Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enforce reproducible releases ? #18

Open
jonenst opened this issue Mar 4, 2025 · 0 comments
Open

enforce reproducible releases ? #18

jonenst opened this issue Mar 4, 2025 · 0 comments

Comments

@jonenst
Copy link
Collaborator

jonenst commented Mar 4, 2025

Describe the current behavior

you can use any version of the workflow to create the release, for example the HEAD of the main branch at the time of the release. When the workflow has effects on the release (for example it could use command line paramaters to the build that change the release outputs), it means that if you try to recreate the release later, the HEAD of main may have changed and the workflow file doesn't build the same outputs anymore.

Describe the expected behavior

Maybe it's worth it to have the workflow ensure that it is possible later on to know which version of the workflow was used to make the release. An intuitive way to do that would be that the commit used to get the workflow is the one that is going to be released. The workflow could enforce that and refuse to release otherwise. Later on, when you want to recreate release X, you use the workflow from releaseX to do it.

Describe the motivation

reproducible releases

Extra Information

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonenst