From 817b479deeaebafa075611be3799d971960ecf51 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Fri, 17 Apr 2026 18:14:48 -0700 Subject: [PATCH 01/22] Create new signing script --- dev/release/07-flightsqlodbc-upload.sh | 184 +++++++++++++++++++++++++ dev/release/08-publish-gh-release.sh | 38 +++++ dev/release/09-binary-verify.sh | 49 +++++++ 3 files changed, 271 insertions(+) create mode 100755 dev/release/07-flightsqlodbc-upload.sh create mode 100755 dev/release/08-publish-gh-release.sh create mode 100755 dev/release/09-binary-verify.sh diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh new file mode 100755 index 000000000000..463f6749af22 --- /dev/null +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -0,0 +1,184 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# FlightSQL ODBC Release Signing Script +# +# This script handles the signing of FlightSQL ODBC Windows binaries and MSI +# installer. It requires jsign to be configured with ASF code signing +# credentials. Keep reading below: +# +# Required environment variables: +# +# ESIGNER_STOREPASS - The ssl.com credentials in "username|password" format +# ESIGNER_KEYPASS - The ssl.com eSigner secret code (not the PIN) +# +# How to get ESIGNER_KEYPASS: +# +# 1. Log into ssl.com +# 2. In your Dashboard, under "invitations", click the link under the order. Or +# go to Orders, find the order, expand the order, and click "certificate +# details" +# 3. Enter your PIN to get your OTP. This is ESIGNER_KEYPASS. +# +# If you don't have access, see https://infra.apache.org/code-signing-use.html. + +set -e +set -u +set -o pipefail + +SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +if [ -z "${ESIGNER_STOREPASS:-}" ]; then + echo "ERROR: ESIGNER_STOREPASS is not set" >&2 + exit 1 +fi +if [ -z "${ESIGNER_KEYPASS:-}" ]; then + echo "ERROR: ESIGNER_KEYPASS is not set" >&2 + exit 1 +fi + +. "${SOURCE_DIR}/utils-env.sh" + +version=$1 +rc=$2 + +version_with_rc="${version}-rc${rc}" +tag="apache-arrow-${version_with_rc}" + +dll_unsigned="arrow_flight_sql_odbc_unsigned.dll" +dll_signed="arrow_flight_sql_odbc.dll" + +: "${GITHUB_REPOSITORY:=apache/arrow}" + +: ${PHASE_DEFAULT=1} +: ${PHASE_SIGN_DLL=${PHASE_DEFAULT}} +: ${PHASE_BUILD_MSI=${PHASE_DEFAULT}} +: ${PHASE_SIGN_MSI=${PHASE_DEFAULT}} + +if [ ${PHASE_SIGN_DLL} -eq 0 ] && [ ${PHASE_BUILD_MSI} -eq 0 ] && [ ${PHASE_SIGN_MSI} -eq 0 ]; then + echo "No phases specified. Exiting." + exit 1 +fi + +# Utility function to use jsign to check if a file is signed or not +is_signed() { + local file="$1" + local output + local exit_code + output=$(jsign extract --format PEM "${file}" 2>&1) + exit_code=$? + # jsign writes a PEM file even though it also prints to stdout. Clean up after + # it. Use -f since so it still runs on unsigned files without error. + rm -f "${file}.sig.pem" + + return ${exit_code} +} + +# All work with release artifacts happens in a temp dir +tmp_dir="$(mktemp -d)" + +if [ ${PHASE_SIGN_DLL} -gt 0 ]; then + echo "[1/8] Downloading ${dll_unsigned} from release..." + gh release download "${tag}" \ + --repo "${GITHUB_REPOSITORY}" \ + --pattern "${dll_unsigned}" \ + --dir "${tmp_dir}" + if is_signed "${tmp_dir}/${dll_unsigned}"; then + echo "ERROR: ${dll_unsigned} is already signed" >&2 + exit 1 + fi + + echo "[2/8] Signing ${dll_signed}..." + echo "NOTE: Running jsign. You may be prompted for your OTP PIN..." + jsign --storetype ESIGNER \ + --alias d97c5110-c66a-4c0c-ac0c-1cd6af812ee6 \ + --storepass "${ESIGNER_STOREPASS}" \ + --keypass "${ESIGNER_KEYPASS}" \ + --tsaurl="http://ts.ssl.com" \ + --tsmode RFC3161 \ + --alg SHA256 \ + "${tmp_dir}/${dll_unsigned}" + if ! is_signed "${tmp_dir}/${dll_signed}"; then + echo "ERROR: ${dll_signed} is not signed" >&2 + exit 1 + fi + + echo "[3/8] Uploading signed DLL to GitHub Release..." + gh release upload "${tag}" \ + --repo "${GITHUB_REPOSITORY}" \ + --clobber \ + "${tmp_dir}/${dll_signed}" +fi + +if [ ${PHASE_BUILD_MSI} -gt 0 ]; then + echo "[4/8] Triggering odbc_release_step in cpp_extra.yml workflow..." + run_url=$(gh workflow run cpp_extra.yml \ + --repo "${GITHUB_REPOSITORY}" \ + --ref "${tag}" \ + --field odbc_release_step=true 2>&1 | grep -oE 'https://[^ ]+') + run_id=${run_url##*/} # Extract the run ID from the URL (the part after the last slash) + if [ -z "${run_id}" ]; then + echo "ERROR: failed to get run ID from workflow trigger" >&2 + exit 1 + fi + echo "Triggered run: ${run_url}" + + echo "[5/8] Waiting for workflow to complete..." + gh run watch "${run_id}" --repo "${GITHUB_REPOSITORY}" --exit-status + echo "Run id ${run_id} completed." +fi + +if [ ${PHASE_SIGN_MSI} -gt 0 ]; then + echo "[6/8] Downloading unsigned MSI..." + gh release download "${tag}" \ + --repo "${GITHUB_REPOSITORY}" \ + --pattern "Apache-Arrow-Flight-SQL-ODBC-*-win64.msi" \ + --dir "${tmp_dir}" + msi="${tmp_dir}/Apache-Arrow-Flight-SQL-ODBC-${version}-win64.msi" + if is_signed "${msi}"; then + echo "ERROR: MSI is already signed" >&2 + exit 1 + fi + + echo "[7/8] Signing MSI..." + echo "NOTE: Running jsign. You may be prompted for your OTP PIN..." + jsign --storetype ESIGNER \ + --alias d97c5110-c66a-4c0c-ac0c-1cd6af812ee6 \ + --storepass "${ESIGNER_STOREPASS}" \ + --keypass "${ESIGNER_KEYPASS}" \ + --tsaurl="http://ts.ssl.com" \ + --tsmode RFC3161 \ + --alg SHA256 \ + "${msi}" + if ! is_signed "${msi}"; then + echo "ERROR: MSI is not signed" >&2 + exit 1 + fi + + echo "[8/8] Uploading signed MSI to GitHub Release..." + gh release upload "${tag}" \ + --repo "${GITHUB_REPOSITORY}" \ + --clobber \ + "${msi}" +fi diff --git a/dev/release/08-publish-gh-release.sh b/dev/release/08-publish-gh-release.sh new file mode 100755 index 000000000000..7e542df8fcbc --- /dev/null +++ b/dev/release/08-publish-gh-release.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +set -e +set -u +set -o pipefail + +SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit +fi + +. "${SOURCE_DIR}/utils-env.sh" + +version=$1 +rc=$2 +REPOSITORY="apache/arrow" + +rc_tag="apache-arrow-${version}-rc${rc}" +gh release edit ${rc_tag} --repo ${REPOSITORY} --draft=false diff --git a/dev/release/09-binary-verify.sh b/dev/release/09-binary-verify.sh new file mode 100755 index 000000000000..9db8a219e3f2 --- /dev/null +++ b/dev/release/09-binary-verify.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +set -e +set -u +set -o pipefail + +SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit +fi + +. "${SOURCE_DIR}/utils-env.sh" + +version=$1 +rc=$2 + +rc_tag="apache-arrow-${version}-rc${rc}" +repository="${REPOSITORY:-apache/arrow}" + +run_id=$(gh run list \ + --branch "${rc_tag}" \ + --jq '.[].databaseId' \ + --json databaseId \ + --limit 1 \ + --repo "${repository}" \ + --workflow "verify_rc.yml") +gh run rerun \ + "${run_id}" \ + --failed \ + --repo "${repository}" From 61e7503eb711ebf67c57dd00bf1be65fd3684fbc Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Fri, 17 Apr 2026 18:20:55 -0700 Subject: [PATCH 02/22] remove the unsigned dll from the release --- dev/release/07-flightsqlodbc-upload.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 463f6749af22..0ca2893431bd 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -99,7 +99,7 @@ is_signed() { tmp_dir="$(mktemp -d)" if [ ${PHASE_SIGN_DLL} -gt 0 ]; then - echo "[1/8] Downloading ${dll_unsigned} from release..." + echo "[1/9] Downloading ${dll_unsigned} from release..." gh release download "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ --pattern "${dll_unsigned}" \ @@ -109,7 +109,7 @@ if [ ${PHASE_SIGN_DLL} -gt 0 ]; then exit 1 fi - echo "[2/8] Signing ${dll_signed}..." + echo "[2/9] Signing ${dll_signed}..." echo "NOTE: Running jsign. You may be prompted for your OTP PIN..." jsign --storetype ESIGNER \ --alias d97c5110-c66a-4c0c-ac0c-1cd6af812ee6 \ @@ -124,15 +124,21 @@ if [ ${PHASE_SIGN_DLL} -gt 0 ]; then exit 1 fi - echo "[3/8] Uploading signed DLL to GitHub Release..." + echo "[3/9] Uploading signed DLL to GitHub Release..." gh release upload "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ --clobber \ "${tmp_dir}/${dll_signed}" + + echo "[4/9] Removing unsigned DLL from GitHub Release..." + gh release delete-asset "${tag}" \ + --repo "${GITHUB_REPOSITORY}" \ + --yes \ + "${dll_unsigned}" fi if [ ${PHASE_BUILD_MSI} -gt 0 ]; then - echo "[4/8] Triggering odbc_release_step in cpp_extra.yml workflow..." + echo "[5/9] Triggering odbc_release_step in cpp_extra.yml workflow..." run_url=$(gh workflow run cpp_extra.yml \ --repo "${GITHUB_REPOSITORY}" \ --ref "${tag}" \ @@ -144,13 +150,13 @@ if [ ${PHASE_BUILD_MSI} -gt 0 ]; then fi echo "Triggered run: ${run_url}" - echo "[5/8] Waiting for workflow to complete..." + echo "[6/9] Waiting for workflow to complete..." gh run watch "${run_id}" --repo "${GITHUB_REPOSITORY}" --exit-status echo "Run id ${run_id} completed." fi if [ ${PHASE_SIGN_MSI} -gt 0 ]; then - echo "[6/8] Downloading unsigned MSI..." + echo "[7/9] Downloading unsigned MSI..." gh release download "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ --pattern "Apache-Arrow-Flight-SQL-ODBC-*-win64.msi" \ @@ -161,7 +167,7 @@ if [ ${PHASE_SIGN_MSI} -gt 0 ]; then exit 1 fi - echo "[7/8] Signing MSI..." + echo "[8/9] Signing MSI..." echo "NOTE: Running jsign. You may be prompted for your OTP PIN..." jsign --storetype ESIGNER \ --alias d97c5110-c66a-4c0c-ac0c-1cd6af812ee6 \ @@ -176,7 +182,7 @@ if [ ${PHASE_SIGN_MSI} -gt 0 ]; then exit 1 fi - echo "[8/8] Uploading signed MSI to GitHub Release..." + echo "[9/9] Uploading signed MSI to GitHub Release..." gh release upload "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ --clobber \ From 0f1f3915490c2b4af4399bc5445aee2a091dbdb1 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 10:46:00 -0700 Subject: [PATCH 03/22] Update dev/release/07-flightsqlodbc-upload.sh Co-authored-by: Sutou Kouhei --- dev/release/07-flightsqlodbc-upload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 0ca2893431bd..f428bb922dc3 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -159,7 +159,7 @@ if [ ${PHASE_SIGN_MSI} -gt 0 ]; then echo "[7/9] Downloading unsigned MSI..." gh release download "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ - --pattern "Apache-Arrow-Flight-SQL-ODBC-*-win64.msi" \ + --pattern "Apache-Arrow-Flight-SQL-ODBC-${version}-win64.msi" \ --dir "${tmp_dir}" msi="${tmp_dir}/Apache-Arrow-Flight-SQL-ODBC-${version}-win64.msi" if is_signed "${msi}"; then From f120e3c41c56c6dfbac08f4969651a95b6982f33 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 10:29:02 -0700 Subject: [PATCH 04/22] remove old scripts --- dev/release/07-publish-gh-release.sh | 38 --------------------- dev/release/08-binary-verify.sh | 49 ---------------------------- 2 files changed, 87 deletions(-) delete mode 100755 dev/release/07-publish-gh-release.sh delete mode 100755 dev/release/08-binary-verify.sh diff --git a/dev/release/07-publish-gh-release.sh b/dev/release/07-publish-gh-release.sh deleted file mode 100755 index 7e542df8fcbc..000000000000 --- a/dev/release/07-publish-gh-release.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e -set -u -set -o pipefail - -SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - -if [ "$#" -ne 2 ]; then - echo "Usage: $0 " - exit -fi - -. "${SOURCE_DIR}/utils-env.sh" - -version=$1 -rc=$2 -REPOSITORY="apache/arrow" - -rc_tag="apache-arrow-${version}-rc${rc}" -gh release edit ${rc_tag} --repo ${REPOSITORY} --draft=false diff --git a/dev/release/08-binary-verify.sh b/dev/release/08-binary-verify.sh deleted file mode 100755 index 9db8a219e3f2..000000000000 --- a/dev/release/08-binary-verify.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e -set -u -set -o pipefail - -SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - -if [ "$#" -ne 2 ]; then - echo "Usage: $0 " - exit -fi - -. "${SOURCE_DIR}/utils-env.sh" - -version=$1 -rc=$2 - -rc_tag="apache-arrow-${version}-rc${rc}" -repository="${REPOSITORY:-apache/arrow}" - -run_id=$(gh run list \ - --branch "${rc_tag}" \ - --jq '.