPO directory creation.
* General cleanup of comments and usage.
* fix all 'shellcheck' errors
* use ${BASH_SOURCE[0]} instead of $0 to determine script directory path
* smarter way to read version from pom with mvn
* do maven-gpg-plugin config settings in maven settings file correctly as documented
* fix gpg signing failure on Mac due to gpg-agent timeout
* fix various bugs to enable publish-dist, publish-snapshot, and publish-release to work correctly as individual steps and/or without docker
* improve log reporting from publish-release step
* fix bug in argument to checkcompatibility.py: replace PACKAGE_VERSION with GIT_REF
* demote "PACKAGE_VERSION" to "package_version_name" and undocument it in favor of RELEASE_TAG. Still enable appropriate defaulting in case RELEASE_TAG is undefined.
* unify RELEASE_VERSION with VERSION, to remove ambiguity and allow it to be set when only running 'publish' step without 'tag'
* query confirm RELEASE_TAG
* emphasize that release-build.sh is called for a single action at a time, and should be called from do-release.sh.
* add '-s' option to do-release.sh
* suppress maven "Download from central:" messages
* Replace human wait for tag propagation
Signed-off-by: Cesar Delgado <cdelgado@apple.com>
Signed-off-by: stack <stack@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-05-09 11:46:41 -04:00
|
|
|
NAME="$(basename "${BASH_SOURCE[0]}")"
|
2019-03-18 13:46:07 -04:00
|
|
|
cat <<EOF
|
2021-08-04 12:22:37 -04:00
|
|
|
Usage: $NAME [OPTIONS]
|
|
|
|
Runs release scripts inside a docker image.
|
2019-03-18 13:46:07 -04:00
|
|
|
Options:
|
2021-08-04 12:22:37 -04:00
|
|
|
-d [path] Required. Working directory. Output will be written to "output" in here.
|
HBASE-24318 Create-release scripts fixes and enhancements (#1643)
* narrow 'dry-run' limits so see svn activity up to just before check-in.
* Fix several typos and, in case of dry run, enable build step to chain from tag step by keeping the tagged git repo.
* Improve Maven settings.xml file, and names of variables related to it. Remove unnecessary use of "-Dmaven.repo.local", put it in settings.xml instead. Stop putting password literals in settings.xml.
* stop deleting maven settings file, now that it doesn't contain password strings
* Merge 'tag' into release-build.sh as another stage. Also found and fixed a couple bugs in the current release-tag.sh.
* Delete redundant release-tag.sh script.
* Small changes to make dev-support/create-release tools less focused
on hbase project only, while retaining special behaviors for
hbase sub-projects which share the hbase dist and jira locations.
* Changed terminology of release publish steps, from <build|publish>
to <publish-dist|publish-release>. In fact, what was formerly called
"build" built the distribution tarballs AND published them to dist,
while "publish" built the maven artifacts AND published them to Nexus.
The new terminology clarifies what's happening, and removes the appearance
of order dependendency.
* Fix publish-snapshot so it does same checks as publish-release.
* Factor out common maven usages, and move them to build-util.sh.
* Change default polarity of DRY_RUN to default to true. Change -n ("no-publish") to -f ("force publish") to actually publish.
* Fix problems in do-release.sh so it runs correctly outside of docker,
including DRY_RUN being exported.
* Have do-release.sh set REPO (shared maven local repository) if doing all three stages.
* Cleaned up REPO directory creation.
* General cleanup of comments and usage.
* fix all 'shellcheck' errors
* use ${BASH_SOURCE[0]} instead of $0 to determine script directory path
* smarter way to read version from pom with mvn
* do maven-gpg-plugin config settings in maven settings file correctly as documented
* fix gpg signing failure on Mac due to gpg-agent timeout
* fix various bugs to enable publish-dist, publish-snapshot, and publish-release to work correctly as individual steps and/or without docker
* improve log reporting from publish-release step
* fix bug in argument to checkcompatibility.py: replace PACKAGE_VERSION with GIT_REF
* demote "PACKAGE_VERSION" to "package_version_name" and undocument it in favor of RELEASE_TAG. Still enable appropriate defaulting in case RELEASE_TAG is undefined.
* unify RELEASE_VERSION with VERSION, to remove ambiguity and allow it to be set when only running 'publish' step without 'tag'
* query confirm RELEASE_TAG
* emphasize that release-build.sh is called for a single action at a time, and should be called from do-release.sh.
