I would also like to make an additional point here which is that this is another important step in hopefully being able at some point in the future to use github actions CI to produce release artifacts rather than having to build on a local machine. Doing this currently does not satisfy ASF policy due to various contention points and mutable git tags happens to be one of them (i.e. triggering the CI with a git tag is problematic because of mutability since anyone can just delete/edit the git tag later on which means that it cannot be confidently used as a marking point for a release).
This improvement should alleviate this concern because of the reasons stated earlier. Note that there are other issues as well (i.e. Scala 3 cannot make reproducible builds, see vhttps:// github.com/lampepfl/dotty/issues/17330#issuecomment-1567996126) but the hope is that we will get to a point later down the line where doing a release this way (which is by far the standard/common way for Scala OS projects) is acceptable. On Fri, May 26, 2023 at 5:03 PM Matthew Benedict de Detrich < [email protected]> wrote: > I would like to report that thanks to asfinfra, github tag protection > rules (see > https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules) > has been setup which means git tags that are pushed to Pekko's github > repositories are now immutable as long as they follow our version pattern > (i.e. v.*.*.*). > > What is meant by immutable is that Pekko committers can push git tags > directly onto the Pekko github repositories but once a tag matching the > version pattern has been pushed, it cannot be edited or deleted unless you > are an admin (which in the context of Apache means asfinfra and would be > considered an exceptional circumstance). Below is a short snippet > demonstrating this > > <@incubator-pekko>-<⎇ main>-<*>-> git push upstream v0.0.0 > Enumerating objects: 1, done. > Counting objects: 100% (1/1), done. > Writing objects: 100% (1/1), 164 bytes | 164.00 KiB/s, done. > Total 1 (delta 0), reused 0 (delta 0), pack-reused 0 > To github.com:apache/incubator-pekko.git > * [new tag] v0.0.0 -> v0.0.0 > > <@incubator-pekko>-<⎇ main>-<*>-> git push --delete upstream v0.0.0 > remote: error: GH006: Protected tag update failed for refs/tags/v0.0.0. > remote: error: You're not authorized to delete a protected tag > To github.com:apache/incubator-pekko.git > ! [remote rejected] v0.0.0 (protected tag hook declined) > error: failed to push some refs to 'github.com:apache/incubator-pekko.git' > <@incubator-pekko>-<⎇ main>-<*>-1-> > > This feature is intended to be useful as part of the release process done > by release managers so that we can state with confidence that tags pointing > to a release are not altered. > > For more information see > https://issues.apache.org/jira/browse/INFRA-24644?focusedCommentId=17726630&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17726630 > and https://github.com/apache/incubator-pekko/issues/342 > > Regards > -- > > Matthew de Detrich > > *Aiven Deutschland GmbH* > > Immanuelkirchstraße 26, 10405 Berlin > > Amtsgericht Charlottenburg, HRB 209739 B > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > *m:* +491603708037 > > *w:* aiven.io *e:* [email protected] > -- Matthew de Detrich *Aiven Deutschland GmbH* Immanuelkirchstraße 26, 10405 Berlin Amtsgericht Charlottenburg, HRB 209739 B Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen *m:* +491603708037 *w:* aiven.io *e:* [email protected]
