There perhaps should be a cross-reference somewhere. There is a separate document on "first time" setup for a release manager [1] that talks about setting up the signing infrastructure.
--dave [1] https://github.com/apache/openwhisk-release/blob/master/docs/release_manager_setup.md Rodric Rabbah <rod...@gmail.com> wrote on 07/28/2020 04:02:21 PM: > From: Rodric Rabbah <rod...@gmail.com> > To: dev@openwhisk.apache.org > Date: 07/28/2020 04:03 PM > Subject: [EXTERNAL] Re: Upcoming wskdebug release 1.3 > > We may have one more step missing. Did you add your key to the KEYS file? > > https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_blob_master_docs_release-5Fmanager-5Fsetup.md-23publish-2Dyour-2Dpublic-2Dkey-2Dto-2Dthe-2Dproject-2Dkeys-2Dfile&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=DEIrPdMPA- > AMmYjPFPbmxd4V_dhoNMgol_GBLjmQ5Wg&e= > > I don't see your key here [1] and hence cannot verify the signature on the > release tarball yet. > > -r > > [1] https://urldefense.proofpoint.com/v2/url? > u=https-3A__dist.apache.org_repos_dist_release_openwhisk_KEYS&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=bh5ri0GNNeTDz1zGKVz9TyljGlx5_6jitnUB10CjOIM&e= > > > On Tue, Jul 28, 2020 at 3:59 PM Rodric Rabbah <rod...@gmail.com> wrote: > > > Thanks Alex for noting these gaps! > > > > -r > > > > On Tue, Jul 28, 2020 at 3:20 PM Alexander Klimetschek > > <aklim...@adobe.com.invalid> wrote: > > > >> FWIW, I reported all these as issues (and the gen-release-vote.py one was > >> already reported): > >> > >> * https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_issues_342&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=0X2YrKQ2PzjQzh1T3cxnOuoC- > Hjwbv-tq16Od76Qbs8&e= > >> * <https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_issues_341&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=QXc0D7V- > OqjOfS_iRm-PnPg1PmKFiMWNZnWoHNuO2fo&e= > > >> https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_issues_341&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=QXc0D7V- > OqjOfS_iRm-PnPg1PmKFiMWNZnWoHNuO2fo&e= > >> * https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_issues_340&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=aPDAPENChIZOfT791CZmQAHaEUL6spc6LK4yz2i1qSg&e= > >> * https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_issues_317&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=_dCdteTNUVXpRtmP6i04Ry3FplUFE9-9SZNxLEjaG9c&e= > >> > >> Cheers, > >> Alex > >> > >> ________________________________ > >> From: Alexander Klimetschek <aklim...@adobe.com.INVALID> > >> Sent: Tuesday, July 28, 2020 11:47 > >> To: dev@openwhisk.apache.org <dev@openwhisk.apache.org> > >> Subject: Re: Upcoming wskdebug release 1.3 > >> > >> Also: the ./gen-release-vote.py script assumes a certain naming > >> convention for cloning the https://urldefense.proofpoint.com/v2/ > url? > u=https-3A__github.com_apache_openwhisk-2Drelease&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=xE88inHjGL1_2DswT9SqqAY8xCm1gZK47_nheoQt4c0&e= > >> repo: > >> > >> * remote "upstream": for the actual repo > >> * remote "origin" (or anything): for ones local fork > >> > >> In my case I had no fork and just "origin" for the actual repo, resulting > >> in this error: > >> > >> subprocess.CalledProcessError: Command '['git', 'show-ref', '--hash', > >> '--abbrev', '--', 'refs/remotes/upstream/master']' returned non-zero exit > >> status 1 > >> > >> I quickly fixed it by changing the script at [1] to use "origin". > >> > >> Not sure what the best solution is, I guess everyone has a different > >> approach with forks vs. not. But maybe make it configurable and print a > >> hint if the git show-ref returns an error? > >> > >> [1] > >> https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_blob_master_tools_gen-2Drelease-2Dvote.py-23L88&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=KTgQbiwC14veRFjo6r9SKX0AlduuEffLO- > zE_LrFk2o&e= > >> > >> Cheers, > >> Alex > >> ________________________________ > >> From: Alexander Klimetschek <aklim...@adobe.com.INVALID> > >> Sent: Monday, July 27, 2020 21:17 > >> To: dev@openwhisk.apache.org <dev@openwhisk.apache.org> > >> Subject: Re: Upcoming wskdebug release 1.3 > >> > >> Few things I noticed so far while prepping the release based on [1]: > >> > >> 1. It mentions "Start a [DISCUSS] thread on the dev list proposing the > >> release" but I rarely see this happening in practice. How strictly is it > >> required if nobody else is working on the same codebase? > >> 2. Not really clear what to do _before_ the release signing (if you > >> missed those, you have to redo the whole procedure...) > >> * npm: release version in package.json > >> * CHANGELOG > >> 3. No link to PGP key management instructions (e.g. to upload > >> fingerprint on id.apache.org). I eventually found this to be helpful [2]. > >> 4. No link to Apache Rat which it says to run manually. > >> > >> [1] > >> https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_blob_master_docs_release-5Finstructions.md&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=r829NF4wV0AxhJRVKbta- > ypxktrKoPXhX2kEuBUuoCo&e= > >> [2] > >> https://urldefense.proofpoint.com/v2/url? > u=https-3A__infra.apache.org_new-2Dcommitters-2Dguide.html-23set-2Dup-2Dsecurity-2Dand-2Dpgp-2Dkeys&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=WoGsaXWcJxbW175DtTeLlf_xWCKLzq1yVVpd3qunQIs&e= > >> > >> Cheers, > >> Alex > >> > >> ________________________________ > >> From: Rodric Rabbah <rod...@gmail.com> > >> Sent: Wednesday, July 22, 2020 08:27 > >> To: dev@openwhisk.apache.org <dev@openwhisk.apache.org> > >> Subject: Re: Upcoming wskdebug release 1.3 > >> > >> I reviewed and merged your PR. Instructions link you found is the correct > >> starting point. If you find something that isn’t clear please use the > >> opportunity to improve the docs 🙏🏼 > >> > >> -r > >> > >> > On Jul 22, 2020, at 11:24 AM, Alexander Klimetschek > >> <aklim...@adobe.com.invalid> wrote: > >> > > >> > Hi fellow committers, > >> > > >> > I want to start the wskdebug 1.3 release soon. Two asks/questions: > >> > > >> > 1. would love to get reviews for the last remaining PR [1] so that I > >> can merge it > >> > 2. will then try to start the release process myself. instructions at > >> [2] are the ones to follow, right? > >> > > >> > [1] https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Dwskdebug_pull_76&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=L4rZ2Pdl8PFQXLXpNeDDgFYMxFViDb4nyb1fT9oQPc4&e= > >> > [2] > >> https://urldefense.proofpoint.com/v2/url? > u=https-3A__github.com_apache_openwhisk-2Drelease_blob_master_docs_release-5Finstructions.md&d=DwIFaQ&c=jf_iaSHvJObTbx- > siA1ZOg&r=Fe4FicGBU_20P2yihxV- > apaNSFb6BSj6AlkptSF2gMk&m=5yYlLexRbv7o17SqJWk5sqD8oqfhO0BxPlMSlwGEeTQ&s=r829NF4wV0AxhJRVKbta- > ypxktrKoPXhX2kEuBUuoCo&e= > >> > > >> > Cheers, > >> > Alex > >> > >
