Create CONTRIBUTING.md

[kiszk]

This PR addresses #270 by preparing CONTRIBUTING.md.

[kiszk]

The first commit is a springboard. I really appreciate any comments, questions, and updates from everyone.

[ericphanson]

It would be great if this could cover the answer to https://github.com/apache/arrow-julia/pull/267#issuecomment-1019308997 - often when folks contribute a fix or feature they are eager for a release so they can use it downstream.

How it used to work is that after most fixes or features (or on request), Arrow.jl would tag a release. This is done by increasing the version number, and asking the JuliaRegistrator bot to make a PR to the General registry of Julia packages, which would be automatically merged if certain checks passed, which would then write a comment on a “tagbot trigger issue” which would trigger the tagbot workflow to generate a git tag and GitHub release. (This process is somewhat convoluted to guarantee that releases are only made after registration is successful, and is standard in the Julia ecosystem). The only manual step in this process is to kick it off.

This process also requires the JuliaRegistrator bot is installed on this repository. If that is a big problem, one can use the web UI at juliahub.com (which is run by Julia Computing, not the open source community), or registration PRs can be manually (by hand or with the help of LocalRegistry.jl) made to the General registry, which will require manual merging by a registry maintainer (since such PRs won’t be eligible for automerge, at least at this time).

I am not very familiar with Apache’s release process but I am with the Julia ecosystem’s so let me know if anything is unclear or if I can help answer questions or otherwise try to facilitate.

[kou]

We can use JuliaRegistries/TagBot action because it's added to allow list: See #273 and the linked Jira issue for details.

We need a vote for each new release before we publish a new release. It requires the followings:

1. We need to create a source package such as arrow-julia-x.y.z.tar.gz for each release.
2. We need to sign the created source package.
3. (If we have binary packages, we also sign binary packages.)
4. We need to upload the created source package, (binary packages), sign and checksums to https://dist.apache.org/repos/dist/dev/arrow/ or https://apache.jfrog.io/ui/native/arrow/ for vote.
5. We need to at least 3 positive votes (+1) from PMC members (see https://arrow.apache.org/committers/ for the current PMC members) to pass the release vote.
6. Release votes SHOULD remain open for at least 72 hours. (This is for accepting votes from all time zones.)

See https://www.apache.org/legal/release-policy.html for details.

Notes:

1. We should prepare verification scripts to verify the release artifacts (source package, binary packages, sign and checksums) for voting by PMC members. e.g. https://github.com/apache/arrow-rs/blob/master/dev/release/verify-release-candidate.sh
2. It's better that Apache Arrow PMC has at least 3 members who work on Apache Arrow Julia for smooth vote in the future.

We can use the standard Julia package release process after a release vote is passed. (We also need to publish passed release artifacts in https://dist.apache.org/repos/dist/dev/arrow/ to https://dist.apache.org/repos/dist/release/arrow/ .)

Here are questions:

1. Do we build binary packages?
2. @ericphanson Are you interested in joining Apache Arrow PMC in the future?

[ericphanson]

Thanks for the helpful list and the link to the shell script. To answer your questions,

1. No, we don’t prepare binary packages. Julia works by JIT compiling the source at runtime via the julia binary, so we only distribute source code.

   For some more context, this distribution is usually done via Julia’s package manager; when we “register” the package, we supply the registry with a git-tree-sha of the source tree of the code being registered (this is automated), and the package manager Pkg.jl grabs that tree from the git repo and serves that to users. (Or more accurately, a “storage server” does the grabbing from GitHub or where ever the repo is hosted and stores the source code indefinitely, e.g. in case the original host goes down, and user-facing “package servers” sit in front and serve the code to users through Pkg.jl).

2. Sure, I would be interested in joining in the future.

[kou]

1. OK. Thanks for clarifying it.

2. Thanks. I can nominate you as a new committer and then a new PMC member after you work on apache/arrow-julia with the Apache way continuously. See also http://theapacheway.com/ for the Apache way.

   For example, preparing CONTRIBUTING.md is an important task for it because it helps new contributors to understand how to follow the Apache way. Could you help us complete this pull request? If you help, I can refer this pull request when I nominate you as a committer.

[quinnj]

We need a vote for each new release before we publish a new release. It requires the followings:

1. We need to create a source package such as arrow-julia-x.y.z.tar.gz for each release.
2. We need to sign the created source package.
3. (If we have binary packages, we also sign binary packages.)
4. We need to upload the created source package, (binary packages), sign and checksums to https://dist.apache.org/repos/dist/dev/arrow/ or https://apache.jfrog.io/ui/native/arrow/ for vote.
5. We need to at least 3 positive votes (+1) from PMC members (see https://arrow.apache.org/committers/ for the current PMC members) to pass the release vote.
6. Release votes SHOULD remain open for at least 72 hours. (This is for accepting votes from all time zones.)

See https://www.apache.org/legal/release-policy.html for details.

I'm going to open a separate issue so we can further discuss the logistics of new releases.

[quinnj]

Closing as stale