I was finally able to complete this PR after some deployment issues. The goal of this PR is to ensure we are more transparent in the way we build our binaries. To achieve this goal, we are now doing two things:
We use artifact certificates for each build thanks to GitHub Actions (documentation here) :lock: The certificates are uploaded to the server and can be verified using gh from GitHub. I didn't add the SHA256 as the certificate mechanism is stronger than the SHA256. Don't hesitate to tell me if you think it is a must to have!
It displays the commit when we build dune. It is easier for the user to check in the dune repository with the commit than with the git-describe version.
To simplify the usability, I have introduced a command line interface (simple one):
--with-certificates add a link with the certificates in the index.html file and an entry in the metada.json file.
-c | --commit <hash> allows us to specify a commit when the build was made. It also adds an entry in the metadata.json file.
Preview :paintbrush:
I have changed a bit of the CSS, but most of the diff comes from a preinstallation prettier.
The visual changes are:
a Verify paragraph with an explanation on how to verify the binary
a certificate | no certificate link next to each
a (commit: <hash>) mention next to every build date
Tracking
Apart from the compile time configuration to activate the feature from the developer preview by default, this is the last step before adding the banner to ocaml.org for the distribution preview website.
Summary :notebook:
I was finally able to complete this PR after some deployment issues. The goal of this PR is to ensure we are more transparent in the way we build our binaries. To achieve this goal, we are now doing two things:
ghfrom GitHub. I didn't add theSHA256as the certificate mechanism is stronger than theSHA256. Don't hesitate to tell me if you think it is a must to have!dune. It is easier for the user to check in thedunerepository with the commit than with thegit-describeversion.To simplify the usability, I have introduced a command line interface (simple one):
--with-certificatesadd a link with the certificates in theindex.htmlfile and an entry in themetada.jsonfile.-c | --commit <hash>allows us to specify a commit when the build was made. It also adds an entry in themetadata.jsonfile.Preview :paintbrush:
I have changed a bit of the CSS, but most of the diff comes from a preinstallation prettier.
The visual changes are:
Verifyparagraph with an explanation on how to verify the binarycertificate | no certificatelink next to each(commit: <hash>)mention next to every build dateTracking
Apart from the compile time configuration to activate the feature from the developer preview by default, this is the last step before adding the banner to
ocaml.orgfor the distribution preview website.Closes tarides/team-build-system#38