Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0.29 release #31

Closed
agriyakhetarpal opened this issue Sep 17, 2024 · 9 comments
Closed

0.29 release #31

agriyakhetarpal opened this issue Sep 17, 2024 · 9 comments

Comments

@agriyakhetarpal
Copy link
Member

It would be great if we could tag a release soon, with these PRs:

Would you like to include #21, too, or leave that for another release, @ryanking13?

and we could resolve this issue, too, perhaps? It looks quite easy to do and would help the conda-forge folks serve better metadata.

I would probably leave out #14 for later, because it is slightly low priority for me to do (useful for some packages, but not a lot of packages)

I shall be available to help do the release – if it is needed of me to do so.

@ryanking13
Copy link
Member

Sure, let's release 0.29 after resolving your open PRs. #21 would take some time, so it doesn't need to be included.

@ryanking13
Copy link
Member

I shall be available to help do the release – if it is needed of me to do so.

Releasing pyodide-build is quite easy (it is a benefit of unvendoring things :) ); you just need to update the changelog, and create a tag. So feel free to make a release when it is ready.

@agriyakhetarpal
Copy link
Member Author

Awesome! I'll do it this week when I am ready. Thanks for the help in getting all those PRs merged!

@agriyakhetarpal
Copy link
Member Author

Also, would it be okay to switch to using GitHub Releases from tags, instead of just tags? This improves our security practices, because one needs permissions in the repository to create a GitHub Release instead of just being able to push a tag (side note: we should add some tag protection rules, if we haven't already). So, it would have the benefit of not triggering a PyPI release when a tag is pushed, so that we can use our trusted publishing better and make use of the GHA Attestations feature.

@ryanking13
Copy link
Member

Also, would it be okay to switch to using GitHub Releases from tags, instead of just tags?

Sure, fine with me.

agriyakhetarpal added a commit that referenced this issue Sep 19, 2024
## Description

In this PR:

- We shall now use GitHub Releases in favour of tags to create our
distribution artifacts
- The wheel build and push jobs have been moved to a separate workflow
- The GHA Artifact Attestations feature is used to verify build
provenance
- Additionally, the `check_integration_test.sh` trigger was moved to the
workflow file itself.

This is a slight rework of our workflow(s) ahead of the 0.29 release
planned in #31.
@agriyakhetarpal
Copy link
Member Author

agriyakhetarpal commented Sep 19, 2024

Tagged: https://github.com/pyodide/pyodide-build/releases/tag/v0.29.0
GHA release workflow run: https://github.com/pyodide/pyodide-build/actions/runs/10941566243

However, the upload failed – this is because I moved the publishing job(s) to another workflow file (they are now in a dedicated release.yml instead of main.yml). I don't have access to the project on PyPI, so could you re-add the trusted publishing configuration in the PyPI settings, @ryanking13? Alternatively, we can just rename the release workflow in the already present configuration. I've deleted the release for now, and will update the tag and release again once it is done.

@ryanking13
Copy link
Member

@agriyakhetarpal I updated workflow file name in PyPI Trusted Publisher Management. Could you try rereleasing the package?

@agriyakhetarpal
Copy link
Member Author

@agriyakhetarpal
Copy link
Member Author

Thanks for the speedy reviews! We can close this now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants