rust/lancedb
1
0
Fork 0
mirror of https://github.com/lancedb/lancedb.git synced 2026-05-14 02:20:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,470 Commits 187 Branches 459 Tags
5338aeb0069a3abb380f60c6b602e806e51735ed
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Octopus 5338aeb006 ci: avoid passing GPG passphrase on command line in Java publish workflow (#3313) 
Fixes #3299

## Problem

Two security issues exist in `.github/workflows/java-publish.yml`:

1. **`gpg-passphrase` input is misused**: `actions/setup-java`'s
`gpg-passphrase` input expects the **name** of an environment variable
(default: `GPG_PASSPHRASE`), not the secret value itself. The previous
value `${{ secrets.GPG_PASSPHRASE }}` was setting the env var name to
the actual secret, which is incorrect.

2. **Passphrase visible on the command line**: `-Dgpg.passphrase=${{
secrets.GPG_PASSPHRASE }}` passes the GPG passphrase as a Maven system
property argument, making it visible in process listings and potentially
echoed in debug logs — a supply-chain security risk for release
workflows.

## Solution

- Fix `gpg-passphrase: MAVEN_GPG_PASSPHRASE` — use the correct env var
name so `actions/setup-java` generates a proper Maven `settings.xml`
entry that reads from `MAVEN_GPG_PASSPHRASE`.
- Remove `-Dgpg.passphrase=...` from the Maven CLI invocation.
- Add `MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}` to the
`env:` block of the Publish step, so the passphrase is available as an
environment variable rather than a CLI argument.

## Testing

The Java publish workflow only runs on tag pushes, so this cannot be
exercised in a PR build. The logic change is straightforward:
`actions/setup-java` is documented to write a `settings.xml` that reads
`<gpg.passphrase>` from the named env var, and `maven-gpg-plugin` picks
it up from there without any CLI argument.

Co-authored-by: octo-patch <octo-patch@github.com>
2026-05-07 08:45:27 -07:00
.cargo
chore: clippy::string_to_string has been replaced by implicit_clone (#2817)
2025-11-26 16:30:35 +08:00
.github
ci: avoid passing GPG passphrase on command line in Java publish workflow (#3313)
2026-05-07 08:45:27 -07:00
ci
ci: modify check_lance_release.py to prefer stable releases over betas (#3146)
2026-03-17 09:21:30 -07:00
dockerfiles
refactor(python): remove legacy tantivy FTS support (#3282)
2026-04-20 09:28:45 +08:00
docs
Bump version: 0.28.0-beta.10 → 0.28.0-beta.11
2026-04-29 17:53:49 +00:00
java
chore: update lance dependency to v7.0.0-beta.4 (#3348)
2026-05-05 18:36:39 -07:00
nodejs
fix(node): remove redundant postbuild:release script to fix build failure (#3285)
2026-05-04 09:37:18 -07:00
python
feat(python): make Permutation fork-safe for PyTorch DataLoader workers (#3339)
2026-05-05 13:44:10 -07:00
rust
chore: update lance dependency to v7.0.0-beta.4 (#3348)
2026-05-05 18:36:39 -07:00
.bumpversion.toml
Bump version: 0.28.0-beta.10 → 0.28.0-beta.11
2026-04-29 17:53:49 +00:00
.gitignore
feat: bump lance version to 0.40-0-beta.2 (#2772)
2025-11-10 14:36:37 -08:00
.pre-commit-config.yaml
fix(python): typing (#2167)
2025-03-10 09:01:23 -07:00
about.hbs
feat: add third party licenses lists (#3010)
2026-02-09 16:16:46 -08:00
about.toml
feat: add third party licenses lists (#3010)
2026-02-09 16:16:46 -08:00
AGENTS.md
ci: add agents and add reviewing instructions (#2754)
2025-10-29 17:28:26 -07:00
Cargo.lock
chore: update lance dependency to v7.0.0-beta.4 (#3348)
2026-05-05 18:36:39 -07:00
Cargo.toml
chore: update lance dependency to v7.0.0-beta.4 (#3348)
2026-05-05 18:36:39 -07:00
CLAUDE.md
ci: add agents and add reviewing instructions (#2754)
2025-10-29 17:28:26 -07:00
CONTRIBUTING.md
docs: contributing guide (#1970)
2025-01-07 15:11:16 -08:00
deny.toml
fix: address RUSTSEC-2026-0104 cargo-deny advisory (#3326)
2026-04-27 17:56:10 -07:00
docker-compose.yml
fix(ci): upgrade LocalStack to 4.0 for S3 integration tests (#3147)
2026-03-16 09:02:11 -07:00
LICENSE
initial commit
2023-03-17 18:15:19 -07:00
Makefile
feat: add third party licenses lists (#3010)
2026-02-09 16:16:46 -08:00
pyright_report.csv
fix(python): typing (#2167)
2025-03-10 09:01:23 -07:00
README.md
docs: fix broken documentation links (#3278)
2026-04-15 20:56:59 +08:00
release_process.md
ci: enable java auto release (#1602)
2024-09-19 10:51:03 -07:00
RUST_THIRD_PARTY_LICENSES.html
feat: add third party licenses lists (#3010)
2026-02-09 16:16:46 -08:00
rust-toolchain.toml
chore: bump Rust toolchain from 1.91.0 to 1.94.0 (#3257)
2026-04-10 07:57:47 -07:00