* add '-s' option to do-release.sh
* suppress maven "Download from central:" messages
* Replace human wait for tag propagation
Signed-off-by: Cesar Delgado <cdelgado@apple.com>
Signed-off-by: stack <stack@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-05-09 11:46:41 -04:00
|
|
|
-f "force" -- actually publish this release. Unless you specify '-f', it will
|
2021-08-04 12:22:37 -04:00
|
|
|
default to dry run mode, which checks and does local builds, but does not
|
|
|
|
upload anything.
|
|
|
|
-t [tag] Tag for the hbase-rm docker image to use for building (default: "latest").
|
|
|
|
-j [path] Path to local JDK installation to use building. By default the script will
|
2019-03-18 13:46:07 -04:00
|
|
|
use openjdk8 installed in the docker image.
|
2021-08-04 12:22:37 -04:00
|
|
|
-p [project] Project to build: e.g. 'hbase' or 'hbase-thirdparty'; defaults to PROJECT env var
|
|
|
|
-r [repo] Git repo to use for remote git operations. defaults to ASF gitbox for project.
|
|
|
|
-s [step] Runs a single step of the process; valid steps: tag|publish-dist|publish-release.
|
HBASE-24318 Create-release scripts fixes and enhancements (#1643)
* narrow 'dry-run' limits so see svn activity up to just before check-in.
* Fix several typos and, in case of dry run, enable build step to chain from tag step by keeping the tagged git repo.
* Improve Maven settings.xml file, and names of variables related to it. Remove unnecessary use of "-Dmaven.repo.local", put it in settings.xml instead. Stop putting password literals in settings.xml.
* stop deleting maven settings file, now that it doesn't contain password strings
* Merge 'tag' into release-build.sh as another stage. Also found and fixed a couple bugs in the current release-tag.sh.
* Delete redundant release-tag.sh script.
* Small changes to make dev-support/create-release tools less focused
on hbase project only, while retaining special behaviors for
hbase sub-projects which share the hbase dist and jira locations.
* Changed terminology of release publish steps, from <build|publish>
to <publish-dist|publish-release>. In fact, what was formerly called
"build" built the distribution tarballs AND published them to dist,
while "publish" built the maven artifacts AND published them to Nexus.
The new terminology clarifies what's happening, and removes the appearance
of order dependendency.
* Fix publish-snapshot so it does same checks as publish-release.
* Factor out common maven usages, and move them to build-util.sh.
* Change default polarity of DRY_RUN to default to true. Change -n ("no-publish") to -f ("force publish") to actually publish.
* Fix problems in do-release.sh so it runs correctly outside of docker,
including DRY_RUN being exported.
* Have do-release.sh set REPO (shared maven local repository) if doing all three stages.
* Cleaned up REPO directory creation.
* General cleanup of comments and usage.
* fix all 'shellcheck' errors
* use ${BASH_SOURCE[0]} instead of $0 to determine script directory path
* smarter way to read version from pom with mvn
* do maven-gpg-plugin config settings in maven settings file correctly as documented
* fix gpg signing failure on Mac due to gpg-agent timeout
* fix various bugs to enable publish-dist, publish-snapshot, and publish-release to work correctly as individual steps and/or without docker
* improve log reporting from publish-release step
* fix bug in argument to checkcompatibility.py: replace PACKAGE_VERSION with GIT_REF
* demote "PACKAGE_VERSION" to "package_version_name" and undocument it in favor of RELEASE_TAG. Still enable appropriate defaulting in case RELEASE_TAG is undefined.
* unify RELEASE_VERSION with VERSION, to remove ambiguity and allow it to be set when only running 'publish' step without 'tag'
* query confirm RELEASE_TAG
* emphasize that release-build.sh is called for a single action at a time, and should be called from do-release.sh.
* add '-s' option to do-release.sh
* suppress maven "Download from central:" messages
* Replace human wait for tag propagation
Signed-off-by: Cesar Delgado <cdelgado@apple.com>
Signed-off-by: stack <stack@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-05-09 11:46:41 -04:00
|
|
|
If none specified, runs tag, then publish-dist, and then publish-release.
|
|
|
|
'publish-snapshot' is also an allowed, less used, option.
|
2021-08-04 12:22:37 -04:00
|
|
|
-x Debug. Does less clean up (env file, gpg forwarding on mac)
|
2019-03-18 13:46:07 -04:00
|
|
|
EOF
|
2020-05-07 14:31:31 -04:00
|
|
|
exit 1
|
2019-03-18 13:46:07 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
WORKDIR=
|
|
|
|
IMGTAG=latest
|
|
|
|
JAVA=
|
|
|
|
RELEASE_STEP=
|
2020-05-06 15:34:55 -04:00
|
|
|
GIT_REPO=
|
2020-04-18 01:40:19 -04:00
|
|
|
while getopts "d:fhj:p:r:s:t:x" opt; do
|
2019-03-18 13:46:07 -04:00
|
|
|
case $opt in
|
|
|
|
d) WORKDIR="$OPTARG" ;;
|
HBASE-24318 Create-release scripts fixes and enhancements (#1643)
* narrow 'dry-run' limits so see svn activity up to just before check-in.
