-
Notifications
You must be signed in to change notification settings - Fork 6
343 lines (295 loc) · 13.3 KB
/
validate-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
name: "Validate Apache Release"
on:
workflow_dispatch:
inputs:
release_version:
required: true
description: check version
default: '1.3.0'
gpg_user:
required: true
description: release gpg user
default: 'imbajin'
push:
branches:
- 'release-*'
pull_request:
branches:
- 'release-*'
jobs:
build:
name: "Build On ${{ matrix.os }} (java-${{ matrix.java_version }})"
runs-on: ${{ matrix.os }}
env:
SCRIPT_PATH: hugegraph-dist/scripts/
URL_PREFIX: https://dist.apache.org/repos/dist/dev/incubator/hugegraph/
USER: ${{ inputs.gpg_user }}
# TODO: parse version from the running branch name & also adapt the input version
RELEASE_VERSION: ''
USE_STAGE: 'true' # Whether to include the stage repository.
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Install JDK ${{ matrix.java_version }}
uses: actions/setup-java@v3
with:
java-version: ${{ matrix.java_version }}
distribution: 'adopt'
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Get Yarn path
id: yarn-cache-dir-path
run: echo "::set-output name=dir::$(yarn cache dir)"
- name: Cache Yarn packages
uses: actions/cache@v3
# use id to check `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Use staged maven repo settings
if: ${{ env.USE_STAGE == 'true' }}
run: |
cp $HOME/.m2/settings.xml /tmp/settings.xml
cp -vf .github/workflows/configs/settings.xml $HOME/.m2/settings.xml && cat $HOME/.m2/settings.xml
- name: 1. Download SVN Sources
run: |
rm -rf dist/${{ inputs.release_version }}
svn co ${URL_PREFIX}/${{ inputs.release_version }} dist/${{ inputs.release_version }}
- name: 2. Check Environment & Import Public Keys
run: |
cd dist/${{ inputs.release_version }} || exit
shasum --version 1>/dev/null || exit
gpg --version 1>/dev/null || exit
wget https://downloads.apache.org/incubator/hugegraph/KEYS || exit
echo "Import KEYS:" && gpg --import KEYS
# TODO: how to trust all public keys in gpg list, currently only trust the first one
echo -e "5\ny\n" | gpg --batch --command-fd 0 --edit-key $USER trust
echo "trust all pk"
for key in $(gpg --no-tty --list-keys --with-colons | awk -F: '/^pub/ {print $5}'); do
echo -e "5\ny\n" | gpg --batch --command-fd 0 --edit-key "$key" trust
done
- name: 3. Check SHA512 & GPG Signature
run: |
cd dist/${{ inputs.release_version }} || exit
for i in *.tar.gz; do
echo "$i"
shasum -a 512 --check "$i".sha512 || exit
eval gpg "${GPG_OPT}" --verify "$i".asc "$i" || exit
done
- name: 4. Validate Source Packages
run: |
cd dist/${{ inputs.release_version }} || exit
ls -lh ./*.tar.gz
CATEGORY_X="\bGPL|\bLGPL|Sleepycat License|BSD-4-Clause|\bBCL\b|JSR-275|Amazon Software License|\bRSAL\b|\bQPL\b|\bSSPL|\bCPOL|\bNPL1|Creative Commons Non-Commercial"
CATEGORY_B="\bCDDL1|\bCPL|\bEPL|\bIPL|\bMPL|\bSPL|OSL-3.0|UnRAR License|Erlang Public License|\bOFL\b|Ubuntu Font License Version 1.0|IPA Font License Agreement v1.0|EPL2.0|CC-BY"
for i in *src.tar.gz; do
echo "$i"
# 4.1 check the directory name include "incubating"
if [[ ! "$i" =~ "incubating" ]]; then
echo "The package name $i should include incubating" && exit 1
fi
tar xzvf "$i" || exit
pushd "$(basename "$i" .tar.gz)" || exit
echo "Start to check the package content: $(basename "$i" .tar.gz)"
# 4.2 check the directory include "NOTICE" and "LICENSE" and "DISCLAIMER" file
if [[ ! -f "LICENSE" ]]; then
echo "The package should include LICENSE file" && exit 1
