Conversation
scop
left a comment
scop
left a comment
There was a problem hiding this comment.
Thanks a lot for this! Have intended to do something about it for a long time but haven't gotten around to it. Left some comments.
| autoreconf -i | ||
| ./configure | ||
| make dist -j | ||
| sha256sum bash-completion-*.tar.* >sha256sums.txt |
There was a problem hiding this comment.
We could do away with the sha256sums.txt file, as GitHub natively provides the digests these days for release assets, and more thorough verification material is available through artifact attestations.
But we can also do that in a separate PR, no need to tackle it here to keep the amount of changes at bay.
| --volume $PWD:/usr/src/bash-completion | ||
| --workdir /usr/src/bash-completion | ||
| ghcr.io/scop/bash-completion/test:alpine | ||
| ./make-release.sh |
There was a problem hiding this comment.
One semantic difference to what we had before is that we now run the release even if distcheck has failed.
Functionally I'd prefer it the way it was -- maybe we could still upload the alpine distcheck tarball as an artifact and just use it here (with appropriate dependencies) without doing a separate build?
There was a problem hiding this comment.
How about just running make distcheck in make-release.sh as well? It will add a few minutes though.
We can get the artifact from the alpine distcheck, but it might get complicated since separate workflows need to specify the run-id
There was a problem hiding this comment.
I think that's good enough for now -- the alpine run takes ballpark 3 minutes and some seconds these days, which isn't that bad, and I don't think there's anything busywaiting for it at release time.
We can improve on it in future PR's if we figure something out. Let's add an appropriately placed related TODO comment though.
yedayak
force-pushed
the
separate-release
branch
from
bd2c3bc to
60645a8
Compare
This reduces the attack surface of the tests, since they no longer have any permissions to the repo. Also make the artifact upload conditional on a release being created, presumably it was a mistake before.
yedayak
force-pushed
the
separate-release
branch
from
60645a8 to
7345962
Compare
akinomyoga
left a comment
akinomyoga
left a comment
There was a problem hiding this comment.
I'm unfamiliar, so I don't have a particular opinion. Let me just approve this.
3 participants
This reduces the attack surface of the tests, since they no longer have any permissions to the repo.
Also make the artifact upload conditional on a release being created, presumably it was a mistake before.
I'm not sure about the
make-release.shname or location in the repo, feedback appreciated.I tested this in my fork and it seems to work as I expect it to