This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/sbp by this push:
new 3ac84a2 Change incontrovertible check results from failure to blocking
3ac84a2 is described below
commit 3ac84a2620979173359aa3221e5293aafb389d58
Author: Sean B. Palmer <[email protected]>
AuthorDate: Fri Feb 6 15:01:11 2026 +0000
Change incontrovertible check results from failure to blocking
---
atr/tasks/checks/hashing.py | 2 +-
atr/tasks/checks/license.py | 6 +++---
atr/tasks/checks/paths.py | 29 ++++++++++++++++++++---------
atr/tasks/checks/rat.py | 4 ++--
atr/tasks/checks/signature.py | 11 ++++++-----
5 files changed, 32 insertions(+), 20 deletions(-)
diff --git a/atr/tasks/checks/hashing.py b/atr/tasks/checks/hashing.py
index b7cb7c6..8007545 100644
--- a/atr/tasks/checks/hashing.py
+++ b/atr/tasks/checks/hashing.py
@@ -75,7 +75,7 @@ async def check(args: checks.FunctionArguments) ->
results.Results | None:
{"computed_hash": computed_hash, "expected_hash":
expected_hash},
)
else:
- await recorder.failure(
+ await recorder.blocking(
f"Hash ({algorithm}) mismatch",
{"computed_hash": computed_hash, "expected_hash":
expected_hash},
)
diff --git a/atr/tasks/checks/license.py b/atr/tasks/checks/license.py
index 2301c39..b715558 100644
--- a/atr/tasks/checks/license.py
+++ b/atr/tasks/checks/license.py
@@ -255,7 +255,7 @@ def _files_check_core_logic(artifact_path: str, is_podling:
bool) -> Iterator[Re
yield from _notice_results(notice_results)
if is_podling and (not disclaimer_found):
yield ArtifactResult(
- status=sql.CheckResultStatus.FAILURE,
+ status=sql.CheckResultStatus.BLOCKING,
message="No DISCLAIMER or DISCLAIMER-WIP file found",
data=None,
)
@@ -505,7 +505,7 @@ def _license_results(
license_files_size = len(license_results)
if license_files_size == 0:
yield ArtifactResult(
- status=sql.CheckResultStatus.FAILURE,
+ status=sql.CheckResultStatus.BLOCKING,
message="No LICENSE file found",
data=None,
)
@@ -551,7 +551,7 @@ def _notice_results(
notice_files_size = len(notice_results)
if notice_files_size == 0:
yield ArtifactResult(
- status=sql.CheckResultStatus.FAILURE,
+ status=sql.CheckResultStatus.BLOCKING,
message="No NOTICE file found",
data=None,
)
diff --git a/atr/tasks/checks/paths.py b/atr/tasks/checks/paths.py
index 98e96e8..b56f2e3 100644
--- a/atr/tasks/checks/paths.py
+++ b/atr/tasks/checks/paths.py
@@ -102,7 +102,12 @@ async def check(args: checks.FunctionArguments) ->
results.Results | None:
async def _check_artifact_rules(
- base_path: pathlib.Path, relative_path: pathlib.Path, relative_paths:
set[str], errors: list[str], is_podling: bool
+ base_path: pathlib.Path,
+ relative_path: pathlib.Path,
+ relative_paths: set[str],
+ errors: list[str],
+ blocking: list[str],
+ is_podling: bool,
) -> None:
"""Check rules specific to artifact files."""
full_path = base_path / relative_path
@@ -110,7 +115,7 @@ async def _check_artifact_rules(
# RDP says that .asc is required
asc_path = full_path.with_suffix(full_path.suffix + ".asc")
if not await aiofiles.os.path.exists(asc_path):
- errors.append(f"Missing corresponding signature file
({relative_path}.asc)")
+ blocking.append(f"Missing corresponding signature file
({relative_path}.asc)")
# RDP requires one of .sha256 or .sha512
relative_sha256_path = relative_path.with_suffix(relative_path.suffix +
".sha256")
@@ -118,13 +123,13 @@ async def _check_artifact_rules(
has_sha256 = str(relative_sha256_path) in relative_paths
has_sha512 = str(relative_sha512_path) in relative_paths
if not (has_sha256 or has_sha512):
- errors.append(f"Missing corresponding checksum file
({relative_path}.sha256 or {relative_path}.sha512)")
+ blocking.append(f"Missing corresponding checksum file
({relative_path}.sha256 or {relative_path}.sha512)")
# IP requires "incubating" in the filename
if is_podling is True:
# TODO: Allow "incubator" too as #114 requests?
if "incubating" not in full_path.name:
- errors.append("Podling artifact filenames must include
'incubating'")
+ blocking.append("Podling artifact filenames must include
'incubating'")
async def _check_metadata_rules(
@@ -133,6 +138,7 @@ async def _check_metadata_rules(
relative_paths: set[str],
ext_metadata: str,
errors: list[str],
+ blocking: list[str],
warnings: list[str],
) -> None:
"""Check rules specific to metadata files (.asc, .sha*, etc.)."""