fi
if [[ ! -f "NOTICE" ]]; then
echo "The package should include NOTICE file" && exit 1
fi
if [[ ! -f "DISCLAIMER" ]]; then
echo "The package should include DISCLAIMER file" && exit 1
fi
# 4.3: ensure doesn't contains ASF CATEGORY X License dependencies in LICENSE and NOTICE files
COUNT=$(grep -E $CATEGORY_X LICENSE NOTICE | wc -l)
if [[ $COUNT -ne 0 ]]; then
grep -E "$CATEGORY_X" LICENSE NOTICE
echo "The package $i shouldn't include invalid ASF category X dependencies, but get $COUNT" && exit 1
fi
# 4.4: ensure doesn't contains ASF CATEGORY B License dependencies in LICENSE and NOTICE files
COUNT=$(grep -E $CATEGORY_B LICENSE NOTICE | wc -l)
if [[ $COUNT -ne 0 ]]; then
grep -E "$CATEGORY_B" LICENSE NOTICE
echo "The package $i shouldn't include invalid ASF category B dependencies, but get $COUNT" && exit 1
fi
# 4.5 ensure doesn't contains empty directory or file
find . -type d -empty | while read -r EMPTY_DIR; do
find . -type d -empty
echo "The package $i shouldn't include empty directory: $EMPTY_DIR is empty" && exit 1
done
find . -type f -empty | while read -r EMPTY_FILE; do
find . -type f -empty
echo "The package $i shouldn't include empty file: $EMPTY_FILE is empty" && exit 1
done
# 4.6 ensure any file should less than 800kb
find . -type f -size +800k | while read -r FILE; do
find . -type f -size +800k
echo "The package $i shouldn't include file larger than 800kb: $FILE is larger than 800kb" && exit 1
done
# 4.7: ensure all binary files are documented in LICENSE
find . -type f | perl -lne 'print if -B' | while read -r BINARY_FILE; do
FILE_NAME=$(basename "$BINARY_FILE")
if grep -q "$FILE_NAME" LICENSE; then
echo "Binary file $BINARY_FILE is documented in LICENSE, please check manually"
else
echo "Error: Binary file $BINARY_FILE is not documented in LICENSE" && exit 1
fi
done
# 4.8 test compile the packages
if [[ ${{ matrix.java_version }} == 8 && "$i" =~ "computer" ]]; then
echo "skip computer module in java8"
popd || exit
continue
fi
# TODO: consider using commands that are entirely consistent with building binary packages
mvn package -DskipTests -Papache-release -ntp -e || exit
ls -lh
popd || exit
done
- name: 5. Run Compiled Packages In Server
run: |
cd dist/${{ inputs.release_version }} || exit
ls -lh
pushd ./*hugegraph-incubating*src/hugegraph-server/*hugegraph*${{ inputs.release_version }} || exit
bin/init-store.sh || exit
sleep 3
bin/start-hugegraph.sh || exit
popd || exit
- name: 6. Run Compiled Packages In ToolChain (Loader & Tool & Hubble)
run: |
cd dist/${{ inputs.release_version }} || exit
pushd ./*toolchain*src || exit
ls -lh
pushd ./*toolchain*${{ inputs.release_version }} || exit
ls -lh
# 6.1 load some data first
echo "test loader"
pushd ./*loader*${{ inputs.release_version }} || exit
bin/hugegraph-loader.sh -f ./example/file/struct.json -s ./example/file/schema.groovy \
-g hugegraph || exit
popd || exit
# 6.2 try some gremlin query & api in tool
echo "test tool"
pushd ./*tool*${{ inputs.release_version }} || exit
bin/hugegraph gremlin-execute --script 'g.V().count()' || exit
bin/hugegraph task-list || exit
bin/hugegraph backup -t all --directory ./backup-test || exit
popd || exit
# 6.3 start hubble and connect to server
echo "test hubble"
pushd ./*hubble*${{ inputs.release_version }} || exit
# TODO: add hubble doc & test it
cat conf/hugegraph-hubble.properties
bin/start-hubble.sh || exit
bin/stop-hubble.sh || exit
popd || exit
popd || exit
popd || exit
# stop server
pushd ./*hugegraph-incubating*src/hugegraph-server/*hugegraph*${{ inputs.release_version }} || exit
bin/stop-hugegraph.sh || exit
popd || exit
# clear source packages
rm -rf ./*src*
ls -lh
- name: 7. Validate Binary Packages
run: |
cd dist/${{ inputs.release_version }} || exit
CATEGORY_X="\bGPL|\bLGPL|Sleepycat License|BSD-4-Clause|\bBCL\b|JSR-275|Amazon Software License|\bRSAL\b|\bQPL\b|\bSSPL|\bCPOL|\bNPL1|Creative Commons Non-Commercial"
for i in *.tar.gz; do
if [[ "$i" == *-src.tar.gz ]]; then
# skip source packages
continue
fi
echo "$i"
# 7.1 check the directory name include "incubating"
if [[ ! "$i" =~ "incubating" ]]; then
echo "The package name $i should include incubating" && exit 1
fi
tar xzvf "$i" || exit
pushd "$(basename "$i" .tar.gz)" || exit
ls -lh
echo "Start to check the package content: $(basename "$i" .tar.gz)"
# 7.2 check root dir include "NOTICE"/"LICENSE"/"DISCLAIMER" & "licenses" dir
if [[ ! -f "LICENSE" ]]; then
echo "The package should include LICENSE file" && exit 1
fi
if [[ ! -f "NOTICE" ]]; then
echo "The package should include NOTICE file" && exit 1
fi
if [[ ! -f "DISCLAIMER" ]]; then
echo "The package should include DISCLAIMER file" && exit 1
fi
if [[ ! -d "licenses" ]]; then
echo "The package should include licenses dir" && exit 1
fi
# 7.3: ensure doesn't contains ASF CATEGORY X License dependencies in LICENSE/NOTICE and licenses/* files
COUNT=$(grep -r -E $CATEGORY_X LICENSE NOTICE licenses | wc -l)
if [[ $COUNT -ne 0 ]]; then
grep -r -E "$CATEGORY_X" LICENSE NOTICE licenses
echo "The package $i shouldn't include invalid ASF category X dependencies, but get $COUNT" && exit 1
fi
# 7.4: ensure doesn't contains empty directory or file
find . -type d -empty | while read -r EMPTY_DIR; do
find . -type d -empty
echo "The package $i shouldn't include empty directory: $EMPTY_DIR is empty" && exit 1
done
find . -type f -empty | while read -r EMPTY_FILE; do
find . -type f -empty
echo "The package $i shouldn't include empty file: $EMPTY_FILE is empty" && exit 1
done
popd || exit
done
- name: 8. Run Binary Packages In Server
run: |
cd dist/${{ inputs.release_version }} || exit
pushd ./*hugegraph-incubating*${{ inputs.release_version }} || exit
bin/init-store.sh || exit
sleep 3
bin/start-hugegraph.sh || exit
popd || exit
- name: 9. Run Binary Packages In ToolChain (Loader & Tool & Hubble)
run: |
cd dist/${{ inputs.release_version }} || exit
pushd ./*toolchain*${{ inputs.release_version }} || exit
ls -lh
# 9.1 loader some data first
echo "test loader"
pushd ./*loader*${{ inputs.release_version }} || exit
bin/hugegraph-loader.sh -f ./example/file/struct.json -s ./example/file/schema.groovy \
-g hugegraph || exit
popd || exit
# 9.2 try some gremlin query & api in tool
echo "test tool"
pushd ./*tool*${{ inputs.release_version }} || exit
bin/hugegraph gremlin-execute --script 'g.V().count()' || exit
bin/hugegraph task-list || exit
bin/hugegraph backup -t all --directory ./backup-test || exit
popd || exit
# 9.3 start hubble and connect to server
echo "test hubble"
pushd ./*hubble*${{ inputs.release_version }} || exit
# TODO: add hubble doc & test it
cat conf/hugegraph-hubble.properties
bin/start-hubble.sh || exit
bin/stop-hubble.sh || exit
popd || exit
popd || exit
# stop server
pushd ./*hugegraph-incubating*${{ inputs.release_version }} || exit
bin/stop-hugegraph.sh || exit
popd || exit
strategy:
fail-fast: false
matrix:
java_version: [ '8','11' ]
# TODO: support windows-latest or other OS in future
os: [ubuntu-latest, macos-latest]