I was finally able to complete this PR after some deployment issues. The goal of this PR is to ensure we are more transparent in the way we build our binaries. To achieve this goal, we are now doing two things:
We use artifact certificates for each build thanks to GitHub Actions (documentation here) :lock: The certificates are uploaded to the server and can be verified using gh from GitHub. I didn't add the SHA256 as the certificate mechanism is stronger than the SHA256. Don't hesitate to tell me if you think it is a must to have!
It displays the commit when we build dune. It is easier for the user to check in the dune repository with the commit than with the git-describe version.
To simplify the usability, I have introduced a command line interface (simple one):
--with-certificates add a link with the certificates in the index.html file and an entry in the metada.json file.
-c | --commit <hash> allows us to specify a commit when the build was made. It also adds an entry in the metadata.json file.
Preview :paintbrush:
I have changed a bit of the CSS, but most of the diff comes from a preinstallation prettier.
The visual changes are:
a Verify paragraph with an explanation on how to verify the binary
a certificate | no certificate link next to each
a (commit: <hash>) mention next to every build date
Tracking
Apart from the compile time configuration to activate the feature from the developer preview by default, this is the last step before adding the banner to ocaml.org for the distribution preview website.
Summary :notebook:
I was finally able to complete this PR after some deployment issues. The goal of this PR is to ensure we are more transparent in the way we build our binaries. To achieve this goal, we are now doing two things:
gh
from GitHub. I didn't add theSHA256
as the certificate mechanism is stronger than theSHA256
. Don't hesitate to tell me if you think it is a must to have!dune
. It is easier for the user to check in thedune
repository with the commit than with thegit-describe
version.To simplify the usability, I have introduced a command line interface (simple one):
--with-certificates
add a link with the certificates in theindex.html
file and an entry in themetada.json
file.-c | --commit <hash>
allows us to specify a commit when the build was made. It also adds an entry in themetadata.json
file.Preview :paintbrush:
I have changed a bit of the CSS, but most of the diff comes from a preinstallation prettier.
The visual changes are:
Verify
paragraph with an explanation on how to verify the binarycertificate | no certificate
link next to each(commit: <hash>)
mention next to every build dateTracking
Apart from the compile time configuration to activate the feature from the developer preview by default, this is the last step before adding the banner to
ocaml.org
for the distribution preview website.Closes tarides/team-build-system#38