Open jaimergp opened 1 year ago
Update: conda-forge/artifact-validation is now archived. Need to update how validation is set up now.
Update 2: Artifact validation is currently disabled. Need to gather more context on why and whether having it back is a realistic assumption.
File clobbering: is the package producing files that belong to another package? This is reported as an issue
This probably will need #54 to provide easy file-ownership checks. Note that some packages do need to clobber others (e.g. different variants of the same interface like BLAS stuff), but usually there's metadata we can use to infer that kind of thing (run_constrained, common mutex, etc).
With the sqlite dumps in https://github.com/Quansight-Labs/conda-forge-paths we could now think of a setup where the validation action downloads the dump and queries it locally to see if there's clobbering or not, and warn if needed.
Primarily focused on performance and reliability.
π Summary
Improve the artifact verification and validation workflows as they are moved from
cf-staging
toconda-forge
.π Background
conda-forge feedstocks are repositories equipped with the build machinery provided by conda-smithy.
When a PR is merged to a feedstock branch, the resulting conda packages are not uploaded directly to conda-forge. They are first placed in a staging channel named
cf-staging
. The artifact validation bot hosted in a Heroku instance downloads the artifacts, runs some analysis and if successful, then they are copied to the actualconda-forge
channel.The analysis includes checks like:
Depending on the size of the package, this causes some strains on the already overworked Heroku dyno.
π Tasks / Deliverables
π Estimated completion
This task should be finished in the first 18 months.
βΉοΈ References
conda-forge/conda-forge-webservices
: the Heroku app deployed to run conda-forge admin commands and lintingconda-forge/artifact-validation
: code and workflows to validate conda-forge artifacts