mapr
diff --git a/‎release.py
-845 b/‎release.py
-845
diff --git a/‎release/README.md
+54 b/‎release/README.md
+54
diff --git a/‎release/git.py
+135 b/‎release/git.py
+135
diff --git a/‎release/gpg.py
+92 b/‎release/gpg.py
+92
@@ -0,0 +1,54 @@
+Releasing Apache Kafka
+======================
+
+This directory contains the tools used to publish a release.
+
+# Requirements
+
+* python 3.12
+* git
+* gpg 2.4
+* sftp
+
+The full instructions for producing a release are available in
+https://cwiki.apache.org/confluence/display/KAFKA/Release+Process.
+
+
+# Setup
+
+Create a virtualenv for python, activate it and install dependencies:
+
+```
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -r requirements.txt
+```
+
+# Usage
+
+To start a release, first activate the virutalenv, and then run
+the release script.
+
+```
+source .venv/bin/activate
+```
+
+You'll need to setup `PUSH_REMOTE_NAME` to refer to
+the git remote for `apache/kafka`.
+
+```
+export PUSH_REMOTE_NAME=<value>
+```
+
+It should be the value shown with this command:
+
+```
+git remote -v | grep -w 'github.com' | grep -w 'apache/kafka' | grep -w '(push)' | awk '{print $1}'
+```
+
+Then start the release script:
+
+```
+python release.py
+```
+
@@ -0,0 +1,135 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+"""
+Auxiliary function to interact with git.
+"""
+
+import os
+
+from runtime import repo_dir, execute, cmd
+
+push_remote_name = os.environ.get("PUSH_REMOTE_NAME", "apache-github")
+
+
+def __defaults(kwargs):
+    if "cwd" not in kwargs:
+        kwargs["cwd"] = repo_dir
+
+
+def has_staged_changes(**kwargs):
+    __defaults(kwargs)
+    execute("git diff --cached --exit-code --quiet", **kwargs)
+
+
+def has_unstaged_changes(**kwargs):
+    __defaults(kwargs)
+    execute("git diff --exit-code --quiet", **kwargs)
+
+
+def fetch_tags(remote=push_remote_name, **kwargs):
+    __defaults(kwargs)
+    cmd(f"Fetching tags from {remote}", f"git fetch --tags {remote}", **kwargs)
+
+
+def tags(**kwargs):
+    __defaults(kwargs)
+    return execute("git tag", **kwargs).split()
+
+
+def tag_exists(tag, **kwargs):
+    __defaults(kwargs)
+    return tag in tags(**kwargs)
+
+
+def delete_tag(tag, **kwargs):
+    __defaults(kwargs)
+    if tag_exists(tag, **kwargs):
+        execute(f"git tag -d {tag}", **kwargs)
+
+
+def current_branch(**kwargs):
+    __defaults(kwargs)
+    return execute("git rev-parse --abbrev-ref HEAD", **kwargs)
+
+
+def reset_hard_head(**kwargs):
+    __defaults(kwargs)
+    cmd("Resetting branch", "git reset --hard HEAD", **kwargs)
+
+
+def contributors(from_rev, to_rev, **kwargs):
+    __defaults(kwargs)
+    kwargs["shell"] = True
+    line = "git shortlog -sn --group=author --group=trailer:co-authored-by"
+    line += f" --group=trailer:Reviewers --no-merges {from_rev}..{to_rev}"
+    line += " | cut -f2 | sort --ignore-case | uniq"
+    return [str(x) for x in filter(None, execute(line, **kwargs).split('\n'))]
+
+def branches(**kwargs):
+    output = execute('git branch')
+    return [line.replace('*', ' ').strip() for line in output.splitlines()]
+
+
+def branch_exists(branch, **kwargs):
+    __defaults(kwargs)
+    return branch in branches(**kwargs)
+
+
+def delete_branch(branch, **kwargs):
+    __defaults(kwargs)
+    if branch_exists(branch, **kwargs):
+        cmd(f"Deleting git branch {branch}", f"git branch -D {branch}", **kwargs)
+
+
+def switch_branch(branch, **kwargs):
+    __defaults(kwargs)
+    execute(f"git checkout {branch}", **kwargs)
+
+
+def create_branch(branch, ref, **kwargs):
+    __defaults(kwargs)
+    cmd(f"Creating git branch {branch} to track {ref}", f"git checkout -b {branch} {ref}", **kwargs)
+
+
+def clone(url, target, **kwargs):
+    __defaults(kwargs)
+    execute(f"git clone {url} {target}", **kwargs)
+
+
+def targz(rev, prefix, target, **kwargs):
+    __defaults(kwargs)
+    line = "git archive --format tar.gz"
+    line += f" --prefix {prefix} --output {target} {rev}"
+    cmd(f"Creating targz {target} from git rev {rev}", line, **kwargs)
+
+
+def commit(message, **kwargs):
+    __defaults(kwargs)
+    cmd("Committing git changes", ["git", "commit", "-a", "-m", message], **kwargs)
+
+
+def create_tag(tag, **kwargs):
+    __defaults(kwargs)
+    cmd(f"Creating git tag {tag}", ["git", "tag", "-a", tag, "-m", tag], **kwargs)
+
+
+def push_tag(tag, remote=push_remote_name, **kwargs):
+    __defaults(kwargs)
+    cmd("Pushing tag {tag} to {remote}", f"git push {remote} {tag}")
+
+
@@ -0,0 +1,92 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+"""
+Auxiliary functions to interact with GNU Privacy Guard (GPG).
+"""
+
+import hashlib
+import subprocess
+import tempfile
+
+from runtime import execute
+
+
+def key_exists(key_id):
+    """
+    Checks whether the specified GPG key exists locally.
+    """
+    try:
+        execute(f"gpg --list-keys {key_id}")
+    except Exception as e:
+        return False
+    return True
+
+
+def agent_kill():
+    """
+    Tries to kill the GPG agent process.
+    """
+    try:
+        execute("gpgconf --kill gpg-agent")
+    except FileNotFoundError as e:
+        if e.filename != 'gpgconf':
+            raise e
+
+
+def sign(key_id, passphrase, content, target):
+    """
+    Generates a GPG signature, using the given key and passphrase,
+    of the specified content into the target path.
+    """
+    execute(f"gpg --passphrase-fd 0 -u {key_id} --armor --output {target} --detach-sig {content}", input=passphrase.encode())
+
+
+def verify(content, signature):
+    """
+    Verify the given GPG signature for the specified content.
+    """
+    execute(f"gpg --verify {signature} {content}")
+
+
+def valid_passphrase(key_id, passphrase):
+    """
+    Checks whether the given passphrase is workable for the given key.
+    """
+    with tempfile.TemporaryDirectory() as tmpdir:
+        content = __file__
+        signature = tmpdir + '/sig.asc'
+        # if the agent is running, the suplied passphrase may be ignored
+        agent_kill()
+        try:
+            sign(key_id, passphrase, content, signature)
+            verify(content, signature)
+        except subprocess.CalledProcessError as e:
+            False
+    return True
+
+
+def key_pass_id(key_id, passphrase):
+    """
+    Generates a deterministic identifier for the key and passphrase combination.
+    """
+    h = hashlib.sha512()
+    h.update(key_id.encode())
+    h.update(passphrase.encode())
+    return h.hexdigest()
+
+