This is an automated email from the ASF dual-hosted git repository. jamesnetherton pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit 4873cebb08eea8d7567424880591194f54eb20b6 Author: James Netherton <[email protected]> AuthorDate: Fri Jun 20 07:46:38 2025 +0100 Rework upload-source.sh to fetch sources and signatures from repository.apache.org --- .../pages/contributor-guide/release-guide.adoc | 7 +++-- release-utils/scripts/sign.sh | 36 ---------------------- release-utils/scripts/upload-source.sh | 34 ++++++++++++++------ 3 files changed, 28 insertions(+), 49 deletions(-) diff --git a/docs/modules/ROOT/pages/contributor-guide/release-guide.adoc b/docs/modules/ROOT/pages/contributor-guide/release-guide.adoc index 5273d074c8..daf2e21116 100644 --- a/docs/modules/ROOT/pages/contributor-guide/release-guide.adoc +++ b/docs/modules/ROOT/pages/contributor-guide/release-guide.adoc @@ -69,6 +69,7 @@ mvn deploy -Dapache-release -DskipTests -Denforcer.skip -Dquarkus.build.skip -Df * Click `Close` on the toolbar above * This will close the repository from future deployments and make it available for others to view * After that, a popup window is created, enter the name and version of the artifact being released in the `Description` field and finally click `Close` +* Make a note of the staging repository id as it'll be needed to upload sources to ASF dist/dev == Update the Apache Camel Quarkus development subversion repository @@ -83,15 +84,15 @@ gpg -k $EMAIL >> KEYS gpg --armor --export $EMAIL >> KEYS ---- -Then execute the `upload-source.sh` script, like below: +Then execute the `upload-source.sh` script, like below. `$NEXUS_STAGING_REPO_ID` is the Nexus staging repository id that you noted down from the previous step. [source,shell] ---- cd release-utils/scripts/ -./upload-source.sh $VERSION $VERSION +./upload-source.sh $VERSION $NEXUS_STAGING_REPO_ID ---- -This will take care of grabbing the source zip from github and getting the SBOMs from target directory. After signing the files, it will push the folder to `dist/dev/` +This will take care of fetching the release source zip and SBOMs from https://repository.apache.org, creating SHA512 checksums and pushing the content to ASF `dist/dev/` After the changes have been committed. You can check them by browsing to https://dist.apache.org/repos/dist/dev/camel/camel-quarkus/. diff --git a/release-utils/scripts/sign.sh b/release-utils/scripts/sign.sh deleted file mode 100755 index e0d7b05c43..0000000000 --- a/release-utils/scripts/sign.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# This is a utility script to sign and sha512 all files in the given directory. - -if [ "$#" -ne 1 ]; then - echo "usage: $0 dir" - exit 1 -fi - -dir=$1 - -pushd . && cd $dir - -for f in $(ls); -do - sha512sum -b $f > $f.sha512 - gpg --output $f.asc --armor --detach-sig $f -done - -popd diff --git a/release-utils/scripts/upload-source.sh b/release-utils/scripts/upload-source.sh index b5e96fb378..21bed75e98 100755 --- a/release-utils/scripts/upload-source.sh +++ b/release-utils/scripts/upload-source.sh @@ -19,21 +19,35 @@ set -e if [ "$#" -lt 2 ]; then - echo "usage: $0 upload-sources release-version destination-version" + echo "usage: $0 upload-sources release-version nexus-staging-repository-id" exit 1 fi location=$(dirname $0) version=$1 +stagingRepoId=$2 +sourcesUrl=https://repository.apache.org/content/repositories/orgapachecamel-${stagingRepoId}/org/apache/camel/quarkus/camel-quarkus/${version} -mkdir $1/ -cd $1/ +if [[ "$(curl -k -L -s -o /dev/null -w "%{http_code}" ${sourcesUrl})" != "200" ]]; then + echo "Failed to access ${sourcesUrl}. Is the ${version} staging repository closed?" + exit 1 +fi + +mkdir ${version}/ +cd ${version}/ + +wget ${sourcesUrl}/camel-quarkus-${version}-src.zip -O apache-camel-quarkus-${version}-src.zip +wget ${sourcesUrl}/camel-quarkus-${version}-src.zip.asc -O apache-camel-quarkus-${version}-src.zip.asc +sha512sum -b apache-camel-quarkus-${version}-src.zip > apache-camel-quarkus-${version}-src.zip.sha512 + +wget ${sourcesUrl}/camel-quarkus-${version}-cyclonedx.json -O apache-camel-quarkus-${version}-sbom.json +wget ${sourcesUrl}/camel-quarkus-${version}-cyclonedx.json.asc -O apache-camel-quarkus-${version}-sbom.json.asc +sha512sum -b apache-camel-quarkus-${version}-sbom.json > apache-camel-quarkus-${version}-sbom.json.sha512 + +wget ${sourcesUrl}/camel-quarkus-${version}-cyclonedx.xml -O apache-camel-quarkus-${version}-sbom.xml +wget ${sourcesUrl}/camel-quarkus-${version}-cyclonedx.xml.asc -O apache-camel-quarkus-${version}-sbom.xml.asc +sha512sum -b apache-camel-quarkus-${version}-sbom.xml > apache-camel-quarkus-${version}-sbom.xml.sha512 -wget https://github.com/apache/camel-quarkus/archive/refs/tags/$1.zip -O apache-camel-quarkus-$1-src.zip -cp ../../../target/checkout/target/camel-quarkus-$1-sbom.json apache-camel-quarkus-$1-sbom.json -cp ../../../target/checkout/target/camel-quarkus-$1-sbom.xml apache-camel-quarkus-$1-sbom.xml -cd ../ -./sign.sh $1/ -svn import $1/ https://dist.apache.org/repos/dist/dev/camel/camel-quarkus/$2/ -m "Import camel-quarkus release" +svn import ${version}/ https://dist.apache.org/repos/dist/dev/camel/camel-quarkus/${version}/ -m "Import camel-quarkus ${version} release" -rm -rf $1/ +rm -rf ${version}/
