search

lidatong / dataclasses-json

Easily serialize Data Classes to and from JSON
MIT License
1.36k stars 153 forks source link

[BUG] PyPI release broken due to GH changes to env protection #477

Closed george-zubrienko closed 10 months ago

george-zubrienko commented 1 year ago

Description

We are now affected by this https://github.com/orgs/community/discussions/62991

Unfortunately contributors cannot do anything about this, we need urgent help from @lidatong. I'll try to reach by mail as well.

Code snippet that reproduces the issue

N/A

Failed run:

https://github.com/lidatong/dataclasses-json/actions/runs/6057466686

Describe the results you expected

PyPI release working

Python version you are using

N/A - CD problem

Environment description

N/A - CD problem

lidatong commented 1 year ago

Unfortunate.. I can manually publish the latest release

george-zubrienko commented 1 year ago

As I was told by their support, GH will provide a way to use protected tags for deployment some time around Sep 14. So once that comes, we should be able to update the env protection properly. I see two options before that happens:

lidatong commented 1 year ago

As I was told by their support, GH will provide a way to use protected tags for deployment some time around Sep 14. So once that comes, we should be able to update the env protection properly. I see two options before that happens:

  • manual publish
  • remove protection rule from env, as we still have the approval gate which prevents unauthorized publishing

thanks for the update. i'd rather just manual publish given the short timeline vs. removing the protection rule, for the sake of the security recommendations https://docs.pypi.org/trusted-publishers/security-model/

lidatong commented 1 year ago

https://pypi.org/project/dataclasses-json/0.6.0/

george-zubrienko commented 1 year ago

@lidatong you are the champion, thanks a lot! I have support ticket open with GH on this in our private org, so once we have the "Github Approved Way" of using protected tags for releases available, I'll update this issue and ping you again :)

idbentley commented 1 year ago

Hey @george-zubrienko , has there been any update to the "github way"? You mentioned that you had a meeting with them last week, how did it go?

george-zubrienko commented 1 year ago

Hey @george-zubrienko , has there been any update to the "github way"? You mentioned that you had a meeting with them last week, how did it go?

Feature that we need is expected to be available in October, check the roadmap: https://github.com/github/roadmap/issues/825

I'll circle back here once they release it.

idbentley commented 1 year ago

Oh I see. Is it possible at all to get a manual release in the meantime @lidatong - it would really help me out!

lidatong commented 1 year ago

done https://pypi.org/project/dataclasses-json/0.6.1/#history

idbentley commented 1 year ago

Thanks so much!

george-zubrienko commented 1 year ago

@idbentley Github support notified me the new functionality will be available Oct 6. We'll review how to use it and update the pipelines accordingly - should put us back on track with automated releases :)

george-zubrienko commented 12 months ago

@lidatong when you have time to update protection rules:

https://github.blog/changelog/2023-10-06-actions-secure-deployment-rollouts-to-protected-environments-based-on-select-tag-patterns/

Then we can finally close this one!

george-zubrienko commented 11 months ago

@lidatong any chance you can have a look at updating release protection rule? :)

lidatong commented 11 months ago

@lidatong any chance you can have a look at updating release protection rule? :)

sorry forgot to follow up on this. i just updated the protection rule to allow semver formatted tags

george-zubrienko commented 11 months ago

I'll try out on 0.6.2 release this week :)

george-zubrienko commented 10 months ago

All good - closing!