sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Munteanu <romb...@apache.org>
Subject Re: Release Validator Docker Image
Date Thu, 12 Sep 2019 09:49:28 GMT
Filed https://issues.apache.org/jira/browse/SLING-8699 for tracking.

Thanks,
Robert

On Wed, 2019-09-11 at 04:19 +0200, Carsten Ziegeler wrote:
> Sounds good to me, with the addition that it does not upload the md5 
> files to SVN and only creates the sha256 (or sha512?) if the check
> of 
> the files is successful
> 
> Carsten
> 
> Am 10.09.2019 um 23:33 schrieb Robert Munteanu:
> > On Tue, 2019-09-10 at 22:57 +0200, Carsten Ziegeler wrote:
> > > I think the value is already there today, we push manually to
> > > dist
> > > and
> > > having the sha512 there and not the md5 is already a win.
> > > It would be great to have this mirrored in the maven repository,
> > > but
> > > that probably needs those bugs to be fixed.
> > 
> > So my proposal, echoing discussions at the hackathon would be to
> > implement a command that publishes a release to dist and that:
> > 
> > - downloads the release artifacts from Nexus (already covered by
> > existing command)
> > - computes SHA-256 checksums and adds them to the files to be
> > deployed
> > - uses the Java API equivalent of `svn remove 
> > https://dist.apache.org/
> > ...` to remove all old artifacts of a release
> > - uses the Java API equivalent of `svn import .
> > https://dist.apache.org/ ...` to import local set of artifacts to
> > SVN
> > 
> > Would that cover everyone's needs for pushing to dist?
> > 
> > Robert
> > 
> > > Carsten
> > > 
> > > Am 10.09.2019 um 13:16 schrieb Radu Cotescu:
> > > > Hi Carsten,
> > > > 
> > > > > On 9 Sep 2019, at 19:29, Carsten Ziegeler <
> > > > > cziegeler@apache.org>
> > > > > wrote:
> > > > > 
> > > > > Can we maybe also remove the md5 files and create sha512
> > > > > files,
> > > > > when the checksum is correct?
> > > > > 
> > > > 
> > > > The sha1 and md5 files seem to be generated by Nexus and not by
> > > > our
> > > > Maven release process. I quickly checked how the sha512 files
> > > > are
> > > > generated and this seems to be a config in the Apache parent
> > > > pom
> > > > [4]. However, those are not attached [5] to the build, most
> > > > probably due to [6].
> > > > 
> > > > I guess we can create the sha512 files with this CLI tool, but
> > > > the
> > > > value would come only when we’d be able to push the staged
> > > > artifacts to dist.
> > > > 
> > > > Cheers,
> > > > Radu
> > > > 
> > > > [4] -
> > > > https://github.com/apache/maven-apache-parent/blob/apache-21/pom.xml#L440
> > > > <
> > > > https://github.com/apache/maven-apache-parent/blob/apache-21/pom.xml#L440
> > > > [5] -
> > > > https://checksum-maven-plugin.nicoulaj.net/files-mojo.html#attachChecksums
> > > > <
> > > > https://checksum-maven-plugin.nicoulaj.net/files-mojo.html#attachChecksums>[6
> > > > ] - https://issues.apache.org/jira/browse/INFRA-14923 <
> > > > https://issues.apache.org/jira/browse/INFRA-14923>
> > > > 


Mime
View raw message