Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add GitHub artifact attestations for releases #21953

Merged
merged 7 commits into from
Feb 17, 2025
Merged

add GitHub artifact attestations for releases #21953

merged 7 commits into from
Feb 17, 2025

Conversation

tdyas
Copy link
Contributor

@tdyas tdyas commented Feb 13, 2025

Add GitHub release attestations using the https://github.com/actions/attest-build-provenance/ action.

@tdyas tdyas added category:internal CI, fixes for not-yet-released features, etc. release-notes:not-required PR doesn't require mention in release notes labels Feb 13, 2025
@tdyas tdyas requested review from benjyw and huonw February 13, 2025 00:07
@benjyw benjyw mentioned this pull request Feb 13, 2025
Open
benjyw
benjyw approved these changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@benjyw benjyw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great! Just one comment.

src/python/pants_release/generate_github_workflows.py Outdated Show resolved Hide resolved
@tdyas
Copy link
Contributor Author

tdyas commented Feb 13, 2025

Note: I commented out some of the "release only" checks on the attestation steps so I can verify the attestations work. Those "release only" conditions will be uncommented again before landing this.

@tdyas
Copy link
Contributor Author

tdyas commented Feb 13, 2025

I'm probably going to need to put the updated workflow on pantsbuild repo so I can manually trigger the release workflow.

huonw
huonw approved these changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@huonw huonw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

It'd be fine from my perspective to just use .dev releases to iterate on this (i.e. land it and do a release to validate... iterating "in prod") 😄 up to you!

@tdyas
Copy link
Contributor Author

tdyas commented Feb 17, 2025

It'd be fine from my perspective to just use .dev releases to iterate on this (i.e. land it and do a release to validate... iterating "in prod") 😄 up to you!

Good idea. Will iterate with dev releases as suggested. I was trying to avoid that since the "proper" way in my mind was to test it in such a way that there is no real release, but that requires lots more plumbing to accomplish in our current workflow.

@tdyas
Copy link
Contributor Author

tdyas commented Feb 17, 2025

I configured continue-on-error: true for the attestation steps so we don't block releases while debugging the attestation workflow.

@tdyas tdyas merged commit 4e3f86f into pantsbuild:main Feb 17, 2025
24 checks passed
@tdyas tdyas mentioned this pull request Feb 17, 2025
Merged
tdyas added a commit that referenced this pull request Feb 18, 2025
@tdyas
fix the release process (#21966)
0278724 
Fix the release process which broke with introduction of the attestation
workflow in #21953 due to me not
properly moving the artifact rename logic entirely.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benjyw benjyw benjyw approved these changes

@huonw huonw huonw approved these changes

Assignees
No one assigned
Labels
category:internal CI, fixes for not-yet-released features, etc. release-notes:not-required PR doesn't require mention in release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tdyas @benjyw @huonw