diff --git a/.github/workflows/analyze.yml b/.github/workflows/analyze.yml index f3c9f8e99..48e99a92f 100644 --- a/.github/workflows/analyze.yml +++ b/.github/workflows/analyze.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Java 17 uses: actions/setup-java@v3 with: @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Java 17 uses: actions/setup-java@v3 with: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 51cdba2b8..76de7735f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Java 17 uses: actions/setup-java@v3 with: @@ -29,7 +29,7 @@ jobs: runs-on: macos-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Java 17 uses: actions/setup-java@v3 with: @@ -44,7 +44,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Java 17 uses: actions/setup-java@v3 with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 55f324af1..ac8f4e601 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,13 +21,13 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'java', 'javascript' ] + language: [ 'java' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Java 17 uses: actions/setup-java@v3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..f69109dd8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,72 @@ +name: Release + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+' + +jobs: + publish-candidate: + name: Publish candidate + runs-on: ubuntu-latest + steps: + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Java 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: temurin + cache: maven + server-username: NEXUS_USER + server-password: NEXUS_PW + gpg-private-key: ${{ secrets.BAREMAPS_GPG_SECRET_KEY }} + + - name: Extract variables + id: variables + run: | + echo "git_tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT + echo "git_version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT + echo "mvn_version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT + + - name: Build candidate + run: mvn install -DskipTests -Dmaven.javadoc.skip=true -B -V + + - name: Set up GPG + run: | + echo "${{ secrets.BAREMAPS_GPG_SECRET_KEY }}" | gpg --batch --import + gpg --list-keys + env: + GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} + + - name: Sign and hash candidate + run: | + cd ./baremaps-cli/target + mv apache-baremaps-${{ steps.variables.outputs.mvn_version }}-incubating-src.tar.gz apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-src.tar.gz + shasum -a 512 "./apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-src.tar.gz" > "./apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-src.tar.gz.sha512" + gpg --no-tty --quiet --pinentry-mode loopback --default-key "${{ secrets.GPG_KEY_ID }}" --batch --yes --output "./apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-src.tar.gz.asc" --detach-sign --armor "./apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-src.tar.gz" + mv apache-baremaps-${{ steps.variables.outputs.mvn_version }}-incubating-bin.tar.gz apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-bin.tar.gz + shasum -a 512 "./apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-bin.tar.gz" > "./apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-bin.tar.gz.sha512" + gpg --no-tty --quiet --pinentry-mode loopback --default-key "${{ secrets.GPG_KEY_ID }}" --batch --yes --output "./apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-bin.tar.gz.asc" --detach-sign --armor "./apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-bin.tar.gz" + cd - + + - name: Publish release candidate on GitHub + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release create "${{ steps.variables.outputs.git_tag }}" --draft --prerelease --title "Apache Baremaps ${{ steps.variables.outputs.git_version }} (incubating)" --repo ${{ github.repository }} --generate-notes + gh release upload --clobber "${{ steps.variables.outputs.git_tag }}" ./baremaps-cli/target/apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-src.tar.gz + gh release upload --clobber "${{ steps.variables.outputs.git_tag }}" ./baremaps-cli/target/apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-src.tar.gz.sha512 + gh release upload --clobber "${{ steps.variables.outputs.git_tag }}" ./baremaps-cli/target/apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-src.tar.gz.asc + gh release upload --clobber "${{ steps.variables.outputs.git_tag }}" ./baremaps-cli/target/apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-bin.tar.gz + gh release upload --clobber "${{ steps.variables.outputs.git_tag }}" ./baremaps-cli/target/apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-bin.tar.gz.sha512 + gh release upload --clobber "${{ steps.variables.outputs.git_tag }}" ./baremaps-cli/target/apache-baremaps-${{ steps.variables.outputs.git_version }}-incubating-bin.tar.gz.asc + + - name: Publish release candidate on Apache SVN + run: | + mkdir -p ${{ steps.variables.outputs.git_version }} + cp ./baremaps-cli/target/apache-baremaps-${{ steps.variables.outputs.git_version }}-* ${{ steps.variables.outputs.git_version }} + svn --username "${{ secrets.INCUBATOR_SVN_DEV_USERNAME }}" --password "${{ secrets.INCUBATOR_SVN_DEV_PASSWORD }}" import -m "Apache Baremaps ${{ steps.variables.outputs.git_version }} (incubating)" ${{ steps.variables.outputs.git_version }} https://dist.apache.org/repos/dist/dev/incubator/baremaps/${{ steps.variables.outputs.git_version }} + rm -rf ${{ steps.variables.outputs.git_version }} \ No newline at end of file diff --git a/.github/workflows/deploy-snapshot.yml b/.github/workflows/snapshot.yml similarity index 89% rename from .github/workflows/deploy-snapshot.yml rename to .github/workflows/snapshot.yml index 59b3da8f2..826807950 100644 --- a/.github/workflows/deploy-snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -1,4 +1,4 @@ -name: Deploy snapshot +name: Nexus on: push: @@ -6,8 +6,8 @@ on: - main jobs: - deploy-snapshot: - name: Deploy snapshot + publish-snapshot: + name: Publish snapshot runs-on: ubuntu-latest if: "!startsWith(github.ref, 'refs/tags/v')" steps: @@ -33,7 +33,7 @@ jobs: env: GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} - - name: Publish snapshots on Apache Nexus + - name: Publish snapshot artifacts on Apache Nexus env: NEXUS_USER: ${{ secrets.NEXUS_USER }} NEXUS_PW: ${{ secrets.NEXUS_PW }} diff --git a/RELEASE.md b/RELEASE.md index 76b8144ba..4548fe236 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -17,122 +17,148 @@ limitations under the License. # Release instructions +The following instructions assume that the release candidate version has been set in an environment variable: + +```bash +export RELEASE_VERSION= # e.g. 0.7.1 +export NEXT_VERSION= # e.g. 0.7.2 +export CANDIDATE_NUMBER= # e.g. 1 +export RELEASE_MANAGER_NAME= # e.g. John Doe +export COMMIT_HASH= # e.g. 1234567890 +``` + In order to release a new version of Apache Baremaps, follow these steps: - [ ] Notify the mailing list and ask everyone to pause commits on the main branch -- [ ] Create a new issue on GitHub with the title "Release Baremaps " -- [ ] Create a new branch for the release (e.g. `release-`) +- [ ] Create a new issue on GitHub with the title "Release Baremaps $RELEASE_VERSION" +- [ ] Create a new branch for the release (e.g. `release-$RELEASE_VERSION`) ```bash cd baremaps -git checkout -b release- -git push --set-upstream origin release- +git checkout -b release-$RELEASE_VERSION ``` - [ ] Set the release version and commit the changes: ```bash -./mvnw versions:set -DnewVersion= -git commit -a -m "Release Baremaps " +./mvnw versions:set -DnewVersion=$RELEASE_VERSION +git commit -a -m "Release Baremaps $RELEASE_VERSION" +git push --set-upstream origin release-$RELEASE_VERSION ``` - [ ] Tag the last commit with the release candidate version: ```bash -git tag v-rc +git tag v$RELEASE_VERSION-rc$CANDIDATE_NUMBER ``` -- [ ] Push the tag to the remote repository: +- [ ] Push the tag to the remote repository (this will trigger GitHub Action to build the release candidate, publish the artifacts to the [dev directory](https://dist.apache.org/repos/dist/dev/incubator/baremaps/) of