[].databaseId' \ - --json databaseId \ - --limit 1 \ - --repo "${repository}" \ - --workflow "verify_rc.yml") -gh run rerun \ - "${run_id}" \ - --failed \ - --repo "${repository}" From 12b503b041142200da0cbe2a97e62a0dc5e0ae3b Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 10:29:17 -0700 Subject: [PATCH 05/22] add step to release.rst --- docs/source/developers/release.rst | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/source/developers/release.rst b/docs/source/developers/release.rst index 631019f44684..76c77c869488 100644 --- a/docs/source/developers/release.rst +++ b/docs/source/developers/release.rst @@ -264,13 +264,24 @@ Build source and binaries and submit them # NOTE: You need to have GitHub CLI installed to run this script. dev/release/06-matlab-upload.sh + # Sign, build the installer for, and sign the installer for the FlightSQL + # ODBC Windows driver + # + # NOTE: This must be run by a PMC member + # Note: You need to have jsign installed and an available credential from + # ASF to sign artifacts. Not all PMC members will have access to code + # signing. + # Note: The script requires setup of ssl.com environment variables. + # Note: Invoking this script costs money. + dev/release/07-flightsqlodbc-upload.sh + # Move the Release Candidate GitHub Release from draft to published state # This will update the artifacts download URL which will be available for the # verification step. - dev/release/07-publish-gh-release.sh + dev/release/08-publish-gh-release.sh # Start verifications for binaries and wheels - dev/release/08-binary-verify.sh + dev/release/09-binary-verify.sh Verify the Release From 31a99fb9eba9a077a1bb57a86da7bd61ab50c1f2 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 10:30:54 -0700 Subject: [PATCH 06/22] Update pre-commit --- .pre-commit-config.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0544ff11bf88..eddb2a662b2e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -349,7 +349,8 @@ repos: ?^cpp/examples/tutorial_examples/run\.sh$| ?^cpp/src/arrow/flight/sql/odbc/install/unix/install_odbc\.sh$| ?^dev/release/05-binary-upload\.sh$| - ?^dev/release/08-binary-verify\.sh$| + ?^dev/release/07-flightsqlodbc-upload\.sh$| + ?^dev/release/09-binary-verify\.sh$| ?^dev/release/binary-recover\.sh$| ?^dev/release/post-03-binary\.sh$| ?^dev/release/post-08-docs\.sh$| From 62265bd1f92c2b1211bacc64b6d0edd60fa323a0 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 10:39:37 -0700 Subject: [PATCH 07/22] Put env vars in .env.example --- dev/release/.env.example | 7 +++++++ dev/release/07-flightsqlodbc-upload.sh | 2 ++ 2 files changed, 9 insertions(+) diff --git a/dev/release/.env.example b/dev/release/.env.example index 67bc944956c2..3d5226962940 100644 --- a/dev/release/.env.example +++ b/dev/release/.env.example @@ -34,3 +34,10 @@ # # You must set this. #GH_TOKEN=secret + +# For 07-flightsqlodbc-upload.sh. See that script for more details. +# +# ssl.com credentials in "username|password" format +#ESIGNER_STOREPASS=username|password +# ssl.com eSigner secret code (not the PIN) +#ESIGNER_KEYPASS=otp_secret_code diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index f428bb922dc3..0f18c204fd6f 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -28,6 +28,8 @@ # ESIGNER_STOREPASS - The ssl.com credentials in "username|password" format # ESIGNER_KEYPASS - The ssl.com eSigner secret code (not the PIN) # +# Set these in .env. +# # How to get ESIGNER_KEYPASS: # # 1. Log into ssl.com From 92a8ae8860c2267c804ceac62c18f47726e093fd Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 10:43:01 -0700 Subject: [PATCH 08/22] Use fixed local temp dir --- dev/release/07-flightsqlodbc-upload.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 0f18c204fd6f..6b51b1015709 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -97,8 +97,12 @@ is_signed() { return ${exit_code} } -# All work with release artifacts happens in a temp dir -tmp_dir="$(mktemp -d)" +# Use dev/release/tmp for temporary files +tmp_dir="${SOURCE_DIR}/tmp" +if [ -e "${tmp_dir}" ]; then + echo "ERROR: temp dir already exists: ${tmp_dir}. Remove it manually and run again." >&2 + exit 1 +fi if [ ${PHASE_SIGN_DLL} -gt 0 ]; then echo "[1/9] Downloading ${dll_unsigned} from release..." From 5b01a0f4e77af3f7194a1ea99d16f9bec1e104e7 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 10:45:48 -0700 Subject: [PATCH 09/22] use --interval --- dev/release/07-flightsqlodbc-upload.