ci: add a strict license-binary checker that files a tracking issue on license drift#4734
Merged
Merged
Conversation
…n drift Resolves apache#4692. PR builds run check_binary_deps.py with --ignore-transitive-version (apache#4693) so a benign upstream version bump on a transitive dep does not block merges. This workflow runs the same checks **without** that flag every night on `main` so transitive drift is still visible and actionable before each release. On non-zero exit it files (or updates) one tracking issue identified by the stable label `license-binary-drift`; on a clean run it closes the issue if one is open. Workflow shape: - frontend-npm | agent-npm | python | jar — one job per ecosystem, each rebuilds its dist exactly the way build.yml does and runs the strict check; failures don't fail the workflow (continue-on-error) so all four still run. - jar uses the unified check across every dist's lib/ rather than a per-service matrix; per-service placement errors are still caught by build.yml on every PR, and the nightly's job is exact-version drift which the unified check surfaces just as well. - report — aggregates per-ecosystem results from artifacts and creates / updates / closes the tracking issue via actions/github-script. Skips issue management when not on the default branch (so workflow_dispatch on feature branches still runs the checks but does not surface issues). Trigger: schedule (07:00 UTC daily) + workflow_dispatch. Permissions: issues:write for the report job. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4734 +/- ##
============================================
+ Coverage 43.36% 43.40% +0.03%
- Complexity 2039 2103 +64
============================================
Files 957 957
Lines 34077 34946 +869
Branches 3753 3893 +140
============================================
+ Hits 14778 15168 +390
- Misses 18510 18976 +466
- Partials 789 802 +13
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Per review on apache#4734: instead of duplicating build.yml's dist-producing steps in the nightly workflow, parametrize build.yml with a new `ignore_transitive_version` input and have the nightly call it as a reusable workflow with that input flipped to false. PR builds keep the default (true). This guarantees PR and nightly runs go through identical code paths — the only difference between them is the value of one input. Changes: - build.yml: add `ignore_transitive_version: boolean = true` input. Replace each of the 6 hard-coded `--ignore-transitive-version` flags (frontend/amber/platform/python/agent-service license checks) with `${{ inputs.ignore_transitive_version && '--ignore-transitive-version' || '' }}`. The platform job's check previously didn't pass the flag at all (strict on PRs); this commit unifies it with the rest so all five ecosystems behave the same: relaxed on PRs, strict on nightly. - license-binary-nightly.yml: drop the per-ecosystem job copies. The workflow now has just two jobs: - build: `uses: ./.github/workflows/build.yml` with `ignore_transitive_version: false`, `secrets: inherit`. - report: walks the current run's jobs via listJobsForWorkflowRun, identifies license-check step failures (regex matches step names containing "license-binary" or "binary licenses"), and creates / updates / closes the tracking issue accordingly. Non-license step failures (flaky tests, network blips) are ignored so they don't spuriously surface as drift. The report step's six branches (drift+new, drift+existing, clean+existing, clean+nothing, non-license-failure-only, default-branch guard) were exercised end-to-end with stubbed github/context/core under Node before push. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Yicong-Huang
reviewed
May 3, 2026
Yicong-Huang
reviewed
May 3, 2026
Yicong-Huang
approved these changes
May 3, 2026
Yicong-Huang
left a comment
Contributor
There was a problem hiding this comment.
looks really nice! can't wait to try it. can you simplify PR description? it is a bit length for later read.
