Hi, The requirement on building locally is more than implanting mutable tags and reproducible builds, although they are worthy things to consider/implement. Please see [1]
Kind Regards, Justin 1. https://www.apache.org/legal/release-policy.html#owned-controlled-hardware > On 30 May 2023, at 6:33 pm, Matthew Benedict de Detrich > <[email protected]> wrote: > > I would also like to make an additional point here which is that this is > another important step in hopefully being able at some point in the future > to use github actions CI to produce release artifacts rather than having to > build on a local machine. Doing this currently does not satisfy ASF policy > due to various contention points and mutable git tags happens to be one of > them (i.e. triggering the CI with a git tag is problematic because of > mutability since anyone can just delete/edit the git tag later on which > means that it cannot be confidently used as a marking point for a release). > > This improvement should alleviate this concern because of the reasons > stated earlier. Note that there are other issues as well (i.e. Scala 3 > cannot make reproducible builds, see vhttps:// > github.com/lampepfl/dotty/issues/17330#issuecomment-1567996126) but the > hope is that we will get to a point later down the line where doing a > release this way (which is by far the standard/common way for Scala OS > projects) is acceptable. > > On Fri, May 26, 2023 at 5:03 PM Matthew Benedict de Detrich < > [email protected]> wrote: > >> I would like to report that thanks to asfinfra, github tag protection >> rules (see >> https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules) >> has been setup which means git tags that are pushed to Pekko's github >> repositories are now immutable as long as they follow our version pattern >> (i.e. v.*.*.*). >> >> What is meant by immutable is that Pekko committers can push git tags >> directly onto the Pekko github repositories but once a tag matching the >> version pattern has been pushed, it cannot be edited or deleted unless you >> are an admin (which in the context of Apache means asfinfra and would be >> considered an exceptional circumstance). Below is a short snippet >> demonstrating this >> >> <@incubator-pekko>-<⎇ main>-<*>-> git push upstream v0.0.0 >> Enumerating objects: 1, done. >> Counting objects: 100% (1/1), done. >> Writing objects: 100% (1/1), 164 bytes | 164.00 KiB/s, done. >> Total 1 (delta 0), reused 0 (delta 0), pack-reused 0 >> To github.com:apache/incubator-pekko.git >> * [new tag] v0.0.0 -> v0.0.0 >> >> <@incubator-pekko>-<⎇ main>-<*>-> git push --delete upstream v0.0.0 >> remote: error: GH006: Protected tag update failed for refs/tags/v0.0.0. >> remote: error: You're not authorized to delete a protected tag >> To github.com:apache/incubator-pekko.git >> ! [remote rejected] v0.0.0 (protected tag hook declined) >> error: failed to push some refs to 'github.com:apache/incubator-pekko.git' >> <@incubator-pekko>-<⎇ main>-<*>-1-> >> >> This feature is intended to be useful as part of the release process done >> by release managers so that we can state with confidence that tags pointing >> to a release are not altered. >> >> For more information see >> https://issues.apache.org/jira/browse/INFRA-24644?focusedCommentId=17726630&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17726630 >> and https://github.com/apache/incubator-pekko/issues/342 >> >> Regards >> -- >> >> Matthew de Detrich >> >> *Aiven Deutschland GmbH* >> >> Immanuelkirchstraße 26, 10405 Berlin >> >> Amtsgericht Charlottenburg, HRB 209739 B >> >> Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen >> >> *m:* +491603708037 >> >> *w:* aiven.io *e:* [email protected] >> > > > -- > > Matthew de Detrich > > *Aiven Deutschland GmbH* > > Immanuelkirchstraße 26, 10405 Berlin > > Amtsgericht Charlottenburg, HRB 209739 B > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > *m:* +491603708037 > > *w:* aiven.io *e:* [email protected]
