On Tuesday, 18 February 2020 01:41:19 PST Volker Hilsheimer wrote: > In a CI/CD pipeline that depends on 3rd party packages like Qt, it’s a good > idea to manage your own artefact/package repo, so that you have control > over the versions you are building and testing against - or at the very > least to become independent of 3rd party infrastructure that you have no > control over, but might block your build or deployment.
Agreed, but you do understand this is exactly what happened until now? With a full, offline installer whose checksum we could check against, we could always confirm the integrity before running the installer, then perform the installation unattended and without network access. I could tell my CI system to download this file and make it available during build, possibly with a local cache. First of all, I can't tell it to download. I don't mind creating an access token associated with my Qt account, but I need to have a simple way of downloading. Second, I can't perform the installation without network access because the only installer available is the online one. It will try to download, which is not acceptable under certain environments. It can't be properly cached. And I can't confirm that it is installing the same thing as it used to because I don't know what it will download. So the conclusion so far is that we should NOT USE the Qt binary installers at all. We should each download the sources, compile the sources and cache the artefacts in our own CI systems. I'm fine with that. I just need to figure out where the artefact storage for GitHub Actions is... -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development