> Within the Apache Subversion project, have tooling[1] to assist an RM > with > pretty much all the steps of a release. From reading this thread, it > seems > like Royale's problem is getting RMs up to speed, so maybe it can be > solved > with additional build-side tooling? > > [1] https://svn.apache.org/repos/asf/subversion/trunk/tools/dist/
This doesn't solve Alex's problem of multiple complex Windows setups, near as I can tell. I believe this is why he is asking for a "single machine" that is set up perfectly for his needs. I believe virtualisation is the right answer to this, not a singleton machine that has all of the binaries on it for all projects' build tool chains. From prior experience I know how easy it is for project A to mess up project B's build tool chain. But I'm not sure there is a good answer for this other than "build your own Docker image and start your build inside of that." I realize a large % of ASF projects are Java, and it's easier to contain these things when you have a single, versioned runtime, but given the mention of .NET runtimes I think we have to consider the larger picture (which also contains our dilemma - a massive, complex build chain that can take DAYS to install and configure correctly by hand on Windows.) This of course is in addition to the ability for a project to create a commit using a bot. > Then make that git repo a local clone, hmm? > > If you're talking a public one, then what is the "ask" from Infra for this > repo? Every PMC can self-serve create git repositories as they need them. > So it would seem "do that", then you'd need to ask for some extra authz to > enable the bot for that one repository? And what is the mechanism to > prevent leakage of released code into that repository? Or, say, the bot > adjusting pom.xml to pull in malware from $bad ? Right now a PMC can't self-serve create a git repo that can *only* be written to by a single user (the bot's account), just ones that can be written to by all committers in their LDAP group. Perhaps we need the ability to create repos that are writable only by the PMCs. I can see other uses for this (like our couchdb-admin repo). I would trust a release repo of this sort that could be audited prior to release time, as well as if legal concerns arose. -Joan