* Fix several typos and, in case of dry run, enable build step to chain from tag step by keeping the tagged git repo.
* Improve Maven settings.xml file, and names of variables related to it. Remove unnecessary use of "-Dmaven.repo.local", put it in settings.xml instead. Stop putting password literals in settings.xml.
* stop deleting maven settings file, now that it doesn't contain password strings
* Merge 'tag' into release-build.sh as another stage. Also found and fixed a couple bugs in the current release-tag.sh.
* Delete redundant release-tag.sh script.
* Small changes to make dev-support/create-release tools less focused
on hbase project only, while retaining special behaviors for
hbase sub-projects which share the hbase dist and jira locations.
* Changed terminology of release publish steps, from <build|publish>
to <publish-dist|publish-release>. In fact, what was formerly called
"build" built the distribution tarballs AND published them to dist,
while "publish" built the maven artifacts AND published them to Nexus.
The new terminology clarifies what's happening, and removes the appearance
of order dependendency.
* Fix publish-snapshot so it does same checks as publish-release.
* Factor out common maven usages, and move them to build-util.sh.
* Change default polarity of DRY_RUN to default to true. Change -n ("no-publish") to -f ("force publish") to actually publish.
* Fix problems in do-release.sh so it runs correctly outside of docker,
including DRY_RUN being exported.
* Have do-release.sh set REPO (shared maven local repository) if doing all three stages.
* Cleaned up REPO directory creation.
* General cleanup of comments and usage.
* fix all 'shellcheck' errors
* use ${BASH_SOURCE[0]} instead of $0 to determine script directory path
* smarter way to read version from pom with mvn
* do maven-gpg-plugin config settings in maven settings file correctly as documented
* fix gpg signing failure on Mac due to gpg-agent timeout
* fix various bugs to enable publish-dist, publish-snapshot, and publish-release to work correctly as individual steps and/or without docker
* improve log reporting from publish-release step
* fix bug in argument to checkcompatibility.py: replace PACKAGE_VERSION with GIT_REF
* demote "PACKAGE_VERSION" to "package_version_name" and undocument it in favor of RELEASE_TAG. Still enable appropriate defaulting in case RELEASE_TAG is undefined.
* unify RELEASE_VERSION with VERSION, to remove ambiguity and allow it to be set when only running 'publish' step without 'tag'
* query confirm RELEASE_TAG
* emphasize that release-build.sh is called for a single action at a time, and should be called from do-release.sh.
* add '-s' option to do-release.sh
* suppress maven "Download from central:" messages
* Replace human wait for tag propagation
Signed-off-by: Cesar Delgado <cdelgado@apple.com>
Signed-off-by: stack <stack@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-05-09 11:46:41 -04:00
|
|
|
f) DRY_RUN=0 ;;
|
2019-03-18 13:46:07 -04:00
|
|
|
t) IMGTAG="$OPTARG" ;;
|
|
|
|
j) JAVA="$OPTARG" ;;
|
2019-10-02 12:14:17 -04:00
|
|
|
p) PROJECT="$OPTARG" ;;
|
2020-05-06 15:34:55 -04:00
|
|
|
r) GIT_REPO="$OPTARG" ;;
|
2019-03-18 13:46:07 -04:00
|
|
|
s) RELEASE_STEP="$OPTARG" ;;
|
2020-04-18 01:40:19 -04:00
|
|
|
x) DEBUG=1 ;;
|
2019-03-18 13:46:07 -04:00
|
|
|
h) usage ;;
|
|
|
|
?) error "Invalid option. Run with -h for help." ;;
|
|
|
|
esac
|
|
|
|
done
|
HBASE-24318 Create-release scripts fixes and enhancements (#1643)
* narrow 'dry-run' limits so see svn activity up to just before check-in.
* Fix several typos and, in case of dry run, enable build step to chain from tag step by keeping the tagged git repo.
* Improve Maven settings.xml file, and names of variables related to it. Remove unnecessary use of "-Dmaven.repo.local", put it in settings.xml instead. Stop putting password literals in settings.xml.
* stop deleting maven settings file, now that it doesn't contain password strings
* Merge 'tag' into release-build.sh as another stage. Also found and fixed a couple bugs in the current release-tag.sh.
* Delete redundant release-tag.sh script.
* Small changes to make dev-support/create-release tools less focused
on hbase project only, while retaining special behaviors for
hbase sub-projects which share the hbase dist and jira locations.
* Changed terminology of release publish steps, from <build|publish>
to <publish-dist|publish-release>. In fact, what was formerly called
"build" built the distribution tarballs AND published them to dist,
while "publish" built the maven artifacts AND published them to Nexus.
The new terminology clarifies what's happening, and removes the appearance
of order dependendency.
* Fix publish-snapshot so it does same checks as publish-release.
