ContextQMD
Back to Arrow

Release Verification Process

docs/source/developers/release_verification.rst

latest5.7 KB
Original Source

.. Licensed to the Apache Software Foundation (ASF) under one .. or more contributor license agreements. See the NOTICE file .. distributed with this work for additional information .. regarding copyright ownership. The ASF licenses this file .. to you under the Apache License, Version 2.0 (the .. "License"); you may not use this file except in compliance .. with the License. You may obtain a copy of the License at

.. http://www.apache.org/licenses/LICENSE-2.0

.. Unless required by applicable law or agreed to in writing, .. software distributed under the License is distributed on an .. "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY .. KIND, either express or implied. See the License for the .. specific language governing permissions and limitations .. under the License.

.. _release_verification:

============================ Release Verification Process

This page provides detailed information on the steps followed to perform a release verification on the major platforms.

Principles

The Apache Arrow Release Approval process follows the guidelines defined at the Apache Software Foundation Release Approval <https://www.apache.org/legal/release-policy.html#release-approval>_.

For a release vote to pass, a minimum of three positive binding votes and more positive binding votes than negative binding votes MUST be cast. Releases may not be vetoed. Votes cast by PMC members are binding, however, non-binding votes are greatly encouraged and a sign of a healthy project.

Running the release verification

Linux and macOS

In order to run the verification script either for the source release or the binary artifacts see the following guidelines:

Required source verification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Individuals are REQUIRED to download all signed source code packages onto their own hardware, validate all cryptographic signatures, compile as provided, and test the result on their own platform in order to cast a +1 vote.

.. code-block::

this will create and automatically clean up a temporary directory for the verification environment and will run the source verification

TEST_DEFAULT=0 TEST_SOURCE=1 verify-release-candidate.sh $VERSION $RC_NUM

to verify only certain implementations use the TEST_DEFAULT=0 and TEST_* variables

here are a couple of examples, but see the source code for the available options

TEST_DEFAULT=0 TEST_CPP=1 verify-release-candidate.sh $VERSION $RC_NUM # only C++ tests TEST_DEFAULT=0 TEST_CPP=1 TEST_PYTHON=1 verify-release-candidate.sh $VERSION $RC_NUM # C++ and Python tests TEST_DEFAULT=0 TEST_INTEGRATION_CPP=1 TEST_INTEGRATION_JAVA=1 verify-release-candidate.sh $VERSION $RC_NUM # C++ and Java integration tests

Binary verification ^^^^^^^^^^^^^^^^^^^

The binaries are generated from the source that has been verified. Those binaries are tested on CI but can be tested locally for further validation. It is not necessary to test them in order to cast a positive vote.

.. code-block::

this will create and automatically clean up a temporary directory for the verification environment and will run the binary verification

TEST_DEFAULT=0 TEST_BINARIES=1 dev/release/verify-release-candidate.sh $VERSION $RC_NUM

to verify certain binaries use the TEST_* variables as:

TEST_DEFAULT=0 TEST_WHEELS=1 verify-release-candidate.sh $VERSION $RC_NUM # only Wheels TEST_DEFAULT=0 TEST_APT=1 verify-release-candidate.sh $VERSION $RC_NUM # only APT packages TEST_DEFAULT=0 TEST_YUM=1 verify-release-candidate.sh $VERSION $RC_NUM # only YUM packages TEST_DEFAULT=0 TEST_JARS=1 verify-release-candidate.sh $VERSION $RC_NUM # only JARS

Windows

In order to run the verification script on Windows you have to download the source tarball from the SVN dist system that you wish to verify:

.. code-block::

dev\release\verify-release-candidate.bat %VERSION% %RC_NUM%

System Configuration Instructions

You will need some tools installed like curl, git, etcetera.

Ubuntu

You might have to install some packages on your system. The following utility script can be used to set your Ubuntu system. This wil install the required packages to perform a source verification on a clean Ubuntu:

.. code-block::

From the arrow clone

sudo dev/release/setup-ubuntu.sh

macOS ARM

.. code-block::

From the arrow clone

brew install gpg brew bundle --file=cpp/Brewfile brew bundle --file=c_glib/Brewfile brew uninstall node

You might need to add node, ruby java and maven to the PATH, follow

instructions from brew after installing.

brew install node@20 brew install ruby brew install openjdk brew install maven

Windows 11

To be defined

Casting your vote

Once you have performed the verification you can cast your vote by responding to the vote thread on [email protected] and supply your result.

If the verification was successful you can send your +1 vote. We usually send along with the vote the command that was executed and the local versions used. As an example:

.. code-block::

+1

I've verified successfully the sources and binaries with:

TEST_DEFAULT=0 TEST_SOURCE=1 dev/release/verify-release-candidate.sh 15.0.0 1 with:

  • Python 3.10.12
  • gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
  • NVIDIA CUDA Build cuda_11.5.r11.5/compiler.30672275_0
  • openjdk version "17.0.9" 2023-10-17
  • ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu]
  • dotnet 8.0.204
  • Ubuntu 22.04 LTS

If there were some issues during verification please report them on the mail thread to diagnose the issue.