@@ -140,7 +146,7 @@ async def _check_metadata_rules(
if ".md5" in suffixes:
# Forbidden by RCP, deprecated by RDP
- errors.append("The use of .md5 is forbidden, please use .sha512")
+ blocking.append("The use of .md5 is forbidden, please use .sha512")
if ".sha1" in suffixes:
# Deprecated by RDP
errors.append("The use of .sha1 is deprecated, please use .sha512")
@@ -149,7 +155,7 @@ async def _check_metadata_rules(
errors.append("The use of .sha is discouraged, please use .sha512")
if ".sig" in suffixes:
# Forbidden by RCP, forbidden by RDP
- errors.append("Binary signature files (.sig) are forbidden, please use
.asc")
+ blocking.append("Binary signature files (.sig) are forbidden, please
use .asc")
# "Signature and checksum files for verifying distributed artifacts should
# not be provided, unless named as indicated above." (RDP)
@@ -183,6 +189,7 @@ async def _check_path_process_single(
await asyncio.sleep(20)
errors: list[str] = []
+ blocking: list[str] = []
warnings: list[str] = []
# The Release Distribution Policy specifically allows README and CHANGES,
etc.
@@ -205,10 +212,10 @@ async def _check_path_process_single(
allowed_top_level = _ALLOWED_TOP_LEVEL
if ext_artifact:
log.info(f"Checking artifact rules for {full_path}")
- await _check_artifact_rules(base_path, relative_path, relative_paths,
errors, is_podling)
+ await _check_artifact_rules(base_path, relative_path, relative_paths,
errors, blocking, is_podling)
elif ext_metadata:
log.info(f"Checking metadata rules for {full_path}")
- await _check_metadata_rules(base_path, relative_path, relative_paths,
ext_metadata, errors, warnings)
+ await _check_metadata_rules(base_path, relative_path, relative_paths,
ext_metadata, errors, blocking, warnings)
else:
log.info(f"Checking general rules for {full_path}")
if (relative_path.parent == pathlib.Path(".")) and (relative_path.name
not in allowed_top_level):
@@ -220,6 +227,7 @@ async def _check_path_process_single(
recorder_success,
relative_path_str,
errors,
+ blocking,
warnings,
)
@@ -230,13 +238,16 @@ async def _record(
recorder_success: checks.Recorder,
relative_path_str: str,
errors: list[str],
+ blocking: list[str],
warnings: list[str],
) -> None:
for error in errors:
await recorder_errors.failure(error, {},
primary_rel_path=relative_path_str)
+ for item in blocking:
+ await recorder_errors.blocking(item, {},
primary_rel_path=relative_path_str)
for warning in warnings:
await recorder_warnings.warning(warning, {},
primary_rel_path=relative_path_str)
- if not (errors or warnings):
+ if not (errors or blocking or warnings):
await recorder_success.success(
"Path structure and naming conventions conform to policy", {},
primary_rel_path=relative_path_str
)
diff --git a/atr/tasks/checks/rat.py b/atr/tasks/checks/rat.py
index 3812157..1929ae4 100644
--- a/atr/tasks/checks/rat.py
+++ b/atr/tasks/checks/rat.py
@@ -167,9 +167,9 @@ async def _check_core(
# Record individual file failures before the overall result
for file in result.unknown_license_files:
- await recorder.failure("Unknown license", None,
member_rel_path=file.name)
+ await recorder.blocking("Unknown license", None,
member_rel_path=file.name)
for file in result.unapproved_files:
- await recorder.failure("Unapproved license", {"license":
file.license}, member_rel_path=file.name)
+ await recorder.blocking("Unapproved license", {"license":
file.license}, member_rel_path=file.name)
# Convert to dict for storage, excluding the file lists, which are already
recorded
result_data = result.model_dump(exclude={"unapproved_files",
"unknown_license_files"})
diff --git a/atr/tasks/checks/signature.py b/atr/tasks/checks/signature.py
index bc92e27..ab247b5 100644
--- a/atr/tasks/checks/signature.py
+++ b/atr/tasks/checks/signature.py
@@ -38,7 +38,7 @@ async def check(args: checks.FunctionArguments) ->
results.Results | None:
return None
if not (primary_rel_path := args.primary_rel_path):
- await recorder.failure("Primary relative path is required",
{"primary_rel_path": primary_rel_path})
+ await recorder.exception("Primary relative path is required",
{"primary_rel_path": primary_rel_path})
return None
artifact_rel_path = primary_rel_path.removesuffix(".asc")
@@ -47,7 +47,7 @@ async def check(args: checks.FunctionArguments) ->
results.Results | None:
committee_name = args.extra_args.get("committee_name")
if not isinstance(committee_name, str):
- await recorder.failure("Committee name is required",
{"committee_name": committee_name})
+ await recorder.exception("Committee name is required",
{"committee_name": committee_name})
return None
log.info(
@@ -62,15 +62,16 @@ async def check(args: checks.FunctionArguments) ->
results.Results | None:
signature_path=str(primary_abs_path),
)
if result_data.get("error"):
- await recorder.failure(result_data["error"], result_data)
+ # TODO: This should perhaps be a failure
+ await recorder.blocking(result_data["error"], result_data)
elif result_data.get("verified"):
await recorder.success("Signature verified successfully",
result_data)
else:
# Shouldn't happen
- await recorder.failure("Signature verification failed for unknown
reasons", result_data)
+ await recorder.exception("Signature verification failed for
unknown reasons", result_data)
except Exception as e:
- await recorder.failure("Error during signature check execution",
{"error": str(e)})
+ await recorder.exception("Error during signature check execution",
{"error": str(e)})
return None
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