* Factor out common maven usages, and move them to build-util.sh.
* Change default polarity of DRY_RUN to default to true. Change -n ("no-publish") to -f ("force publish") to actually publish.
* Fix problems in do-release.sh so it runs correctly outside of docker,
including DRY_RUN being exported.
* Have do-release.sh set REPO (shared maven local repository) if doing all three stages.
* Cleaned up REPO directory creation.
* General cleanup of comments and usage.
* fix all 'shellcheck' errors
* use ${BASH_SOURCE[0]} instead of $0 to determine script directory path
* smarter way to read version from pom with mvn
* do maven-gpg-plugin config settings in maven settings file correctly as documented
* fix gpg signing failure on Mac due to gpg-agent timeout
* fix various bugs to enable publish-dist, publish-snapshot, and publish-release to work correctly as individual steps and/or without docker
* improve log reporting from publish-release step
* fix bug in argument to checkcompatibility.py: replace PACKAGE_VERSION with GIT_REF
* demote "PACKAGE_VERSION" to "package_version_name" and undocument it in favor of RELEASE_TAG. Still enable appropriate defaulting in case RELEASE_TAG is undefined.
* unify RELEASE_VERSION with VERSION, to remove ambiguity and allow it to be set when only running 'publish' step without 'tag'
* query confirm RELEASE_TAG
* emphasize that release-build.sh is called for a single action at a time, and should be called from do-release.sh.
* add '-s' option to do-release.sh
* suppress maven "Download from central:" messages
* Replace human wait for tag propagation
Signed-off-by: Cesar Delgado <cdelgado@apple.com>
Signed-off-by: stack <stack@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-05-09 11:46:41 -04:00
|
|
|
shift $((OPTIND-1))
|
|
|
|
if (( $# > 0 )); then
|
|
|
|
error "Arguments can only be provided with option flags, invalid args: $*"
|
|
|
|
fi
|
2020-04-18 01:40:19 -04:00
|
|
|
export DEBUG
|
2019-03-18 13:46:07 -04:00
|
|
|
|
|
|
|
if [ -z "$WORKDIR" ] || [ ! -d "$WORKDIR" ]; then
|
|
|
|
error "Work directory (-d) must be defined and exist. Run with -h for help."
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -d "$WORKDIR/output" ]; then
|
2019-10-02 12:14:17 -04:00
|
|
|
read -r -p "Output directory already exists. Overwrite and continue? [y/n] " ANSWER
|
2019-03-18 13:46:07 -04:00
|
|
|
if [ "$ANSWER" != "y" ]; then
|
|
|
|
error "Exiting."
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2020-04-18 01:40:19 -04:00
|
|
|
if [ -f "${WORKDIR}/gpg-proxy.ssh.pid" ] || \
|
|
|
|
[ -f "${WORKDIR}/gpg-proxy.cid" ] || \
|
|
|
|
[ -f "${WORKDIR}/release.cid" ]; then
|
|
|
|
read -r -p "container/pid files from prior run exists. Overwrite and continue? [y/n] " ANSWER
|
|
|
|
if [ "$ANSWER" != "y" ]; then
|
|
|
|
error "Exiting."
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2019-03-18 13:46:07 -04:00
|
|
|
cd "$WORKDIR"
|
|
|
|
rm -rf "$WORKDIR/output"
|
2020-04-18 01:40:19 -04:00
|
|
|
rm -rf "${WORKDIR}/gpg-proxy.ssh.pid" "${WORKDIR}/gpg-proxy.cid" "${WORKDIR}/release.cid"
|
2019-03-18 13:46:07 -04:00
|
|
|
mkdir "$WORKDIR/output"
|
|
|
|
|
2020-04-18 01:40:19 -04:00
|
|
|
banner "Gathering release details."
|
|
|
|
HOST_OS="$(get_host_os)"
|
2019-03-18 13:46:07 -04:00
|
|
|
get_release_info
|
|
|
|
|
2020-04-18 01:40:19 -04:00
|
|
|
banner "Setup"
|
|
|
|
|
2019-03-18 13:46:07 -04:00
|
|
|
# Place all RM scripts and necessary data in a local directory that must be defined in the command
|
|
|
|
# line. This directory is mounted into the image. Its WORKDIR, the arg passed with -d.
|
|
|
|
for f in "$SELF"/*; do
|
|
|
|
if [ -f "$f" ]; then
|
|
|
|
cp "$f" "$WORKDIR"
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2020-04-18 01:40:19 -04:00
|
|
|
# We need to import that public key in the container in order to use the private key via the agent.
|
|
|
|
GPG_KEY_FILE="$WORKDIR/gpg.key.public"
|
2020-12-09 19:54:18 -05:00
|
|
|
log "Exporting public key for ${GPG_KEY}"
|
2019-03-18 13:46:07 -04:00
|
|
|
fcreate_secure "$GPG_KEY_FILE"
|
2020-04-18 01:40:19 -04:00
|
|
|
$GPG "${GPG_ARGS[@]}" --export "${GPG_KEY}" > "${GPG_KEY_FILE}"
|
|
|
|
|
|
|
|
function cleanup {
|
|
|
|
local id
|
|
|
|
banner "Release Cleanup"
|
|
|
|
if is_debug; then
|
2020-12-09 19:54:18 -05:00
|
|
|
log "skipping due to debug run"
|
2020-04-18 01:40:19 -04:00
|
|
|
return 0
|
|
|
|
fi
|
2020-12-09 19:54:18 -05:00
|
|
|
log "details in cleanup.log"
|
2020-04-18 01:40:19 -04:00
|
|
|
if [ -f "${ENVFILE}" ]; then
|
|
|
|
rm -f "$ENVFILE"
|
|
|
|
fi
|
|
|
|
rm -f "$GPG_KEY_FILE"
|
|
|
|
if [ -f "${WORKDIR}/gpg-proxy.ssh.pid" ]; then
|
|
|
|
id=$(cat "${WORKDIR}/gpg-proxy.ssh.pid")
|
|
|
|
echo "Stopping ssh tunnel for gpg-agent at PID ${id}" | tee -a cleanup.log
|
|
|
|
kill -9 "${id}" >>cleanup.log 2>&1 || true
|
|
|
|
rm -f "${WORKDIR}/gpg-proxy.ssh.pid" >>cleanup.log 2>&1
|
|
|
|
fi
|
|
|
|
if [ -f "${WORKDIR}/gpg-proxy.cid" ]; then
|
|
|
|
id=$(cat "${WORKDIR}/gpg-proxy.cid")
|
|
|
|
echo "Stopping gpg-proxy container with ID ${id}" | tee -a cleanup.log
|
|
|
|
docker kill "${id}" >>cleanup.log 2>&1 || true
|
|
|
|
rm -f "${WORKDIR}/gpg-proxy.cid" >>cleanup.log 2>&1
|
|
|
|
# TODO we should remove the gpgagent volume?
|
|
|
|
fi
|
|
|
|
if [ -f "${WORKDIR}/release.cid" ]; then
|
|
|
|
id=$(cat "${WORKDIR}/release.cid")
|
|
|
|
echo "Stopping release container with ID ${id}" | tee -a cleanup.log
|
|
|
|
docker kill "${id}" >>cleanup.log 2>&1 || true
|
|
|
|
rm -f "${WORKDIR}/release.cid" >>cleanup.log 2>&1
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
trap cleanup EXIT
|
|
|
|
|
2020-12-09 19:54:18 -05:00
|
|
|
log "Host OS: ${HOST_OS}"
|
2020-04-18 01:40:19 -04:00
|
|
|
if [ "${HOST_OS}" == "DARWIN" ]; then
|
|
|
|
run_silent "Building gpg-agent-proxy image with tag ${IMGTAG}..." "docker-proxy-build.log" \
|
|
|
|
docker build --build-arg "UID=${UID}" --build-arg "RM_USER=${USER}" \
|
|
|
|
--tag "org.apache.hbase/gpg-agent-proxy:${IMGTAG}" "${SELF}/mac-sshd-gpg-agent"
|
|
|
|
fi
|
2019-03-18 13:46:07 -04:00
|
|
|
|
|
|
|
run_silent "Building hbase-rm image with tag $IMGTAG..." "docker-build.log" \
|
2020-04-18 01:40:19 -04:00
|
|
|
docker build --tag "org.apache.hbase/hbase-rm:$IMGTAG" --build-arg "UID=$UID" \
|
|
|
|
--build-arg "RM_USER=${USER}" "$SELF/hbase-rm"
|
2019-03-18 13:46:07 -04:00
|
|
|
|
2020-04-18 01:40:19 -04:00
|
|
|
banner "Final prep for container launch."
|
2020-12-09 19:54:18 -05:00
|
|
|
log "Writing out environment for container."