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 6b51b1015709..04e947d886f0 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -156,8 +156,8 @@ if [ ${PHASE_BUILD_MSI} -gt 0 ]; then fi echo "Triggered run: ${run_url}" - echo "[6/9] Waiting for workflow to complete..." - gh run watch "${run_id}" --repo "${GITHUB_REPOSITORY}" --exit-status + echo "[6/9] Waiting for workflow to complete. This can take a very long time..." + gh run watch "${run_id}" --repo "${GITHUB_REPOSITORY}" --exit-status --interval 60 echo "Run id ${run_id} completed." fi From 6717e3477a55c9313effcfa0e31997061a78bc1e Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 10:51:57 -0700 Subject: [PATCH 10/22] fix shellcheck issues in script --- dev/release/07-flightsqlodbc-upload.sh | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 04e947d886f0..6de5fd6bb653 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -73,12 +73,12 @@ dll_signed="arrow_flight_sql_odbc.dll" : "${GITHUB_REPOSITORY:=apache/arrow}" -: ${PHASE_DEFAULT=1} -: ${PHASE_SIGN_DLL=${PHASE_DEFAULT}} -: ${PHASE_BUILD_MSI=${PHASE_DEFAULT}} -: ${PHASE_SIGN_MSI=${PHASE_DEFAULT}} +: "${PHASE_DEFAULT=1}" +: "${PHASE_SIGN_DLL=${PHASE_DEFAULT}}" +: "${PHASE_BUILD_MSI=${PHASE_DEFAULT}}" +: "${PHASE_SIGN_MSI=${PHASE_DEFAULT}}" -if [ ${PHASE_SIGN_DLL} -eq 0 ] && [ ${PHASE_BUILD_MSI} -eq 0 ] && [ ${PHASE_SIGN_MSI} -eq 0 ]; then +if [ "${PHASE_SIGN_DLL}" -eq 0 ] && [ "${PHASE_BUILD_MSI}" -eq 0 ] && [ "${PHASE_SIGN_MSI}" -eq 0 ]; then echo "No phases specified. Exiting." exit 1 fi @@ -86,9 +86,8 @@ fi # Utility function to use jsign to check if a file is signed or not is_signed() { local file="$1" - local output local exit_code - output=$(jsign extract --format PEM "${file}" 2>&1) + jsign extract --format PEM "${file}" > /dev/null 2>&1 exit_code=$? # jsign writes a PEM file even though it also prints to stdout. Clean up after # it. Use -f since so it still runs on unsigned files without error. @@ -104,7 +103,7 @@ if [ -e "${tmp_dir}" ]; then exit 1 fi -if [ ${PHASE_SIGN_DLL} -gt 0 ]; then +if [ "${PHASE_SIGN_DLL}" -gt 0 ]; then echo "[1/9] Downloading ${dll_unsigned} from release..." gh release download "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ @@ -143,7 +142,7 @@ if [ ${PHASE_SIGN_DLL} -gt 0 ]; then "${dll_unsigned}" fi -if [ ${PHASE_BUILD_MSI} -gt 0 ]; then +if [ "${PHASE_BUILD_MSI}" -gt 0 ]; then echo "[5/9] Triggering odbc_release_step in cpp_extra.yml workflow..." run_url=$(gh workflow run cpp_extra.yml \ --repo "${GITHUB_REPOSITORY}" \ @@ -161,7 +160,7 @@ if [ ${PHASE_BUILD_MSI} -gt 0 ]; then echo "Run id ${run_id} completed." fi -if [ ${PHASE_SIGN_MSI} -gt 0 ]; then +if [ "${PHASE_SIGN_MSI}" -gt 0 ]; then echo "[7/9] Downloading unsigned MSI..." gh release download "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ From 33866c709069da16557cfaad645f96a579ab19fb Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 11:04:51 -0700 Subject: [PATCH 11/22] fix latent bug in is_signed --- dev/release/07-flightsqlodbc-upload.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 6de5fd6bb653..3f7070f93dfa 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -86,13 +86,11 @@ fi # Utility function to use jsign to check if a file is signed or not is_signed() { local file="$1" - local exit_code - jsign extract --format PEM "${file}" > /dev/null 2>&1 - exit_code=$? + local exit_code=0 + jsign extract --format PEM "${file}" > /dev/null 2>&1 || exit_code=$? # jsign writes a PEM file even though it also prints to stdout. Clean up after # it. Use -f since so it still runs on unsigned files without error. rm -f "${file}.sig.pem" - return ${exit_code} } From 47ec0389a1086c4af3153891b82a32e148763da8 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 11:09:16 -0700 Subject: [PATCH 12/22] Fix bug with filename --- dev/release/07-flightsqlodbc-upload.