Per review on apache#4734: replace the boolean input with a string "mode" so the call sites name *what* they are (PR-time relaxed vs. release-time strict) instead of *what flag they pass*. build.yml: inputs.mode: string, default "PR" "PR" -> --ignore-transitive-version (relaxed) "release" -> no flag (strict exact-match) The five license-check invocations now read ${{ inputs.mode == 'PR' && '--ignore-transitive-version' || '' }} so any value other than "PR" falls through to strict, which is the safer side. workflow_call inputs cannot enforce string enums; the valid values are documented inline. license-binary-nightly.yml: Pass `mode: release` instead of `ignore_transitive_version: false`. Updated the inline comment + tracking-issue body wording to match. required-checks.yml is unchanged: it doesn't pass this input, so PR builds keep the default ("PR") and behave exactly as before. Re-ran the three representative report scenarios (drift+new, clean+existing, non-license failure only) under Node with stubbed github/context/core; all three still behave correctly. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Per review on apache#4734: 07:00 UTC was midnight PDT, when many people are still working. Move to 11:00 UTC so it lands outside US-Pacific working hours. GitHub cron is fixed UTC; the local clock-time shifts by an hour at DST transitions. Daily cadence is fine for now; if it turns out to be too frequent we can drop to every 48–72 h. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
bobbai00
added a commit
to bobbai00/texera
that referenced
this pull request
May 3, 2026
* ci: nightly strict license-binary check that files a tracking issue on drift Resolves apache#4692. PR builds run check_binary_deps.py with --ignore-transitive-version (apache#4693) so a benign upstream version bump on a transitive dep does not block merges. This workflow runs the same checks **without** that flag every night on `main` so transitive drift is still visible and actionable before each release. On non-zero exit it files (or updates) one tracking issue identified by the stable label `license-binary-drift`; on a clean run it closes the issue if one is open. Workflow shape: - frontend-npm | agent-npm | python | jar — one job per ecosystem, each rebuilds its dist exactly the way build.yml does and runs the strict check; failures don't fail the workflow (continue-on-error) so all four still run. - jar uses the unified check across every dist's lib/ rather than a per-service matrix; per-service placement errors are still caught by build.yml on every PR, and the nightly's job is exact-version drift which the unified check surfaces just as well. - report — aggregates per-ecosystem results from artifacts and creates / updates / closes the tracking issue via actions/github-script. Skips issue management when not on the default branch (so workflow_dispatch on feature branches still runs the checks but does not surface issues). Trigger: schedule (07:00 UTC daily) + workflow_dispatch. Permissions: issues:write for the report job. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ci): repair direct-backport-push YAML and post backport result comments (apache#4846) ### What changes were proposed in this PR? Three changes to `.github/workflows/direct-backport-push.yml`. **1. Repair YAML.** The inline `python3 -c '<source>'` from apache#4696 put Python at column 0 inside a `run: |` block indented at column 10. YAML treats `import re, sys` as a top-level key, so every push to `main` failed in 0 seconds with 0 jobs (e.g. [run 25271247473](https://github.com/apache/texera/actions/runs/25271247473)). Python can't be re-indented (top-level statements reject leading whitespace), so the script moves to `.github/scripts/compose-backport-message.py`. Behavior unchanged. **2. Surface backport status on the original commit + PR.** Cherry-picks produce a new SHA, so the release branch never appears in the auto-derived branch badge on the main commit. Three channels instead — commit status badge, commit comment, PR comment — on success; commit status + PR comment on failure with an inline conflict diagnosis. Success PR comment: > Backport to [`release/0.4`](…/tree/release/0.4) succeeded as [`a1b2c3d`](…/commit/a1b2c3d…). [Run](…) Failure PR comment (when cherry-pick conflicts): > Backport to `release/0.4` failed. See [job log](…/job/…). > > **Conflicts in:** > - `f.txt` > > **Likely-missing prerequisites on main** (commits that touched these files between merge-base `6343a1bc` and `c027f3b2^` — consider backporting these first): > - `958b8e8 main: prereq edit f` Capped at 5 files / 10 commits; full detail stays in the job log. Rebase-race conflicts get the same shape but list the racing commits on `origin/<target>` instead. **3. Retry + structured logging.** `git push` retries 5x with `[0, 5, 15, 30, 60]s` backoff and rebases on `origin/<target>` between attempts to absorb push races. Annotation API calls retry with `[0, 2, 5, 15]s` and degrade to warnings on final failure (a 5xx on a comment shouldn't undo a successful cherry-pick). Every phase is wrapped in `::group::` markers with a `[backport <target>] ...` prefix. ### Any related issues, documentation, discussions? Fixes the regression introduced in apache#4696. ### How was this PR tested? `yaml.safe_load` parses the workflow. `compose-backport-message.py` round-trips through `git interpret-trailers --parse` with `Co-authored-by` preserved. The conflict diagnosis output above came verbatim from a throwaway repo where main introduces a prerequisite edit + feature commit and the release branch touches the same lines. ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (Opus 4.7, 1M context) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci: reuse build.yml for nightly via ignore_transitive_version input Per review on apache#4734: instead of duplicating build.yml's dist-producing steps in the nightly workflow, parametrize build.yml with a new `ignore_transitive_version` input and have the nightly call it as a reusable workflow with that input flipped to false. PR builds keep the default (true). This guarantees PR and nightly runs go through identical code paths — the only difference between them is the value of one input. Changes: - build.yml: add `ignore_transitive_version: boolean = true` input. Replace each of the 6 hard-coded `--ignore-transitive-version` flags (frontend/amber/platform/python/agent-service license checks) with `${{ inputs.ignore_transitive_version && '--ignore-transitive-version' || '' }}`. The platform job's check previously didn't pass the flag at all (strict on PRs); this commit unifies it with the rest so all five ecosystems behave the same: relaxed on PRs, strict on nightly. - license-binary-nightly.yml: drop the per-ecosystem job copies. The workflow now has just two jobs: - build: `uses: ./.github/workflows/build.yml` with `ignore_transitive_version: false`, `secrets: inherit`. - report: walks the current run's jobs via listJobsForWorkflowRun, identifies license-check step failures (regex matches step names containing "license-binary" or "binary licenses"), and creates / updates / closes the tracking issue accordingly. Non-license step failures (flaky tests, network blips) are ignored so they don't spuriously surface as drift. The report step's six branches (drift+new, drift+existing, clean+existing, clean+nothing, non-license-failure-only, default-branch guard) were exercised end-to-end with stubbed github/context/core under Node before push. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(workflow-core): add unit test coverage for VFSURIFactory (apache#4757) ### What changes were proposed in this PR? Add `VFSURIFactorySpec` covering URI construction and decoding in `VFSURIFactory`: - `createResultURI` includes wid/eid/globalportid and the result resource type - Result URIs round-trip through `decodeURI` - `createRuntimeStatisticsURI` omits the `opid/` segment - `createConsoleMessagesURI` embeds the operator id and the `consoleMessages` resource type - `decodeURI` rejects non-vfs schemes, URIs missing required segments, and unknown resource-type tails ### Any related issues, documentation, discussions? Closes apache#4756 ### How was this PR tested? `sbt "WorkflowCore/testOnly org.apache.texera.amber.core.storage.VFSURIFactorySpec"` — 7/7 tests pass. ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (Claude Opus 4.7) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci: rename ignore_transitive_version input to mode (PR | release) Per review on apache#4734: replace the boolean input with a string "mode" so the call sites name *what* they are (PR-time relaxed vs. release-time strict) instead of *what flag they pass*. build.yml: inputs.mode: string, default "PR" "PR" -> --ignore-transitive-version (relaxed) "release" -> no flag (strict exact-match) The five license-check invocations now read ${{ inputs.mode == 'PR' && '--ignore-transitive-version' || '' }} so any value other than "PR" falls through to strict, which is the safer side. workflow_call inputs cannot enforce string enums; the valid values are documented inline. license-binary-nightly.yml: Pass `mode: release` instead of `ignore_transitive_version: false`. Updated the inline comment + tracking-issue body wording to match. required-checks.yml is unchanged: it doesn't pass this input, so PR builds keep the default ("PR") and behave exactly as before. Re-ran the three representative report scenarios (drift+new, clean+existing, non-license failure only) under Node with stubbed github/context/core; all three still behave correctly. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci(nightly): move schedule to 11:00 UTC (04:00 PDT / 03:00 PST) Per review on apache#4734: 07:00 UTC was midnight PDT, when many people are still working. Move to 11:00 UTC so it lands outside US-Pacific working hours. GitHub cron is fixed UTC; the local clock-time shifts by an hour at DST transitions. Daily cadence is fine for now; if it turns out to be too frequent we can drop to every 48–72 h. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Yicong Huang <17627829+Yicong-Huang@users.noreply.github.com> Co-authored-by: Xinyuan Lin <xinyual3@uci.edu>