dist.apache.org repository, and draft a release on GitHub): ```bash -git push origin v-rc +git push origin v$RELEASE_VERSION-rc$CANDIDATE_NUMBER ``` -- [ ] Generate the release notes for this tag on GitHub with release ticked in order to generate a release notes. -- [ ] Generate the artifacts: +- [ ] Edit the release notes for this tag on GitHub. +- [ ] Ask the community to vote for the release candidate. +- [ ] If the release candidate is not approved by the community, commit the necessary changes, clean the git history, create a new release candidate, and repeat the process. -```bash -./scripts/generate-artifacts.sh -``` +> TODO: The following step is not yet fully automated. We need to add secrets and steps to publish the artifacts to the [dev directory](https://dist.apache.org/repos/dist/dev/incubator/baremaps/) (APACHE_USERNAME, APACHE_PASSWORD) and to the maven repository (NEXUS_USERNAME, NEXUS_PASSWORD). -- [ ] Publish the artifacts: +- [ ] If the release candidate is approved by the community, tag the release commit with the release version (this will trigger the same GitHub Action as before): ```bash -cd .. -svn co https://dist.apache.org/repos/dist/dev/incubator/baremaps/ baremaps-dev -mkdir baremaps-dev/-rc -cp ./baremaps/baremaps-cli/target/apache-baremaps--incubating-* baremaps-dev/-rc/. -svn commit -m "Baremaps -rc" +git tag -a v$RELEASE_VERSION +git push origin v$RELEASE_VERSION ``` -- [ ] Ask the community to vote for the release candidate. -- [ ] If the release candidate is not approved by the community, commit the necessary changes, clean the git history, - and go back to step 5. -- [ ] If the release candidate is approved by the community, tag the release commit with the release version: +- [ ] Register the release on [reporter.apache.org](https://reporter.apache.org/addrelease.html?incubator-baremaps). +- [ ] Rebase the release branch into the main branch. +- [ ] Clean up all the release candidate branches and tags. +- [ ] Publish the release on GitHub. +- [ ] Copy the release artifacts from the [dev directory](https://dist.apache.org/repos/dist/dev/incubator/baremaps/) to the [release directory](https://dist.apache.org/repos/dist/release/incubator/baremaps/). ```bash -git tag -a v -git push origin v +svn cp https://dist.apache.org/repos/dist/dev/incubator/baremaps/$RELEASE_VERSION-rc$CANDIDATE_NUMBER https://dist.apache.org/repos/dist/release/incubator/baremaps/$RELEASE_VERSION -m "Release Apache Baremaps (incubating) $RELEASE_VERSION" ``` -- [ ] Move the artifacts into the release directory with svn: +- [ ] Publish the release artifacts to the maven repository. ```bash -svn mv -m "Baremaps " \ - https://dist.apache.org/repos/dist/dev/incubator/baremaps/-rc/ \ - https://dist.apache.org/repos/dist/release/incubator/baremaps// +./mvnw clean deploy -Papache-release ``` - [ ] Set the version of the next iteration and commit the changes: ```bash -./mvnw versions:set -DnewVersion=-SNAPSHOT +./mvnw versions:set -DnewVersion=$NEXT_VERSION-SNAPSHOT git commit -a -m "Prepare for next development iteration" git push origin ``` -- [ ] Rebase the release branch into the main branch. +```bash +./mvnw clean deploy +``` + - [ ] Notify the community of the release by sending a message to the mailing list. -- [ ] Clean up all the release candidate branches and tags. + +## Reproducing the build + +The release artifacts are bit-by-bit reproducible if the following conditions are met: +- The build is run with the same version of the JDK (e.g. OpenJDK 17 temurin) +- The build is run with the maven wrapper (e.g. `./mvnw`) + +The procedure has been tested on different operating systems (e.g. Linux and MacOS). +For convenience, we suggest to build the release artifacts on a clean environment (e.g. a fresh Docker container). + +```bash +git checkout v$RELEASE_VERSION-rc$CANDIDATE_NUMBER +docker run \ + -v $(pwd):/baremaps \ + -w /baremaps \ + eclipse-temurin:17-jdk \ + ./mvnw clean install -DskipTests +``` ## Verifying the release artifacts