Replies: 1 comment
-
@Xuanwo thanks for bringing up this important topic - I'm fully aligned with the goal here, and I want to employ the same setup for https://github.com/apache/hudi-rs Currently in hudi-rs, we have automated the package artifacts publishing via CI and by pushing I really like the setup that you have for GH discussions to sync with the dev email list. As a last step, can the announcement discussion be auto-created triggered by pushing the release tag? the content should be templated and using highlights from the changelog. |
Beta Was this translation helpful? Give feedback.
-
Hello everyone, I'm starting this thread to discuss whether it's possible to fully automate the OpenDAL release process.
Goal
For each release, the following steps are required:
The verification log will be saved and uploaded to the GitHub release as part of the release for future reference.
Implement
Most of the work will take place in CI, with details not elaborated here. Most of it is simply implementation.
To make this possible, we will need a dedicated SVN account to carry out the upload process on behalf of the OpenDAL community.
We will not depends on GPG key signing. Instead, we will integrate with sigstore and mechanism like Github Artifact Attestations to make sure the artifacts not changed.
gh
.All of this ensures we provide better guarantees than a simple GPG signature.
Context
Inspired by my post: What did ASF do wrong?.
The OpenDAL PMC is the first PMC to undertake such experimentation.
Beta Was this translation helpful? Give feedback.
All reactions