Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.0.0, 2.18.0
-
None
-
None
Description
Ever since migrating from Jenkins to GitHub Actions, we no longer have snapshots being published. Besides remedying just that missing piece, we should step things up here and automate as much of the snapshot and release process as possible. This will allow interested users following development to try out snapshots again, and it will enable release managers in the PMC to almost trivially cut release candidates for a release vote.
To do this, this will involve updating our workflows to support building, testing, packaging, signing, and publishing the resulting artifacts to the ASF Maven repository. On Jenkins, it was simple to publish snapshots as there was an included Maven settings file for doing so. In order to do the same from an Action, a Nexus API key would likely need to be generated and imported as a secret into Actions.
For signing purposes, there's the sigstore project that has an interesting approach to signing artifacts built in these types of automation environments. This should hopefully alleviate the need for importing GPG keys into Actions. See https://github.com/sigstore/sigstore-maven-plugin for a Maven plugin.
Airflow has some docs related to how they've managed to automate things similarly and how to work with the existing ASF release policy (it may be that a release manager will still have to manually add GPG sigs to staged artifacts or something like that).