|
2019-03-18 13:46:07 -04:00
|
|
|
# Write the release information to a file with environment variables to be used when running the
|
|
|
|
# image.
|
|
|
|
ENVFILE="$WORKDIR/env.list"
|
|
|
|
fcreate_secure "$ENVFILE"
|
|
|
|
|
2019-10-02 12:14:17 -04:00
|
|
|
cat > "$ENVFILE" <<EOF
|
2019-10-08 18:12:14 -04:00
|
|
|
PROJECT=$PROJECT
|
2019-03-18 13:46:07 -04:00
|
|
|
DRY_RUN=$DRY_RUN
|
|
|
|
SKIP_TAG=$SKIP_TAG
|
|
|
|
RUNNING_IN_DOCKER=1
|
|
|
|
GIT_BRANCH=$GIT_BRANCH
|
|
|
|
NEXT_VERSION=$NEXT_VERSION
|
2022-10-24 07:23:38 -04:00
|
|
|
PREV_VERSION=$PREV_VERSION
|
2019-03-18 13:46:07 -04:00
|
|
|
RELEASE_VERSION=$RELEASE_VERSION
|
|
|
|
RELEASE_TAG=$RELEASE_TAG
|
|
|
|
GIT_REF=$GIT_REF
|
|
|
|
ASF_USERNAME=$ASF_USERNAME
|
|
|
|
GIT_NAME=$GIT_NAME
|
|
|
|
GIT_EMAIL=$GIT_EMAIL
|
|
|
|
GPG_KEY=$GPG_KEY
|
|
|
|
ASF_PASSWORD=$ASF_PASSWORD
|
|
|
|
RELEASE_STEP=$RELEASE_STEP
|
|
|
|
API_DIFF_TAG=$API_DIFF_TAG
|
2020-04-18 01:40:19 -04:00
|
|
|
HOST_OS=$HOST_OS
|
2019-03-18 13:46:07 -04:00
|
|
|
EOF
|
|
|
|
|
2020-04-18 01:40:19 -04:00
|
|
|
JAVA_MOUNT=()
|
2019-03-18 13:46:07 -04:00
|
|
|
if [ -n "$JAVA" ]; then
|
2019-10-02 12:14:17 -04:00
|
|
|
echo "JAVA_HOME=/opt/hbase-java" >> "$ENVFILE"
|
2020-04-18 01:40:19 -04:00
|
|
|
JAVA_MOUNT=(--mount "type=bind,src=${JAVA},dst=/opt/hbase-java,readonly")
|
2019-03-18 13:46:07 -04:00
|
|
|
fi
|
|
|
|
|
2020-05-06 15:34:55 -04:00
|
|
|
#TODO some debug output would be good here
|
|
|
|
GIT_REPO_MOUNT=()
|
|
|
|
if [ -n "${GIT_REPO}" ]; then
|
|
|
|
case "${GIT_REPO}" in
|
|
|
|
# skip the easy to identify remote protocols
|
|
|
|
ssh://*|git://*|http://*|https://*|ftp://*|ftps://*) ;;
|
|
|
|
# for sure local
|
|
|
|
/*)
|
2020-06-04 20:29:32 -04:00
|
|
|
GIT_REPO_MOUNT=(--mount "type=bind,src=${GIT_REPO},dst=/opt/hbase-repo,consistency=delegated")
|
2020-05-06 15:34:55 -04:00
|
|
|
echo "HOST_GIT_REPO=${GIT_REPO}" >> "${ENVFILE}"
|
|
|
|
GIT_REPO="/opt/hbase-repo"
|
|
|
|
;;
|
|
|
|
# on the host but normally git wouldn't use the local optimization
|
|
|
|
file://*)
|
2020-12-09 19:54:18 -05:00
|
|
|
log "Converted file:// git repo to a local path, which changes git to assume --local."
|
2020-06-04 20:29:32 -04:00
|
|
|
GIT_REPO_MOUNT=(--mount "type=bind,src=${GIT_REPO#file://},dst=/opt/hbase-repo,consistency=delegated")
|
2020-05-06 15:34:55 -04:00
|
|
|
echo "HOST_GIT_REPO=${GIT_REPO}" >> "${ENVFILE}"
|
|
|
|
GIT_REPO="/opt/hbase-repo"
|
|
|
|
;;
|
|
|
|
# have to decide if it's a local path or the "scp-ish" remote
|
|
|
|
*)
|
|
|
|
declare colon_remove_prefix;
|
|
|
|
declare slash_remove_prefix;
|
|
|
|
declare local_path;
|
|
|
|
colon_remove_prefix="${GIT_REPO#*:}"
|
|
|
|
slash_remove_prefix="${GIT_REPO#*/}"
|
|
|
|
if [ "${GIT_REPO}" = "${colon_remove_prefix}" ]; then
|
|
|
|
# if there was no colon at all, we assume this must be a local path
|
|
|
|
local_path="no colon at all"