Verify the GPG signature of the release artifacts: ```bash -gpg --verify apache-baremaps--incubating-bin.tar.gz.asc -gpg --verify apache-baremaps--incubating-src.tar.gz.asc +gpg --verify apache-baremaps-$RELEASE_VERSION-incubating-bin.tar.gz.asc +gpg --verify apache-baremaps-$RELEASE_VERSION-incubating-src.tar.gz.asc ``` Verify the SHA512 checksum of the release artifacts: ```bash -shasum -a 512 -c apache-baremaps--incubating-bin.tar.gz.sha512 -shasum -a 512 -c apache-baremaps--incubating-src.tar.gz.sha512 +shasum -a 512 -c apache-baremaps-$RELEASE_VERSION-incubating-bin.tar.gz.sha512 +shasum -a 512 -c apache-baremaps-$RELEASE_VERSION-incubating-src.tar.gz.sha512 ``` ## Vote template -subject: [VOTE] Release Apache Baremaps -rc (incubating) +```bash +cat << EOF +subject: [VOTE] Release Apache Baremaps $RELEASE_VERSION-rc$CANDIDATE_NUMBER (incubating) Hello Everyone, -I have created a build for Apache Baremaps (incubating) , release candidate . +I have created a build for Apache Baremaps (incubating) $RELEASE_VERSION, release candidate $CANDIDATE_NUMBER. Thanks to everyone who has contributed to this release. You can read the release notes here: -https://github.com/apache/incubator-baremaps/releases/tag/v-rc +https://github.com/apache/incubator-baremaps/releases/tag/v$RELEASE_VERSION-rc$CANDIDATE_NUMBER The commit to be voted upon: -https://github.com/apache/incubator-baremaps/tree/v-rc +https://github.com/apache/incubator-baremaps/tree/v$RELEASE_VERSION-rc$CANDIDATE_NUMBER -Its hash is . +Its hash is $COMMIT_HASH. -Its tag is v-rc. +Its tag is v$RELEASE_VERSION-rc$CANDIDATE_NUMBER. The artifacts to be voted on are located here: -https://dist.apache.org/repos/dist/dev/incubator/baremaps/-rc/ +https://dist.apache.org/repos/dist/dev/incubator/baremaps/$RELEASE_VERSION-rc$CANDIDATE_NUMBER/ The hashes of the artifacts are as follows: @@ -144,11 +170,11 @@ https://downloads.apache.org/incubator/baremaps/KEYS The README file for the src distribution contains instructions for building and testing the release. -Please vote on releasing this package as Apache Baremaps . +Please vote on releasing this package as Apache Baremaps $RELEASE_VERSION. The vote is open for the next 72 hours and passes if a majority of at least three +1 PMC votes are cast. -[ ] +1 Release this package as Apache Baremaps +[ ] +1 Release this package as Apache Baremaps $RELEASE_VERSION [ ] 0 I don't feel strongly about it, but I'm okay with the release [ ] -1 Do not release this package because... @@ -156,25 +182,27 @@ Here is my vote: +1 (binding) - +$RELEASE_MANAGER_NAME +EOF +``` ## Announce template -subject: [ANNOUNCE] Apache Baremaps (incubating) released +```bash +cat << EOF +subject: [ANNOUNCE] Apache Baremaps $RELEASE_VERSION (incubating) released Hello Everyone, -The Apache Baremaps community is pleased to announce the release of Apache Baremaps (incubating). -Thank you to everyone who contributed to this release. - +The Apache Baremaps community is pleased to announce the release of Apache Baremaps $RELEASE_VERSION (incubating). Apache Baremaps is a toolkit and a set of infrastructure components for creating, publishing, and operating online maps. The release notes are available here: -https://github.com/apache/incubator-baremaps/releases/tag/v +https://github.com/apache/incubator-baremaps/releases/tag/v$RELEASE_VERSION -The download page is located here: -https://baremaps.apache.org/download/release- +The artifacts are available here: +https://dist.apache.org/repos/dist/release/incubator/baremaps/$RELEASE_VERSION We are looking to grow our community and welcome new contributors. If you are interested in contributing to the project, please contact us on the mailing list or on GitHub. @@ -194,5 +222,7 @@ https://github.com/apache/incubator-baremaps/issues Best regards, - +$RELEASE_MANAGER_NAME +EOF +``` diff --git a/baremaps-cli/pom.xml b/baremaps-cli/pom.xml index 0700e0006..7003b2c62 100644 --- a/baremaps-cli/pom.xml +++ b/baremaps-cli/pom.xml @@ -162,9 +162,6 @@ limitations