-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release]: JDBC driver shadow jar v.1.3.0.0 #3614
Comments
This blocks Tableau connector release. |
Hi @Yury-Fridlyand , Few questions:
|
Non shadow jar is already on maven and it is ok, we should publish both of them. |
Thanks! The link on the website jar is still pointing to We would need to make changes to add the shadow publication jar to this tarball https://github.com/opensearch-project/sql-jdbc/blob/main/.github/workflows/release-drafter.yml#L24 However, we need to add publishToArtifactsProdBucket to jenkins file that will take care of uploading the artifacts to S3 bucket/website automatically. Tagging @rishabh6788 who would be taking care of this. Thanks! |
shadow jar goes to website (to artifacts actually) I think I can trigger updating link on the website on my own, once it is uploaded to artifacts. Thanks @gaiksaya and @rishabh6788! |
@Yury-Fridlyand Could you please share the command to generate shadow jars and also does it generate the artifacts in the repository directory or is it on a different path? |
|
I tried the above mentioned command and it generated
|
@rishabh6788 you probably checked out
There is no need to do |
This is required for #3631 |
Hey @Yury-Fridlyand 1.13.0.0 apart we are trying to include this in 1-click release process which sql-jdbc is already onboarded too. So the idea is to include it in the same workflow and just bundle both (shadow, non-shadow jars) into artifacts.tar.gz to be supplied to jenkins workflow. Here to be precise: https://github.com/opensearch-project/sql-jdbc/blob/main/.github/workflows/release-drafter.yml#L24 |
@Yury-Fridlyand If I remember correctly tableau needs the artifacts to be signed using |
Oh, that is very good point. Right, Tableau require |
I believe even the jar signed by |
Since the already uploaded Jar on opensearch.org has been signed using PGP, in order to not break the signing method mentioned on the website we will have to sign it using the existing PGP method and also upload a |
Great As I see total JDBC release process it would like this:
|
opensearch-sql-jdbc-1.3.0.0-shadow.jar.zip |
Yes, I confirm that it works, but the signature is incorrect. |
@Yury-Fridlyand Currently we use the AWS signing pipeline as we are yet to implement OpenSource solution for our signing pipeline. It will be signed by Amazon Web Services, Inc. until that happens. |
@Yury-Fridlyand Signed shadow jar has been uploaded to artifacts bucket. |
Awesome, I can download it: https://artifacts.opensearch.org/opensearch-clients/jdbc/opensearch-sql-jdbc-1.3.0.0-shadow.jar |
For now let us remove the existing signature verification steps mentioned and instead state that the artifact is signed using JarSigner. |
@rishabh6788 the jarsigned artefact is verified and ready to put on the website. Would you like us to raise a PR to update the website? |
Maybe add steps to verify that signature? @Yury-Fridlyand We can start with creating the PR to update the website. |
Awesome! |
Yes, please go ahead. @acarbonetto |
I used |
Hi @Yury-Fridlyand , Can you create a new issue to onboard the jdbc shadow jar publication automation to 1-click release process? Thanks! |
Created opensearch-project/sql-jdbc#98 for this. Thanks! |
Did you read the on-boarding document
What is the name of your component?
JDBC driver
What is the link to your GitHub repo?
https://github.com/opensearch-project/sql-jdbc
Targeted release date
Where should we publish this component?
artifacts: https://artifacts.opensearch.org/
download page: https://opensearch.org/downloads.html#drivers
What type of artifact(s) will be generated for this component?
Shadow jar
Have you completed the required reviews including security reviews, UX reviews?
Have you on-boarded automated security scanning for the GitHub repo associated with this component?
Additional context
sql-jdbc.zip
JDBC driver v.1.3.0.0 was released on maven, but we should also publish shadow jar of this version on the main website. See attached artifact for this version.
This jar should be signed prior to publish.
The text was updated successfully, but these errors were encountered: