search

OpenAssetIO / OpenAssetIO

An open-source interoperability standard for tools and content management systems used in media production.
Apache License 2.0
288 stars 31 forks source link

Guard against running the PyPI release step in any inappropriate branches/repos. #704

Closed elliotcmorris closed 10 months ago

elliotcmorris commented 2 years ago

Currently, the only guard against accidentality releasing a PyPI build is whether or not the repo has the appropriate secret or not.

Since we've ran testPyPI uploads somewhat frequently, and since the GUIs for a fork and the main repo are identical lookin', it may be prudent to put some hard protection into the upload-to-pypi step in the github action, so it can only run on the true openassetio::main branch.

This isn't super vital, but given the general level of empty-headedness some members of the team have, it may be smart.

feltech commented 10 months ago

We think the presence/absence of the secret is a sufficient guard against this problem.