From 70f36bc27a944da7619d68d4fffce87c17d40ede Mon Sep 17 00:00:00 2001
From: yuzelin <zelin.yzl@alibaba-inc.com>
Date: Mon, 2 Dec 2024 11:06:40 +0800
Subject: [PATCH] set gpg

---
 .github/workflows/create-source-release.yml | 52 +++++++++++++++++++++
 .github/workflows/paimon-python-checks.yml  |  8 +---
 tools/releasing/create_source_release.sh    | 28 ++++++-----
 3 files changed, 69 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/create-source-release.yml

diff --git a/.github/workflows/create-source-release.yml b/.github/workflows/create-source-release.yml
new file mode 100644
index 0000000..eb9029e
--- /dev/null
+++ b/.github/workflows/create-source-release.yml
@@ -0,0 +1,52 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Create Source Release
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup GPG
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        run: |
+          mkdir -p ~/.gnupg
+          chmod 700 ~/.gnupg
+          echo $GPG_PRIVATE_KEY | base64 --decode | gpg --batch --import --yes
+          echo "use-agent" >> ~/.gnupg/gpg.conf
+          echo "pinentry-program /usr/bin/pinentry" >> ~/.gnupg/gpg-agent.conf
+          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+
+      - name: Create source release
+        env:
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          mkdir -p output
+          chmod +x tools/releasing/create_source_release.sh
+          OUTPUT_DIR=output GPG_PASSPHRASE=$GPG_PASSPHRASE tools/releasing/create_source_release.sh          
+
+      - name: Upload source release
+        uses: actions/upload-artifact@v4
+        with:
+          name: source-release
+          path: output/*
diff --git a/.github/workflows/paimon-python-checks.yml b/.github/workflows/paimon-python-checks.yml
index 195783f..6ec61f0 100644
--- a/.github/workflows/paimon-python-checks.yml
+++ b/.github/workflows/paimon-python-checks.yml
@@ -43,14 +43,8 @@ jobs:
         with:
           java-version: ${{ env.JDK_VERSION }}
           distribution: 'adopt'
-      - name: Set up hadoop dependency
-        run: |
-          mkdir -p ${{ github.workspace }}/temp
-          curl -L -o ${{ github.workspace }}/temp/bundled-hadoop.jar \
-          https://repo.maven.apache.org/maven2/org/apache/flink/flink-shaded-hadoop-2-uber/2.8.3-10.0/flink-shaded-hadoop-2-uber-2.8.3-10.0.jar
+
       - name: Run lint-python.sh
-        env:
-          _PYPAIMON_HADOOP_CLASSPATH: ${{ github.workspace }}/temp/bundled-hadoop.jar
         run: |
           chmod +x dev/lint-python.sh
           ./dev/lint-python.sh
diff --git a/tools/releasing/create_source_release.sh b/tools/releasing/create_source_release.sh
index 7fee491..e5e5257 100755
--- a/tools/releasing/create_source_release.sh
+++ b/tools/releasing/create_source_release.sh
@@ -18,12 +18,18 @@
 #
 
 ##
-## Required variables
+## set build vars
 ##
-RELEASE_VERSION=${RELEASE_VERSION}
+OUTPUT_DIR=${OUTPUT_DIR}
+GPG_PASSPHRASE=${GPG_PASSPHRASE}
 
-if [ -z "${RELEASE_VERSION}" ]; then
-	echo "RELEASE_VERSION was not set"
+if [ -z "${OUTPUT_DIR}" ]; then
+	echo "OUTPUT_DIR was not set"
+	exit 1
+fi
+
+if [ -z "${GPG_PASSPHRASE}" ]; then
+	echo "GPG_PASSPHRASE was not set"
 	exit 1
 fi
 
@@ -63,9 +69,8 @@ if grep -q "<version>.*SNAPSHOT</version>" "pom.xml"; then
     exit 1
 fi
 
-# get version
+# get bridge jar version
 JAR_VERSION=$(sed -n 's/.*<version>\(.*\)<\/version>.*/\1/p' pom.xml | head -n 1)
-echo $JAR_VERSION
 
 mvn clean install -DskipTests
 cp "target/paimon-python-java-bridge-${JAR_VERSION}.jar" ${DEPS_DIR}
@@ -74,9 +79,8 @@ cd ${CURR_DIR}
 
 # build source release
 
-RELEASE_DIR=${PROJECT_ROOT}/release
-rm -rf ${RELEASE_DIR}
-mkdir -p ${RELEASE_DIR}
+# get release version
+RELEASE_VERSION=$(sed -n 's/^__version__ = "\(.*\)"/\1/p' ${PROJECT_ROOT}/pypaimon/version.py)
 
 # use lint-python.sh script to create a python environment.
 dev/lint-python.sh -s basic
@@ -85,12 +89,12 @@ source dev/.conda/bin/activate
 python setup.py sdist
 conda deactivate
 WHEEL_FILE_NAME="pypaimon-${RELEASE_VERSION}.tar.gz"
-cp "dist/${WHEEL_FILE_NAME}" "${RELEASE_DIR}/${WHEEL_FILE_NAME}"
+cp "dist/${WHEEL_FILE_NAME}" "${OUTPUT_DIR}/${WHEEL_FILE_NAME}"
 
-cd ${RELEASE_DIR}
+cd ${OUTPUT_DIR}
 
 # Sign sha the wheel package
-gpg --armor --detach-sig ${WHEEL_FILE_NAME}
+gpg --batch --yes --pinentry-mode loopback --passphrase=$GPG_PASSPHRASE --armor --detach-sign ${WHEEL_FILE_NAME}
 $SHASUM ${WHEEL_FILE_NAME} > "${WHEEL_FILE_NAME}.sha512"
 
 rm -rf DEPS_DIR