README.md

LanceDB Cloud Public Beta

LanceDB Website Blog Discord Twitter LinkedIn

LanceDB

The Multimodal AI Lakehouse

How to Install Detailed DocumentationTutorials and RecipesContributors

The ultimate multimodal data platform for AI/ML applications.

LanceDB is designed for fast, scalable, and production-ready vector search. It is built on top of the Lance columnar format. You can store, index, and search over petabytes of multimodal data and vectors with ease. LanceDB is a central location where developers can build, train and analyze their AI workloads.


Demo: Multimodal Search by Keyword, Vector or with SQL

LanceDB Multimodal Search

Star LanceDB to get updates!

Click here to see how fast we're growing!

Key Features:

  • Fast Vector Search: Search billions of vectors in milliseconds with state-of-the-art indexing.
  • Comprehensive Search: Support for vector similarity search, full-text search and SQL.
  • Multimodal Support: Store, query and filter vectors, metadata and multimodal data (text, images, videos, point clouds, and more).
  • Advanced Features: Zero-copy, automatic versioning, manage versions of your data without needing extra infrastructure. GPU support in building vector index.

Products:

  • Open Source & Local: 100% open source, runs locally or in your cloud. No vendor lock-in.
  • Cloud and Enterprise: Production-scale vector search with no servers to manage. Complete data sovereignty and security.

Ecosystem:

  • Columnar Storage: Built on the Lance columnar format for efficient storage and analytics.
  • Seamless Integration: Python, Node.js, Rust, and REST APIs for easy integration. Native Python and Javascript/Typescript support.
  • Rich Ecosystem: Integrations with LangChain 🦜🔗, LlamaIndex 🦙, Apache-Arrow, Pandas, Polars, DuckDB and more on the way.

How to Install:

Follow the Quickstart doc to set up LanceDB locally.

API & SDK: We also support Python, Typescript and Rust SDKs

Interface Documentation
Python SDK https://lancedb.github.io/lancedb/python/python/
Typescript SDK https://lancedb.github.io/lancedb/js/globals/
Rust SDK https://docs.rs/lancedb/latest/lancedb/index.html
REST API https://docs.lancedb.com/api-reference/rest

Join Us and Contribute

We welcome contributions from everyone! Whether you're a developer, researcher, or just someone who wants to help out.

If you have any suggestions or feature requests, please feel free to open an issue on GitHub or discuss it on our Discord server.

Check out the GitHub Issues if you would like to work on the features that are planned for the future. If you have any suggestions or feature requests, please feel free to open an issue on GitHub.

Contributors

Stay in Touch With Us


Website Blog Discord Twitter LinkedIn

Description
Developer-friendly OSS embedded retrieval library for multimodal AI. Search More; Manage Less.
approximate-nearest-neighbor-searchimage-searchnearest-neighbor-searchrecommender-systemsearch-enginesemantic-searchsimilarity-searchvector-database
Readme Apache-2.0 74 MiB
Languages
HTML 39.8%
Rust 28.9%
Python 23.1%
TypeScript 7.7%
Shell 0.3%
Other 0.1%