Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't gpg-sign PyPI uploads in our release process. #19287

Merged
merged 1 commit into from
Jun 11, 2023
Merged

Don't gpg-sign PyPI uploads in our release process. #19287

merged 1 commit into from
Jun 11, 2023

Conversation

benjyw
Copy link
Contributor

@benjyw benjyw commented Jun 10, 2023

As of 5/23/2023 PyPI ignores these signatures, and the
releaser gets an email saying as much.

See here for details:
https://blog.pypi.org/posts/2023-05-23-removing-pgp/

Also:

  • Don't attempt to run the release pex for validation, as it only
    runs on x86_64 (at least currently), so that validation fails on
    Apple Silicon machines, which are increasingly commonly used by releasers.
  • Remove unused expected owners/maintainers lists.
  • Some tweaks to the release instructions.

@benjyw
Don't gpg-sign PyPI uploads in our release process.
5c4a0e7 
As of 5/23/2023 PyPI ignores these signatures, and
the releaser gets an email saying as much.

See here for details: https://blog.pypi.org/posts/2023-05-23-removing-pgp/

Also:
- Don't attempt to run the release pex for validation, as it only runs on
  x86_64 (at least currently), so that validation fails on Apple Silicon
  machines, which are increasingly commonly used by releasers.
- Some tweaks to the release instructions.
@benjyw benjyw added the category:internal CI, fixes for not-yet-released features, etc. label Jun 10, 2023
@benjyw benjyw requested review from stuhood and Eric-Arellano June 10, 2023 00:32
Eric-Arellano
Eric-Arellano approved these changes Jun 10, 2023
View reviewed changes
Copy link
Contributor

@Eric-Arellano Eric-Arellano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

docs/markdown/Contributions/releases/release-process.md
@@ -94,7 +94,7 @@ Update the release page in `src/python/pants/notes` for this release series, e.g

Run `git fetch --all --tags` to be sure you have the latest release tags available locally.

From the `main` branch, run `pants run build-support/bin/changelog.py -- --prior 2.9.0.dev0 --new 2.9.0.dev1` with the relevant versions.
From the `main` branch, run `./pants run build-support/bin/changelog.py -- --prior 2.9.0.dev0 --new 2.9.0.dev1` with the relevant versions.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this change?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think ./pants is still the officially sanctioned way to run Pants in the pantsbuild repo.

@benjyw benjyw merged commit 42c7d16 into pantsbuild:main Jun 11, 2023
@benjyw benjyw deleted the no_gpg_signing_for_pypi branch June 11, 2023 00:25
@Eric-Arellano Eric-Arellano mentioned this pull request Jun 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Eric-Arellano Eric-Arellano Eric-Arellano approved these changes

@stuhood stuhood Awaiting requested review from stuhood

Assignees
No one assigned
Labels
category:internal CI, fixes for not-yet-released features, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benjyw @Eric-Arellano