Closed Yabgu closed 6 months ago
We don't use a release pipeline at all right now, if you mean in the CI sense.
Can you please link to what you're referring to?
Of course, the topic of removing generated files from the repo is very much under discussion and we are likely to minimise them at the very least.
There's also the quite active topic of whether we move away from autotools entirely which would let us drop dist tarballs.
Moving away from autotools seems a great idea.
https://felipec.wordpress.com/2024/04/04/xz-backdoor-and-autotools-insanity/
It's a 1994 solution to 1980s problems, with complicated build scripts written in an arcane language. If you want to stick with makefiles, maybe try Eric S. Raymond's autodafe? https://gitlab.com/esr/autodafe/
Could release-pipeline and test-pipeline be separated? I mean release-pipeline should not be complicated or run any extra step, and test-pipeline should not release any artifact. Just to make easier to review release,
Also, maybe it is good to ban binary blobs. These blobs could be generated in the pipeline step or it should be mandatory to share steps to create these with the commit so it can be reviewed.