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 3f7070f93dfa..4b090482b33f 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -112,7 +112,7 @@ if [ "${PHASE_SIGN_DLL}" -gt 0 ]; then exit 1 fi - echo "[2/9] Signing ${dll_signed}..." + echo "[2/9] Signing ${dll_unsigned}..." echo "NOTE: Running jsign. You may be prompted for your OTP PIN..." jsign --storetype ESIGNER \ --alias d97c5110-c66a-4c0c-ac0c-1cd6af812ee6 \ @@ -122,6 +122,7 @@ if [ "${PHASE_SIGN_DLL}" -gt 0 ]; then --tsmode RFC3161 \ --alg SHA256 \ "${tmp_dir}/${dll_unsigned}" + mv "${tmp_dir}/${dll_unsigned}" "${tmp_dir}/${dll_signed}" if ! is_signed "${tmp_dir}/${dll_signed}"; then echo "ERROR: ${dll_signed} is not signed" >&2 exit 1 From 7f0e6e0282660b56c98bbea39d02495b64350608 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 11:14:19 -0700 Subject: [PATCH 13/22] make it so the grep doesn't fail the script early --- dev/release/07-flightsqlodbc-upload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 4b090482b33f..039c80b29f74 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -146,7 +146,7 @@ if [ "${PHASE_BUILD_MSI}" -gt 0 ]; then run_url=$(gh workflow run cpp_extra.yml \ --repo "${GITHUB_REPOSITORY}" \ --ref "${tag}" \ - --field odbc_release_step=true 2>&1 | grep -oE 'https://[^ ]+') + --field odbc_release_step=true 2>&1 | grep -oE 'https://[^ ]+' || true) run_id=${run_url##*/} # Extract the run ID from the URL (the part after the last slash) if [ -z "${run_id}" ]; then echo "ERROR: failed to get run ID from workflow trigger" >&2 From ff033b6ce6573abebae07b222a93bb3ea0a8fe7c Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 11:19:37 -0700 Subject: [PATCH 14/22] testing, should revert: add libuv1-dev --- .github/workflows/dev.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 80f590ea5930..434457991ae1 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -57,7 +57,8 @@ jobs: sudo apt install -y -V \ pre-commit \ r-base \ - ruby-dev + ruby-dev \ + libuv1-dev - name: Cache pre-commit uses: actions/cache@v5 with: From 7b99cd6ad8cede7ec70374a5192fb7c698a6a8e4 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Sat, 18 Apr 2026 11:31:36 -0700 Subject: [PATCH 15/22] Revert "testing, should revert: add libuv1-dev" This reverts commit ff033b6ce6573abebae07b222a93bb3ea0a8fe7c. --- .github/workflows/dev.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 434457991ae1..80f590ea5930 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -57,8 +57,7 @@ jobs: sudo apt install -y -V \ pre-commit \ r-base \ - ruby-dev \ - libuv1-dev + ruby-dev - name: Cache pre-commit uses: actions/cache@v5 with: From 81b1e88dd175f4d84c4e894177d3752ea5fb0def Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Mon, 20 Apr 2026 08:36:35 -0700 Subject: [PATCH 16/22] move env var checks after utils-env --- dev/release/07-flightsqlodbc-upload.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 039c80b29f74..751d8f463380 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -51,6 +51,8 @@ if [ "$#" -ne 2 ]; then exit 1 fi +. "${SOURCE_DIR}/utils-env.sh" + if [ -z "${ESIGNER_STOREPASS:-}" ]; then echo "ERROR: ESIGNER_STOREPASS is not set" >&2 exit 1 @@ -60,8 +62,6 @@ if [ -z "${ESIGNER_KEYPASS:-}" ]; then exit 1 fi -. "${SOURCE_DIR}/utils-env.sh" - version=$1 rc=$2 From fa646fcb1a5adb7faadc1e7545abcdd736e89bce Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Mon, 20 Apr 2026 08:40:02 -0700 Subject: [PATCH 17/22] add 07 script to shfmt --- .pre-commit-config.yaml | 1 + dev/release/07-flightsqlodbc-upload.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index eddb2a662b2e..2b7e3ce7633d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -377,6 +377,7 @@ repos: ?^ci/scripts/python_test_type_annotations\.sh$| ?^cpp/src/arrow/flight/sql/odbc/install/mac/install_odbc\.sh$| ?^dev/release/05-binary-upload\.sh$| + ?^dev/release/07-flightsqlodbc-upload\.sh$| ?^dev/release/binary-recover\.sh$| ?^dev/release/post-03-binary\.sh$| ?