-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release]: sign and release ODBC driver v.1.5.0.0 for Mac and Windows #3633
Comments
Uploading artifacts there, because GHA doesn't store them for a long time: |
Hi @Yury-Fridlyand, We need to on-board odbc to our 1-click release process. Please go through the on-boarding doc and see if anything needs to be added from your end. All the above artifacts need to be generated as part of release-drafter workflow. https:/opensearch-project/opensearch-build/blob/main/ONBOARDING.md#onboarding-to-universal--1-click-release-process Also can you please add the target release date? So as to prioritize accordingly. |
@gaiksaya Please see opensearch-project/sql-odbc#52 |
@gaiksaya For release date, we would like to release before end of June. Would that date be possible to hit? |
Hi @acarbonetto , Yeah should be. Right now the blocker is the notarization process for macos artifact. This process is manual and we are looking if we can in anyway automate it. If not, we can proceed with manually notarizing the |
Hi @Yury-Fridlyand @acarbonetto , Just realized our code base is not integrated to sign macos asrtifacts here https:/opensearch-project/opensearch-build/tree/main/src/sign_workflow |
Hey @acarbonetto , For signing part we are good. Closed #3669 |
@gaiksaya thanks so much! |
Update: We suspect the underlying signing is the culprit.
We are looking into it but might take some time as backend signing is handled by another team. |
Hi @Yury-Fridlyand @acarbonetto , I saw the signing and notarizing process we followed for https:/opensearch-project/opensearch-cli Below were the steps:
I don't have much idea about odbc artifacts. Could you help here? |
We can try to adopt this for ODBC driver. Do you want to sign binary on GHA side (ODBC repo CI) or on Jenkins? Another way is to unpack the installer, sign binary and pack back. Installer is just a set of nested zip, tar and cpio archives. Yes, I dislike this method too. |
Signing needs to happen on Jenkins, due to authentication issues.
We tried that for windows artifacts with opensearch-net client. It was a disaster. Highly susceptible to change in artifacts. What would it take to pack the binary into an installer? Is it a simple command? Can it be a script residing in odbc repo? So flow would be: |
I see. |
Makes sense! These are the current softwares installed on jenkins mac agent. @peterzhuamazon @bbarani Is there a plan to use docker on macos agents too? If not immediately, maybe we need to create an issue to add these dependencies from agent node scripts to new docker image. |
Unfortunately, building ODBC installer for mac requires all driver dependencies. We can deliver them from GHA to Jenkins agent in a zip (pretty big one, ~150Mb), or build driver from the scratch on the agent. It requires extra software (libiodbc, vcpkg) and takes about 20 min. |
So those scripts are build into AMI (one time effort). Example currently each macos agent on jenkins is launched with this AMI https:/opensearch-project/opensearch-ci/blob/main/lib/compute/agent-nodes.ts#L154 |
We dont have to use macos on docker and I dont even know if it is supported. Thanks. |
Seems like macos on docker container it is supported to some degree but not sure about the requirements on hosts: |
I guess macos docker container could be started only on macos host (the same with macos VM). @gaiksaya To build the ODBC driver after checkout:
It produces binaries into Then, to build the installer:
It creates With all these, Jenkins don't need any artifacts from GHA. Only tag name or commit hash is required for checkout. |
@Yury-Fridlyand We will take the binary from GHA. Is that okay? In that case we only need cmake to build the installer? Is this cmake same as https:/opensearch-project/opensearch-ci/blob/main/packer/scripts/macos/macos-agentsetup.sh#L36 |
Ok |
[Offline discussion with @Yury-Fridlyand] Moving on with least resistance path. Windows artifacts promotion is already automated. We will look into macos automation later on. I'll create an issue detailing all the hurdles and possible solution, requirements. Next steps:
|
Hi @Yury-Fridlyand @acarbonetto Can you confirm that we can push tag based of main after we are ready for the release? In that way we would not have to be dependent on you for cutting the tag. |
Webhooks and other settings are in place to release the odbc artifacts. Please push the tag whenever you are ready. Also let us know by commenting on the issue here. We will proceed with signing and notarizing macos artifacts then. |
Good. |
Created a PR to fix the issue! I had fixed this on old one, forgot to apply to new jenkinsfile. Sorry about that! |
The release was successful: https://build.ci.opensearch.org/view/Release/job/sql-odbc-release/6/
I'll be taking care of macos artifacts now using above procedure to sign and notarize now. @Yury-Fridlyand Looks like there is some issue with the release name. Instead of |
Hi @gaiksaya, I updated (renamed) release on ODBC repo. I'll update download links on the website once MAC installer ready. |
@Yury-Fridlyand We haven't migrated our signing system to use OpenSearch project certificates yet. I have opened an issue to track the progress of this change here. We will add this item to our roadmap as well. |
Mac artifact is signed, notarized and uploaded too: https://artifacts.opensearch.org/opensearch-clients/odbc/opensearch-sql-odbc-driver-64-bit-1.5.0.0-Darwin.pkg Thanks! |
Closing this issue as sql-odbc is released successfully. |
Did you read the on-boarding document
What is the name of your component?
OpenSearch SQL ODBC driver
What is the link to your GitHub repo?
https:/opensearch-project/sql-odbc
Targeted release date
N/A
Where should we publish this component?
Artifacts and download page
https://opensearch.org/downloads.html#drivers
What type of artifact(s) will be generated for this component?
Mac installer:
pkg
Win 32bit installer:
msi
Win 64bit installer:
msi
Have you completed the required reviews including security reviews, UX reviews?
Have you on-boarded automated security scanning for the GitHub repo associated with this component?
Additional context
ODBC was released only once, manually, on the very beginning of OpenSearch Project history.
Probably, release automation process should be created from the scratch.
A tag was cut for this release:
1.5.0.0
Release notes: https:/opensearch-project/sql-odbc/blob/1.5.0.0/release-notes/sql-odbc.OpenSearch.release-notes-1.5.0.0.md
Release artifacts (installers) are generated by GHA CI: https:/opensearch-project/sql-odbc/actions/runs/5271577922:
The text was updated successfully, but these errors were encountered: