[SPARK-52179][INFRA] GitHub workflow for releasing the official Apache Spark

HyukjinKwon · HyukjinKwon · commit 6ee2101c55f4 · 2025-05-22T08:43:49.000+09:00
### What changes were proposed in this pull request? This PR proposes to add a GitHub Actions workflow to release Apache Spark. Only PMC members can run this workflow in their forked repository to release. ### Why are the changes needed? Release process is too much overhead. We should reduce this. ### Does this PR introduce _any_ user-facing change? No, dev-only. ### How was this patch tested? Manually tested in my fork https://github.com/HyukjinKwon/spark/actions/runs/15161994213/job/42630091519 ### Was this patch authored or co-authored using generative AI tooling? No Closes #50911 from HyukjinKwon/SPARK-52179. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -16,33 +16,121 @@
 # specific language governing permissions and limitations
 # under the License.
 #
-name: Release Apache Spark
+
+# This workflow is intended for use in forked repositories
+# when manually dispatching this to create an RC.
+# To enable full release functionality, developers should manually configure
+# the following GitHub Secrets in their repository settings:
+#
+# - ASF_USERNAME:
+#     Your Apache Software Foundation (ASF) account ID.
+#
+# - ASF_PASSWORD:
+#     The password associated with your ASF account.
+#
+# - GPG_PRIVATE_KEY:
+#     Your GPG private key, exported using:
+#       gpg --armor --export-secret-keys ABCD1234 > private.key
+#     Ensure this key is registered with a public key server.
+#     For more details, refer to:
+#       https://spark.apache.org/release-process.html#preparing-gpg-key
+#
+# - GPG_PASSPHRASE:
+#     The passphrase for your GPG private key.
+#
+# This workflow supports dry runs by default. If the required GitHub Secrets are not provided,
+# only dry runs will be executed.
+#
+# In case something goes wrong during the process and a release candidate (RC) needs to be
+# cleaned up, follow these steps:
+#
+# 1. Revert the RC-related commits, such as:
+#    - "Preparing development version 3.5.7-SNAPSHOT"
+#    - "Preparing Spark release v3.5.6-rc1"
+#
+# 2. Delete the RC tag from the remote repository, for example:
+#    - git push --delete apache v3.5.6-rc1
+#
+# 3. Remove the RC artifacts from SVN:
+#    - RC=v3.5.6-rc1 && svn rm https://dist.apache.org/repos/dist/dev/spark/"${RC}"-bin/ -m "Removing RC artifacts."
+#    - RC=v3.5.6-rc1 && svn rm https://dist.apache.org/repos/dist/dev/spark/"${RC}"-docs/ -m "Removing RC artifacts."
+#
+# 4. Drop the staging repository if it exists (https://repository.apache.org/#stagingRepositories)
+
+name: Release Apache Spark (dryrun and RC)
 
 on:
   schedule:
     - cron: '0 7 * * *'
   workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to release. Leave it empty to launch a dryrun. Dispatch this workflow only in the forked repository.'
+        required: false
+      release-version:
+        description: 'Release version. Leave it empty to launch a dryrun.'
+        required: false
 
 jobs:
   release:
-    name: Release Apache Spark
+    name: Release Apache Spark (dryrun and RC)
     runs-on: ubuntu-latest
-    if: github.repository == 'apache/spark'
+    # Do not allow dispatching this workflow manually in the main repo.
+    if: ${{ !(github.repository == 'apache/spark' && inputs.branch != '' && inputs.release-version != '') }}
     steps:
       - name: Checkout Spark repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0
-      - name: Release Apache Spark
+          repository: apache/spark
+          ref: "${{ inputs.branch }}"
+      - name: Release Apache Spark (dryrun and RC)
         env:
-          ASF_USERNAME: gurwls223
-          GIT_NAME: HyukjinKwon
-          GPG_PASSPHRASE: not_used
-          SKIP_TAG: 1
-          ANSWER: y
+          GIT_BRANCH: "${{ inputs.branch }}"
+          RELEASE_VERSION: "${{ inputs.release-version }}"
+          GIT_NAME: "${{ github.actor }}"
+          ASF_USERNAME: "${{ secrets.ASF_USERNAME }}"
+          ASF_PASSWORD: "${{ secrets.ASF_PASSWORD }}"
+          GPG_PRIVATE_KEY: "${{ secrets.GPG_PRIVATE_KEY }}"
+          GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
           DEBUG_MODE: 1
+          ANSWER: y
         run: |
-          gpg --batch --gen-key <<EOF
+          empty_count=0
+          non_empty_count=0
+          for val in "$GIT_BRANCH" "$RELEASE_VERSION"; do
+            if [ -z "$val" ]; then
+              empty_count=$((empty_count+1))
+            else
+              non_empty_count=$((non_empty_count+1))
+            fi
+          done
+
+          if [ "$empty_count" -gt 0 ] && [ "$non_empty_count" -gt 0 ]; then
+            echo "Error: Either provide all inputs or leave them all empty for a dryrun."
+            exit 1
+          fi
+
+          if [ "$empty_count" -eq 2 ]; then
+            echo "Dry run mode enabled"
+            export DRYRUN_MODE=1
+            ASF_PASSWORD="not_used"
+            GPG_PRIVATE_KEY="not_used"
+            GPG_PASSPHRASE="not_used"
+            ASF_USERNAME="gurwls223"
+            export SKIP_TAG=1
+            unset GIT_BRANCH
+            unset RELEASE_VERSION
+          else
+            echo "Full release mode enabled"
+            export DRYRUN_MODE=0
+          fi
+
+          export ASF_PASSWORD GPG_PRIVATE_KEY GPG_PASSPHRASE ASF_USERNAME
+          [ -n "$GIT_BRANCH" ] && export GIT_BRANCH
+          [ -n "$RELEASE_VERSION" ] && export RELEASE_VERSION
+
+          if [ "$DRYRUN_MODE" = "1" ]; then
+            gpg --batch --gen-key <<EOF
           Key-Type: RSA
           Key-Length: 4096
           Name-Real: Test CI User
@@ -51,32 +139,41 @@ jobs:
           %no-protection
           %commit
           EOF
+          else
+            gpg --batch --import <<< "$GPG_PRIVATE_KEY"
+          fi
 
-          # Paths
           RELEASE_DIR="$PWD"/spark-release
           OUTPUT_DIR="$RELEASE_DIR/output"
-          
-          # Ensure release dir exists
           mkdir -p "$RELEASE_DIR"
-          
-          # Start the release script in the background
-          dev/create-release/do-release-docker.sh -d "$RELEASE_DIR" -n &
+
+          # Start the release process
+          CMD="dev/create-release/do-release-docker.sh -d \"$RELEASE_DIR\""
+          if [ "$DRYRUN_MODE" = "1" ]; then
+            CMD="$CMD -n"
+          fi
+
+          echo "Running release command: $CMD"
+
+          bash -c "$CMD" &
           RELEASE_PID=$!
-          
-          echo "Started release script with PID $RELEASE_PID"
-          
-          # Start tailing docker-build.log
-          sleep 3
-          tail -F "$RELEASE_DIR/docker-build.log" &
+
+          # Tail logs during dry run
+          LOG_FILE="$RELEASE_DIR/docker-build.log"
+          echo "Waiting for log file: $LOG_FILE"
+          while [ ! -f "$LOG_FILE" ]; do
+            sleep 3
+          done
+            
+          echo "Log file found. Starting tail."
+          tail -F "$LOG_FILE" &
           TAIL_PID1=$!
-          
-          # Start a background job to watch for new *.log files and tail them
+
           (
             LOGGED_FILES=()
             while true; do
               for file in "$OUTPUT_DIR"/*.log; do
                 [[ -f "$file" ]] || continue
-                # Check if we are already tailing this file
                 if [[ ! " ${LOGGED_FILES[@]} " =~ " ${file} " ]]; then
                   echo "Tailing new log file: $file"
                   tail -F "$file" &
@@ -87,21 +184,27 @@ jobs:
             done
           ) &
           TAIL_PID2=$!
-          
-          # Wait for the release script to finish
+
           wait $RELEASE_PID
-          
-          # Once release is done, kill the tail processes
-          kill $TAIL_PID1 $TAIL_PID2   
+          kill $TAIL_PID1 $TAIL_PID2 || true
+
+          # Zip logs/output
+          if [ "$DRYRUN_MODE" = "1" ]; then
+            zip logs.zip "$RELEASE_DIR/docker-build.log" "$OUTPUT_DIR/*.log"
+            zip -9 output.zip -r "$OUTPUT_DIR"
+          else
+            zip -P "$ASF_PASSWORD" logs.zip "$RELEASE_DIR/docker-build.log" "$OUTPUT_DIR/*.log"
+            zip -9 -P "$ASF_PASSWORD" output.zip -r "$OUTPUT_DIR"
+          fi
       - name: Upload logs
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: build-logs
-          path: spark-release/docker-build.log
+          path: logs.zip
       - name: Upload output
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: build-output
-          path: spark-release/output
+          path: output.zip