Per review on apache#4734: - build.yml mode input now documents three values: PR (default, relaxed) | nightly (strict, scheduled checker) | release (strict, cutting an RC). Both `nightly` and `release` fall through to no flag — the existing conditional `inputs.mode == 'PR' && '...' || ''` already handles them correctly, only the doc needed updating. - Renamed license-binary-nightly.yml → license-binary-checker.yml (via git mv). Workflow `name:` now "License Binary Checker"; top-of- file comment + concurrency group updated to match. - Calls build.yml with `mode: nightly` (was `release`). - Stripped "(nightly)" from the issue title; reworded the body to say "scheduled job" instead of "nightly job"; the close-issue comment says "scheduled run". - Issue body now follows ISSUE_TEMPLATE/task-template.yaml's rendered shape: ### Task Summary, ### Task Type (with DevOps/CI box checked), Apache CoC footer. Added the `triage` label that the template applies by default, alongside the workflow's stable `license-binary-drift` and `ci`. - Made the github-token explicit on the github-script step (`secrets.GITHUB_TOKEN`) to match issue-triage.yml's convention; the issue creator will appear as `github-actions[bot]`. Workflow-level `permissions: { issues: write, actions: read }` is enough — no PAT needed. Re-ran the three representative report scenarios under Node with stubbed github/context/core; drift+new now files an issue with the templated body shape and triage label, clean+existing closes with the reworded comment, non-license failures stay no-ops. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
bobbai00
added a commit
to bobbai00/texera
that referenced
this pull request
May 3, 2026
* ci: nightly strict license-binary check that files a tracking issue on drift Resolves apache#4692. PR builds run check_binary_deps.py with --ignore-transitive-version (apache#4693) so a benign upstream version bump on a transitive dep does not block merges. This workflow runs the same checks **without** that flag every night on `main` so transitive drift is still visible and actionable before each release. On non-zero exit it files (or updates) one tracking issue identified by the stable label `license-binary-drift`; on a clean run it closes the issue if one is open. Workflow shape: - frontend-npm | agent-npm | python | jar — one job per ecosystem, each rebuilds its dist exactly the way build.yml does and runs the strict check; failures don't fail the workflow (continue-on-error) so all four still run. - jar uses the unified check across every dist's lib/ rather than a per-service matrix; per-service placement errors are still caught by build.yml on every PR, and the nightly's job is exact-version drift which the unified check surfaces just as well. - report — aggregates per-ecosystem results from artifacts and creates / updates / closes the tracking issue via actions/github-script. Skips issue management when not on the default branch (so workflow_dispatch on feature branches still runs the checks but does not surface issues). Trigger: schedule (07:00 UTC daily) + workflow_dispatch. Permissions: issues:write for the report job. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci: reuse build.yml for nightly via ignore_transitive_version input Per review on apache#4734: instead of duplicating build.yml's dist-producing steps in the nightly workflow, parametrize build.yml with a new `ignore_transitive_version` input and have the nightly call it as a reusable workflow with that input flipped to false. PR builds keep the default (true). This guarantees PR and nightly runs go through identical code paths — the only difference between them is the value of one input. Changes: - build.yml: add `ignore_transitive_version: boolean = true` input. Replace each of the 6 hard-coded `--ignore-transitive-version` flags (frontend/amber/platform/python/agent-service license checks) with `${{ inputs.ignore_transitive_version && '--ignore-transitive-version' || '' }}`. The platform job's check previously didn't pass the flag at all (strict on PRs); this commit unifies it with the rest so all five ecosystems behave the same: relaxed on PRs, strict on nightly. - license-binary-nightly.yml: drop the per-ecosystem job copies. The workflow now has just two jobs: - build: `uses: ./.github/workflows/build.yml` with `ignore_transitive_version: false`, `secrets: inherit`. - report: walks the current run's jobs via listJobsForWorkflowRun, identifies license-check step failures (regex matches step names containing "license-binary" or "binary licenses"), and creates / updates / closes the tracking issue accordingly. Non-license step failures (flaky tests, network blips) are ignored so they don't spuriously surface as drift. The report step's six branches (drift+new, drift+existing, clean+existing, clean+nothing, non-license-failure-only, default-branch guard) were exercised end-to-end with stubbed github/context/core under Node before push. