potiuk commented on issue #312: URL: https://github.com/apache/tooling-trusted-releases/issues/312#issuecomment-3536489089
Also to add: * if the check could be done with streaming reliably, that would be super-cool of course. That would largely solve the problem of "large archives" and especially if combined with "rat as a server" that you could simply as to read (in a streaming way) an archive and spit out the results, it would likely be a very usable solution for ATR * currently - to overcome this in our release verification process: https://github.com/apache/airflow/blob/main/dev/README_RELEASE_PROVIDERS.md#licence-check we do this (not complicating too much local check, but I can imagine at ATR scale and number of artifacts it would be better if this could be done in the streaming way. One other **useful** thing would be that the .rat-excludes embedded in our -source.tar.gz could also be automatically used. That would make it super-easy to make such verification by ATR as well - they would not need a sepearately managed exclusion list for each artifact to check. I think I also opened an issue for it in creadur - but can't check it currently due to the DDOS attack - issues.apache.org doesn't work for me for now at all. ----- Unpack the release source archive (the <package + version>-source.tar.gz file) to a folder ``` rm -rf /tmp/apache/airflow-providers-src && mkdir -p /tmp/apache-airflow-providers-src && tar -xzf ${PATH_TO_SVN}/providers/${RELEASE_DATE}/apache_airflow_providers-*-source.tar.gz --strip-components 1 -C /tmp/apache-airflow-providers-src ``` Run the check: ``` java -jar /tmp/apache-rat-0.17/apache-rat-0.17.jar --input-exclude-file /tmp/apache-airflow-providers-src/.rat-excludes /tmp/apache-airflow-providers-src/ | grep -E "! |INFO: " ``` You should see no files reported as Unknown or with wrong licence and summary of the check similar to: ``` INFO: Apache Creadur RAT 0.17 (Apache Software Foundation) INFO: Excluding patterns: .git-blame-ignore-revs, .github/*, .git ... INFO: Excluding MISC collection. INFO: Excluding HIDDEN_DIR collection. SLF4J(W): No SLF4J providers were found. SLF4J(W): Defaulting to no-operation (NOP) logger implementation SLF4J(W): See https://www.slf4j.org/codes.html#noProviders for further details. INFO: RAT summary: INFO: Approved: 15615 INFO: Archives: 2 INFO: Binaries: 813 INFO: Document types: 5 INFO: Ignored: 2392 INFO: License categories: 2 INFO: License names: 2 INFO: Notices: 216 INFO: Standards: 15609 INFO: Unapproved: 0 INFO: Unknown: 0 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