|
|
|
|
elif [ "${GIT_REPO}" != "${slash_remove_prefix}" ]; then
|
|
|
|
# if there was a colon and there is no slash, then we assume it must be scp-style host
|
|
|
|
# and a relative path
|
|
|
|
|
|
|
|
if [ "${#colon_remove_prefix}" -lt "${#slash_remove_prefix}" ]; then
|
|
|
|
# Given the substrings made by removing everything up to the first colon and slash
|
|
|
|
# we can determine which comes first based on the longer substring length.
|
|
|
|
# if the slash is first, then we assume the colon is part of a path name and if the colon
|
|
|
|
# is first then it is the seperator between a scp-style host name and the path.
|
|
|
|
local_path="slash happened before a colon"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ -n "${local_path}" ]; then
|
|
|
|
# convert to an absolute path
|
|
|
|
GIT_REPO="$(cd "$(dirname "${ORIG_PWD}/${GIT_REPO}")"; pwd)/$(basename "${ORIG_PWD}/${GIT_REPO}")"
|
2020-06-04 20:29:32 -04:00
|
|
|
GIT_REPO_MOUNT=(--mount "type=bind,src=${GIT_REPO},dst=/opt/hbase-repo,consistency=delegated")
|
2020-05-06 15:34:55 -04:00
|
|
|
echo "HOST_GIT_REPO=${GIT_REPO}" >> "${ENVFILE}"
|
|
|
|
GIT_REPO="/opt/hbase-repo"
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
echo "GIT_REPO=${GIT_REPO}" >> "${ENVFILE}"
|
|
|
|
fi
|
|
|
|
|
2020-04-18 01:40:19 -04:00
|
|
|
GPG_PROXY_MOUNT=()
|
|
|
|
if [ "${HOST_OS}" == "DARWIN" ]; then
|
|
|
|
GPG_PROXY_MOUNT=(--mount "type=volume,src=gpgagent,dst=/home/${USER}/.gnupg/")
|
2020-12-09 19:54:18 -05:00
|
|
|
log "Setting up GPG agent proxy container needed on OS X."
|
|
|
|
log " we should clean this up for you. If that fails the container ID is below and in " \
|
2020-04-18 01:40:19 -04:00
|
|
|
"gpg-proxy.cid"
|
|
|
|
#TODO the key pair used should be configurable
|
|
|
|
docker run --rm -p 62222:22 \
|
|
|
|
--detach --cidfile "${WORKDIR}/gpg-proxy.cid" \
|
|
|
|
--mount \
|
|
|
|
"type=bind,src=${HOME}/.ssh/id_rsa.pub,dst=/home/${USER}/.ssh/authorized_keys,readonly" \
|
|
|
|
"${GPG_PROXY_MOUNT[@]}" \
|
|
|
|
"org.apache.hbase/gpg-agent-proxy:${IMGTAG}"
|
|
|
|
# gotta trust the container host
|
|
|
|
ssh-keyscan -p 62222 localhost 2>/dev/null | sort > "${WORKDIR}/gpg-agent-proxy.ssh-keyscan"
|
|
|
|
sort "${HOME}/.ssh/known_hosts" | comm -1 -3 - "${WORKDIR}/gpg-agent-proxy.ssh-keyscan" \
|
|
|
|
> "${WORKDIR}/gpg-agent-proxy.known_hosts"
|
|
|
|
if [ -s "${WORKDIR}/gpg-agent-proxy.known_hosts" ]; then
|
2020-12-09 19:54:18 -05:00
|
|
|
log "Your ssh known_hosts does not include the entries for the gpg-agent proxy container."
|
|
|
|
log "The following entry(ies) are missing:"
|
2020-04-18 01:40:19 -04:00
|
|
|
sed -e 's/^/ /' "${WORKDIR}/gpg-agent-proxy.known_hosts"
|
|
|
|
read -r -p "Okay to add these entries to ${HOME}/.ssh/known_hosts? [y/n] " ANSWER
|
|
|
|
if [ "$ANSWER" != "y" ]; then
|
|
|
|
error "Exiting."
|
|
|
|
fi
|
|
|
|
cat "${WORKDIR}/gpg-agent-proxy.known_hosts" >> "${HOME}/.ssh/known_hosts"
|
|
|
|
fi
|
2020-12-09 19:54:18 -05:00
|
|
|
log "Launching ssh reverse tunnel from the container to gpg agent."
|
|
|
|
log " we should clean this up for you. If that fails the PID is in gpg-proxy.ssh.pid"
|
2022-11-09 08:33:19 -05:00
|
|
|
ssh -p 62222 -R "/home/${USER}/.gnupg/S.gpg-agent:$(gpgconf --list-dir agent-socket)" \
|
2020-04-18 01:40:19 -04:00
|
|
|
-i "${HOME}/.ssh/id_rsa" -N -n localhost >gpg-proxy.ssh.log 2>&1 &
|
|
|
|
echo $! > "${WORKDIR}/gpg-proxy.ssh.pid"