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci: rename ignore_transitive_version input to mode (PR | release) Per review on apache#4734: replace the boolean input with a string "mode" so the call sites name *what* they are (PR-time relaxed vs. release-time strict) instead of *what flag they pass*. build.yml: inputs.mode: string, default "PR" "PR" -> --ignore-transitive-version (relaxed) "release" -> no flag (strict exact-match) The five license-check invocations now read ${{ inputs.mode == 'PR' && '--ignore-transitive-version' || '' }} so any value other than "PR" falls through to strict, which is the safer side. workflow_call inputs cannot enforce string enums; the valid values are documented inline. license-binary-nightly.yml: Pass `mode: release` instead of `ignore_transitive_version: false`. Updated the inline comment + tracking-issue body wording to match. required-checks.yml is unchanged: it doesn't pass this input, so PR builds keep the default ("PR") and behave exactly as before. Re-ran the three representative report scenarios (drift+new, clean+existing, non-license failure only) under Node with stubbed github/context/core; all three still behave correctly. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci(nightly): move schedule to 11:00 UTC (04:00 PDT / 03:00 PST) Per review on apache#4734: 07:00 UTC was midnight PDT, when many people are still working. Move to 11:00 UTC so it lands outside US-Pacific working hours. GitHub cron is fixed UTC; the local clock-time shifts by an hour at DST transitions. Daily cadence is fine for now; if it turns out to be too frequent we can drop to every 48–72 h. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci: rename nightly workflow to License Binary Checker; add nightly mode Per review on apache#4734: - build.yml mode input now documents three values: PR (default, relaxed) | nightly (strict, scheduled checker) | release (strict, cutting an RC). Both `nightly` and `release` fall through to no flag — the existing conditional `inputs.mode == 'PR' && '...' || ''` already handles them correctly, only the doc needed updating. - Renamed license-binary-nightly.yml → license-binary-checker.yml (via git mv). Workflow `name:` now "License Binary Checker"; top-of- file comment + concurrency group updated to match. - Calls build.yml with `mode: nightly` (was `release`). - Stripped "(nightly)" from the issue title; reworded the body to say "scheduled job" instead of "nightly job"; the close-issue comment says "scheduled run". - Issue body now follows ISSUE_TEMPLATE/task-template.yaml's rendered shape: ### Task Summary, ### Task Type (with DevOps/CI box checked), Apache CoC footer. Added the `triage` label that the template applies by default, alongside the workflow's stable `license-binary-drift` and `ci`. - Made the github-token explicit on the github-script step (`secrets.GITHUB_TOKEN`) to match issue-triage.yml's convention; the issue creator will appear as `github-actions[bot]`. Workflow-level `permissions: { issues: write, actions: read }` is enough — no PAT needed. Re-ran the three representative report scenarios under Node with stubbed github/context/core; drift+new now files an issue with the templated body shape and triage label, clean+existing closes with the reworded comment, non-license failures stay no-ops. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Per review on apache#4734: drop the prose padding in the workflow files and issue body — keep just the facts (where the drift is, how to resolve). build.yml: mode input comment shrunk from a 12-line block to 2 lines naming the three values and which one passes the flag. license-binary-checker.yml: - File header trimmed from 13 lines to 3. - Cron / permissions / job comments collapsed to inline notes. - Issue body now leads with `License-binary drift on <sha>`, followed by `**Where:**` (the failed jobs/steps) and `**How to resolve:**` (refresh the per-module LICENSE-binary file(s)). Removed the PR-vs-nightly explanation paragraph and the redundant "License checks that passed" section. Task Type checkboxes + Apache CoC footer kept to match the task template. Re-ran the report scenarios; behavior unchanged, body is ~12 lines of substance instead of ~25. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… issue
The label license-binary-drift isn't a pre-existing repo label. issues.create
would silently auto-create it on first run with a random color and no
description, and listForRepo({labels: ...}) returns empty until the label
exists — meaning the first run could file a duplicate issue.