^dev/release/post-08-docs\.sh$| diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 751d8f463380..ff8203070bf4 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -87,7 +87,7 @@ fi is_signed() { local file="$1" local exit_code=0 - jsign extract --format PEM "${file}" > /dev/null 2>&1 || exit_code=$? + jsign extract --format PEM "${file}" >/dev/null 2>&1 || exit_code=$? # jsign writes a PEM file even though it also prints to stdout. Clean up after # it. Use -f since so it still runs on unsigned files without error. rm -f "${file}.sig.pem" From 402b75f91eef25ed005583408adb652384d3fb50 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Mon, 20 Apr 2026 08:41:02 -0700 Subject: [PATCH 18/22] use := --- dev/release/07-flightsqlodbc-upload.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index ff8203070bf4..a644fe0d7725 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -73,10 +73,10 @@ dll_signed="arrow_flight_sql_odbc.dll" : "${GITHUB_REPOSITORY:=apache/arrow}" -: "${PHASE_DEFAULT=1}" -: "${PHASE_SIGN_DLL=${PHASE_DEFAULT}}" -: "${PHASE_BUILD_MSI=${PHASE_DEFAULT}}" -: "${PHASE_SIGN_MSI=${PHASE_DEFAULT}}" +: "${PHASE_DEFAULT:=1}" +: "${PHASE_SIGN_DLL:=${PHASE_DEFAULT}}" +: "${PHASE_BUILD_MSI:=${PHASE_DEFAULT}}" +: "${PHASE_SIGN_MSI:=${PHASE_DEFAULT}}" if [ "${PHASE_SIGN_DLL}" -eq 0 ] && [ "${PHASE_BUILD_MSI}" -eq 0 ] && [ "${PHASE_SIGN_MSI}" -eq 0 ]; then echo "No phases specified. Exiting." From d051f0ba20b3fa58c2ed6fe3e8a931985388c118 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Mon, 20 Apr 2026 08:41:46 -0700 Subject: [PATCH 19/22] use 'rc-number' for consistency --- docs/source/developers/release.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/developers/release.rst b/docs/source/developers/release.rst index 76c77c869488..9c30ba59d994 100644 --- a/docs/source/developers/release.rst +++ b/docs/source/developers/release.rst @@ -273,7 +273,7 @@ Build source and binaries and submit them # signing. # Note: The script requires setup of ssl.com environment variables. # Note: Invoking this script costs money. - dev/release/07-flightsqlodbc-upload.sh + dev/release/07-flightsqlodbc-upload.sh # Move the Release Candidate GitHub Release from draft to published state # This will update the artifacts download URL which will be available for the From 07a432865a28058e9209f3e861175417a3c7f553 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Mon, 20 Apr 2026 08:43:55 -0700 Subject: [PATCH 20/22] rename 09-vote-email to 10-vote-email --- dev/release/{09-vote-email-test.rb => 10-vote-email-test.rb} | 2 +- dev/release/{09-vote-email.sh => 10-vote-email.sh} | 0 docs/source/developers/release.rst | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename dev/release/{09-vote-email-test.rb => 10-vote-email-test.rb} (98%) rename dev/release/{09-vote-email.sh => 10-vote-email.sh} (100%) diff --git a/dev/release/09-vote-email-test.rb b/dev/release/10-vote-email-test.rb similarity index 98% rename from dev/release/09-vote-email-test.rb rename to dev/release/10-vote-email-test.rb index bae314b24511..2423856c0b29 100644 --- a/dev/release/09-vote-email-test.rb +++ b/dev/release/10-vote-email-test.rb @@ -24,7 +24,7 @@ def setup detect_versions @tag_name_no_rc = "apache-arrow-#{@release_version}" @archive_name = "apache-arrow-#{@release_version}.tar.gz" - @script = File.expand_path("dev/release/09-vote-email.sh") + @script = File.expand_path("dev/release/10-vote-email.sh") @tarball_script = File.expand_path("dev/release/utils-create-release-tarball.sh") @env = File.expand_path("dev/release/.env") diff --git a/dev/release/09-vote-email.sh b/dev/release/10-vote-email.sh similarity index 100% rename from dev/release/09-vote-email.sh rename to dev/release/10-vote-email.sh diff --git a/docs/source/developers/release.rst b/docs/source/developers/release.rst index 9c30ba59d994..fe5a969737f8 100644 --- a/docs/source/developers/release.rst +++ b/docs/source/developers/release.rst @@ -291,7 +291,7 @@ Verify the Release # Once the automatic verification has passed start the vote thread # on dev@arrow.apache.org. To regenerate the email template use - dev/release/09-vote-email.sh + dev/release/10-vote-email.sh See :ref:`release_verification` for details. From ac39888b3cc2b62e334c3a1eaab78880206f93c7 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Mon, 20 Apr 2026 08:51:28 -0700 Subject: [PATCH 21/22] remove step deleting unsigned dll --- dev/release/07-flightsqlodbc-upload.sh | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index a644fe0d7725..025b25b833cd 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -102,7 +102,7 @@ if [ -e "${tmp_dir}" ]; then fi if [ "${PHASE_SIGN_DLL}" -gt 0 ]; then - echo "[1/9] Downloading ${dll_unsigned} from release..." + echo "[1/8 Downloading ${dll_unsigned} from release..." gh release download "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ --pattern "${dll_unsigned}" \ @@ -112,7 +112,7 @@ if [ "${PHASE_SIGN_DLL}" -gt 0 ]; then exit 1 fi - echo "[2/9] Signing ${dll_unsigned}..." + echo "[2/8 Signing ${dll_unsigned}..." echo "NOTE: Running jsign. You may be prompted for your OTP PIN..." jsign --storetype ESIGNER \ --alias d97c5110-c66a-4c0c-ac0c-1cd6af812ee6 \ @@ -128,21 +128,15 @@ if [ "${PHASE_SIGN_DLL}" -gt 0 ]; then exit 1 fi - echo "[3/9] Uploading signed DLL to GitHub Release..." + echo "[3/8 Uploading signed DLL to GitHub Release..." gh release upload "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ --clobber \ "${tmp_dir}/${dll_signed}" - - echo "[4/9] Removing unsigned DLL from GitHub Release..." - gh release delete-asset "${tag}" \ - --repo "${GITHUB_REPOSITORY}" \ - --yes \ - "${dll_unsigned}" fi if [ "${PHASE_BUILD_MSI}" -gt 0 ]; then - echo "[5/9] Triggering odbc_release_step in cpp_extra.yml workflow..." + echo "[4/8 Triggering odbc_release_step in cpp_extra.yml workflow..." run_url=$(gh workflow run cpp_extra.yml \ --repo "${GITHUB_REPOSITORY}" \ --ref "${tag}" \ @@ -154,13 +148,13 @@ if [ "${PHASE_BUILD_MSI}" -gt 0 ]; then fi echo "Triggered run: ${run_url}" - echo "[6/9] Waiting for workflow to complete. This can take a very long time..." + echo "[5/8 Waiting for workflow to complete. This can take a very long time..." gh run watch "${run_id}" --repo "${GITHUB_REPOSITORY}" --exit-status --interval 60 echo "Run id ${run_id} completed." fi if [ "${PHASE_SIGN_MSI}" -gt 0 ]; then - echo "[7/9] Downloading unsigned MSI..." + echo "[6/8 Downloading unsigned MSI..." gh release download "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ --pattern "Apache-Arrow-Flight-SQL-ODBC-${version}-win64.msi" \ @@ -171,7 +165,7 @@ if [ "${PHASE_SIGN_MSI}" -gt 0 ]; then exit 1 fi - echo "[8/9] Signing MSI..." + echo "[7/8 Signing MSI..." echo "NOTE: Running jsign. You may be prompted for your OTP PIN..." jsign --storetype ESIGNER \ --alias d97c5110-c66a-4c0c-ac0c-1cd6af812ee6 \ @@ -186,7 +180,7 @@ if [ "${PHASE_SIGN_MSI}" -gt 0 ]; then exit 1 fi - echo "[9/9] Uploading signed MSI to GitHub Release..." + echo "[8/8 Uploading signed MSI to GitHub Release..." gh release upload "${tag}" \ --repo "${GITHUB_REPOSITORY}" \ --clobber \ From df22a8ef9f74bc9ead3036ca1866980aeff26c52 Mon Sep 17 00:00:00 2001 From: Bryce Mecum Date: Mon, 20 Apr 2026 09:07:50 -0700 Subject: [PATCH 22/22] Use watch-gh-workflow script --- dev/release/07-flightsqlodbc-upload.sh | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/dev/release/07-flightsqlodbc-upload.sh b/dev/release/07-flightsqlodbc-upload.sh index 025b25b833cd..c47b5076f9c0 100755 --- a/dev/release/07-flightsqlodbc-upload.sh +++ b/dev/release/07-flightsqlodbc-upload.sh @@ -137,20 +137,14 @@ fi if [ "${PHASE_BUILD_MSI}" -gt 0 ]; then echo "[4/8 Triggering odbc_release_step in cpp_extra.yml workflow..." - run_url=$(gh workflow run cpp_extra.yml \ + gh workflow run cpp_extra.yml \ --repo "${GITHUB_REPOSITORY}" \ --ref "${tag}" \ - --field odbc_release_step=true 2>&1 | grep -oE 'https://[^ ]+' || true) - run_id=${run_url##*/} # Extract the run ID from the URL (the part after the last slash) - if [ -z "${run_id}" ]; then - echo "ERROR: failed to get run ID from workflow trigger" >&2 - exit 1 - fi - echo "Triggered run: ${run_url}" + --field odbc_release_step=true echo "[5/8 Waiting for workflow to complete. This can take a very long time..." - gh run watch "${run_id}" --repo "${GITHUB_REPOSITORY}" --exit-status --interval 60 - echo "Run id ${run_id} completed." + REPOSITORY="${GITHUB_REPOSITORY}" \ + "${SOURCE_DIR}/utils-watch-gh-workflow.sh" "${tag}" cpp_extra.yml fi if [ "${PHASE_SIGN_MSI}" -gt 0 ]; then