|
|
|
|
else
|
|
|
|
# Note that on linux we always directly mount the gpg agent's extra socket to limit what the
|
|
|
|
# container can ask the gpg-agent to do.
|
|
|
|
# When working on a remote linux machine you should be sure to forward both the remote machine's
|
|
|
|
# agent socket and agent extra socket to your local gpg-agent's extra socket. See the README.txt
|
|
|
|
# for an example.
|
|
|
|
GPG_PROXY_MOUNT=(--mount \
|
2022-11-09 08:33:19 -05:00
|
|
|
"type=bind,src=$(gpgconf --list-dir agent-socket),dst=/home/${USER}/.gnupg/S.gpg-agent")
|
2020-04-18 01:40:19 -04:00
|
|
|
fi
|
|
|
|
|
|
|
|
banner "Building $RELEASE_TAG; output will be at $WORKDIR/output"
|
2020-12-09 19:54:18 -05:00
|
|
|
log "We should clean the container up when we are done. If that fails then the container ID " \
|
2020-04-18 01:40:19 -04:00
|
|
|
"is in release.cid"
|
|
|
|
echo
|
2020-12-09 19:54:18 -05:00
|
|
|
# Where possible we specify "consistency=delegated" when we do not need host access during the
|
2020-06-04 20:29:32 -04:00
|
|
|
# build run. On Mac OS X specifically this gets us a big perf improvement.
|
2020-04-18 01:40:19 -04:00
|
|
|
cmd=(docker run --rm -ti \
|
2019-03-18 13:46:07 -04:00
|
|
|
--env-file "$ENVFILE" \
|
2020-04-18 01:40:19 -04:00
|
|
|
--cidfile "${WORKDIR}/release.cid" \
|
|
|
|
--mount "type=bind,src=${WORKDIR},dst=/home/${USER}/hbase-rm,consistency=delegated" \
|
|
|
|
"${JAVA_MOUNT[@]}" \
|
2020-05-06 15:34:55 -04:00
|
|
|
"${GIT_REPO_MOUNT[@]}" \
|
2020-04-18 01:40:19 -04:00
|
|
|
"${GPG_PROXY_MOUNT[@]}" \
|
|
|
|
"org.apache.hbase/hbase-rm:$IMGTAG")
|
HBASE-24318 Create-release scripts fixes and enhancements (#1643)
* narrow 'dry-run' limits so see svn activity up to just before check-in.
* Fix several typos and, in case of dry run, enable build step to chain from tag step by keeping the tagged git repo.
* Improve Maven settings.xml file, and names of variables related to it. Remove unnecessary use of "-Dmaven.repo.local", put it in settings.xml instead. Stop putting password literals in settings.xml.
* stop deleting maven settings file, now that it doesn't contain password strings
* Merge 'tag' into release-build.sh as another stage. Also found and fixed a couple bugs in the current release-tag.sh.
* Delete redundant release-tag.sh script.
* Small changes to make dev-support/create-release tools less focused
on hbase project only, while retaining special behaviors for
hbase sub-projects which share the hbase dist and jira locations.
* Changed terminology of release publish steps, from <build|publish>
to <publish-dist|publish-release>. In fact, what was formerly called
"build" built the distribution tarballs AND published them to dist,
while "publish" built the maven artifacts AND published them to Nexus.
The new terminology clarifies what's happening, and removes the appearance
of order dependendency.
* Fix publish-snapshot so it does same checks as publish-release.
* Factor out common maven usages, and move them to build-util.sh.
* Change default polarity of DRY_RUN to default to true. Change -n ("no-publish") to -f ("force publish") to actually publish.
* Fix problems in do-release.sh so it runs correctly outside of docker,
including DRY_RUN being exported.
* Have do-release.sh set REPO (shared maven local repository) if doing all three stages.
* Cleaned up REPO directory creation.
* General cleanup of comments and usage.
* fix all 'shellcheck' errors
* use ${BASH_SOURCE[0]} instead of $0 to determine script directory path
* smarter way to read version from pom with mvn
* do maven-gpg-plugin config settings in maven settings file correctly as documented
* fix gpg signing failure on Mac due to gpg-agent timeout
* fix various bugs to enable publish-dist, publish-snapshot, and publish-release to work correctly as individual steps and/or without docker
* improve log reporting from publish-release step
* fix bug in argument to checkcompatibility.py: replace PACKAGE_VERSION with GIT_REF
* demote "PACKAGE_VERSION" to "package_version_name" and undocument it in favor of RELEASE_TAG. Still enable appropriate defaulting in case RELEASE_TAG is undefined.
* unify RELEASE_VERSION with VERSION, to remove ambiguity and allow it to be set when only running 'publish' step without 'tag'
* query confirm RELEASE_TAG
* emphasize that release-build.sh is called for a single action at a time, and should be called from do-release.sh.
* add '-s' option to do-release.sh
* suppress maven "Download from central:" messages
* Replace human wait for tag propagation
Signed-off-by: Cesar Delgado <cdelgado@apple.com>
Signed-off-by: stack <stack@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-05-09 11:46:41 -04:00
|
|
|
echo "${cmd[*]}"
|
|
|
|
"${cmd[@]}"
|