Add an idempotent createLabel call at the top of the script (catches 422
"already exists"). Works in any fork without a manual prerequisite.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The label now exists in apache/texera, so the in-script createLabel guard is unnecessary. Reverts the previous commit's idempotent block. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Yicong-Huang
pushed a commit
that referenced
this pull request
May 3, 2026
…n license drift (#4734) ### What changes were proposed in this PR? This PR: - add a new parameter to `build.yml` to tune the mode of the license checking - add a new CI: `license-binary-nightly.yml` that include one `build` job that does `uses: ./.github/workflows/build.yml` with `mode` to be `release`, and one `report` job that will raise an issue if there is a drift on the license binary. ### Any related issues, documentation, discussions? Resolves #4692. ### How was this PR tested? Verified using my personal fork: bobbai00#6 https://github.com/bobbai00/texera/actions/runs/25273894144 ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (claude-opus-4-7) --------- (backported from commit 7dc68ba) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
Backport to |
This was referenced May 3, 2026
bobbai00
added a commit
that referenced
this pull request
May 3, 2026
…it (#4857) ### What changes were proposed in this PR? Add a \`build\` job at the top of \`create-release-candidate.yml\` that calls the reusable \`build.yml\` with: - \`checkout_ref: \${{ github.event.inputs.tag }}\` — build the tagged commit (\`build.yml\` already accepts this input). - \`mode: release\` — strict license-binary check, no \`--ignore-transitive-version\` (the third mode added in #4734 alongside \`PR\` and \`nightly\`). \`create-rc\` now depends on \`build\` via \`needs: build\`. If the tag doesn't compile or has license-binary drift, no RC tarball is produced and nothing is signed/uploaded to ASF SVN. ### Any related issues, documentation, discussions? Closes #4856. ### How was this PR tested? ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (claude-opus-4-7) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Yicong-Huang
pushed a commit
that referenced
this pull request
May 3, 2026
…it (#4857) ### What changes were proposed in this PR? Add a \`build\` job at the top of \`create-release-candidate.yml\` that calls the reusable \`build.yml\` with: - \`checkout_ref: \${{ github.event.inputs.tag }}\` — build the tagged commit (\`build.yml\` already accepts this input). - \`mode: release\` — strict license-binary check, no \`--ignore-transitive-version\` (the third mode added in #4734 alongside \`PR\` and \`nightly\`). \`create-rc\` now depends on \`build\` via \`needs: build\`. If the tag doesn't compile or has license-binary drift, no RC tarball is produced and nothing is signed/uploaded to ASF SVN. ### Any related issues, documentation, discussions? Closes #4856. ### How was this PR tested? ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (claude-opus-4-7) (backported from commit 31adc70) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
yangzhang75
pushed a commit
to yangzhang75/texera
that referenced
this pull request
Jun 22, 2026
…n license drift (apache#4734) ### What changes were proposed in this PR? This PR: - add a new parameter to `build.yml` to tune the mode of the license checking - add a new CI: `license-binary-nightly.yml` that include one `build` job that does `uses: ./.github/workflows/build.yml` with `mode` to be `release`, and one `report` job that will raise an issue if there is a drift on the license binary. ### Any related issues, documentation, discussions? Resolves apache#4692. ### How was this PR tested? Verified using my personal fork: bobbai00#6 https://github.com/bobbai00/texera/actions/runs/25273894144 ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (claude-opus-4-7) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
yangzhang75
pushed a commit
to yangzhang75/texera
that referenced
this pull request
Jun 22, 2026
…it (apache#4857) ### What changes were proposed in this PR? Add a \`build\` job at the top of \`create-release-candidate.yml\` that calls the reusable \`build.yml\` with: - \`checkout_ref: \${{ github.event.inputs.tag }}\` — build the tagged commit (\`build.yml\` already accepts this input). - \`mode: release\` — strict license-binary check, no \`--ignore-transitive-version\` (the third mode added in apache#4734 alongside \`PR\` and \`nightly\`). \`create-rc\` now depends on \`build\` via \`needs: build\`. If the tag doesn't compile or has license-binary drift, no RC tarball is produced and nothing is signed/uploaded to ASF SVN. ### Any related issues, documentation, discussions? Closes apache#4856. ### How was this PR tested? ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (claude-opus-4-7) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this PR?
This PR:
build.ymlto tune the mode of the license checkinglicense-binary-nightly.ymlthat include onebuildjob that doesuses: ./.github/workflows/build.ymlwithmodeto berelease, and onereportjob that will raise an issue if there is a drift on the license binary.Any related issues, documentation, discussions?
Resolves #4692.
How was this PR tested?
Verified using my personal fork:
bobbai00#6
https://github.com/bobbai00/texera/actions/runs/25273894144
Was this PR authored or co-authored using generative AI tooling?
Generated-by: Claude Code (claude-opus-4-7)