under the License. ${version.lib.picocli} - - -Aproject=${project.groupId}/${project.artifactId} - diff --git a/baremaps-cli/src/assembly/bin.xml b/baremaps-cli/src/assembly/bin.xml index d26d822fe..3a010b292 100644 --- a/baremaps-cli/src/assembly/bin.xml +++ b/baremaps-cli/src/assembly/bin.xml @@ -18,7 +18,7 @@ limitations under the License. - zip + bin true tar.gz diff --git a/baremaps-cli/src/assembly/src.xml b/baremaps-cli/src/assembly/src.xml index c2d2a5a01..e90c16ac6 100644 --- a/baremaps-cli/src/assembly/src.xml +++ b/baremaps-cli/src/assembly/src.xml @@ -18,7 +18,7 @@ limitations under the License. - zip + src true tar.gz diff --git a/baremaps-cli/src/license/override.properties b/baremaps-cli/src/license/override.properties index 9f5075e38..aac04ba72 100644 --- a/baremaps-cli/src/license/override.properties +++ b/baremaps-cli/src/license/override.properties @@ -17,7 +17,12 @@ ch.qos.logback--logback-classic--1.2.10=Eclipse Public License 1.0; GNU Lesser G ch.qos.logback--logback-core--1.2.10=Eclipse Public License 1.0; GNU Lesser General Public License ch.qos.reload4j--reload4j--1.2.22=Apache License 2.0 com.aayushatharva.brotli4j--brotli4j--1.16.0=Apache License 2.0 +com.aayushatharva.brotli4j--native-linux-aarch64--1.16.0=Apache License 2.0 +com.aayushatharva.brotli4j--native-linux-x86_64--1.16.0=Apache License 2.0 com.aayushatharva.brotli4j--native-osx-aarch64--1.16.0=Apache License 2.0 +com.aayushatharva.brotli4j--native-osx-x86_64--1.16.0=Apache License 2.0 +com.aayushatharva.brotli4j--native-windows-aarch64--1.16.0=Apache License 2.0 +com.aayushatharva.brotli4j--native-windows-x86_64--1.16.0=Apache License 2.0 com.aayushatharva.brotli4j--service--1.16.0=Apache License 2.0 com.fasterxml.jackson.core--jackson-annotations--2.17.2=Apache License 2.0 com.fasterxml.jackson.core--jackson-core--2.17.2=Apache License 2.0 diff --git a/baremaps-server/pom.xml b/baremaps-server/pom.xml index 869404fcd..7eede1927 100644 --- a/baremaps-server/pom.xml +++ b/baremaps-server/pom.xml @@ -26,6 +26,30 @@ limitations under the License. baremaps-server + + com.aayushatharva.brotli4j + native-linux-aarch64 + + + com.aayushatharva.brotli4j + native-linux-x86_64 + + + com.aayushatharva.brotli4j + native-osx-aarch64 + + + com.aayushatharva.brotli4j + native-osx-x86_64 + + + com.aayushatharva.brotli4j + native-windows-aarch64 + + + com.aayushatharva.brotli4j + native-windows-x86_64 + com.linecorp.armeria armeria diff --git a/pom.xml b/pom.xml index f56e703d4..d60471ea2 100644 --- a/pom.xml +++ b/pom.xml @@ -66,8 +66,10 @@ limitations under the License. + 17 17 17 + 2024-03-18T11:01:08Z UTF-8 https://sonarcloud.io ${project.groupId}:${project.artifactId} @@ -76,6 +78,7 @@ limitations under the License. 1.30.0 4.2.2 2.27.17 + 1.16.0 3.1.8 1.37.0 1.27.1 @@ -124,6 +127,36 @@ limitations under the License. + + com.aayushatharva.brotli4j + native-linux-aarch64 + ${version.lib.brotli4j} + + + com.aayushatharva.brotli4j + native-linux-x86_64 + ${version.lib.brotli4j} + + + com.aayushatharva.brotli4j + native-osx-aarch64 + ${version.lib.brotli4j} + + + com.aayushatharva.brotli4j + native-osx-x86_64 + ${version.lib.brotli4j} + + + com.aayushatharva.brotli4j + native-windows-aarch64 + ${version.lib.brotli4j} + + + com.aayushatharva.brotli4j + native-windows-x86_64 + ${version.lib.brotli4j} + com.fasterxml.jackson.core jackson-annotations @@ -568,6 +601,17 @@ limitations under the License. + + org.apache.maven.plugins + maven-compiler-plugin + ${version.plugin.maven-compiler-plugin} + + 17 + + -Aproject=${project.groupId}/${project.artifactId} + + + org.apache.maven.plugins maven-failsafe-plugin @@ -577,6 +621,13 @@ limitations under the License. org.apache.maven.plugins maven-jar-plugin ${version.plugin.maven-jar-plugin} + + + + ${project.build.outputTimestamp} + + + @@ -745,17 +796,6 @@ limitations under the License. - - org.sonatype.plugins - nexus-staging-maven-plugin - ${version.plugin.nexus-staging-maven-plugin} - true - - maven - https://oss.sonatype.org/ - false - -