Release 3.0

[mauritsvanrees]

I have released 3.0 on PyPI, but cannot push directly to master:

ERROR: exit code 1.
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: Changes must be made through a pull request. 6 of 6 required status checks are expected.
To github.com:zopefoundation/Products.PluggableAuthService.git
! [remote rejected] master -> master (protected branch hook declined)

[icemac]

Hi @mauritsvanrees, we are still experimenting. I now added you to "Branch protection rules" -> "Allow specified actors to bypass required pull requests" for master.

Please try whether this allows you to push your changes directly to master.

[mauritsvanrees]

No, it does not work yet:

$ git push
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: 6 of 6 required status checks are expected.
To github.com:zopefoundation/Products.PluggableAuthService.git
 ! [remote rejected] master -> master (protected branch hook declined)
error: failed to push some refs to 'github.com:zopefoundation/Products.PluggableAuthService.git'

Maybe it is the setting "Restrict who can push to matching branches".

Or maybe "Require status checks to pass before merging". This would match the error message I get. But then I wonder how GitHub would run these status checks; it would need to be on a commit that I have pushed, but that GitHub temporarily does not yet transmit to the master branch. And that starts sounding strange.

[dataflake]

Can you try again? There's a second setting further down the page that I just enabled.

[mauritsvanrees]

No, same error: "6 of 6 required status checks are expected."

Note that in this PR, those status checks are also still not being run. Ah, that would be because I automatically add [ci skip] to these commits. Let me amend my last commit on master and leave this out.

No, does not work either, still can't push.

Meanwhile I will amend this PR in the same way for good measure.

[dataflake]

The tests did run now at least

[mauritsvanrees]

I tried something else. According to this github blob post when editing a file in the browser, by default a new branch is created, but some people can opt to commit to master directly. I do not see this option:

There is something relatively new, called repository rules. Maybe that contains some more settings.

[dataflake]

I created a set of rules for that new repository rules setting, but it's not much different from the branch protection rules and I don't know how it interacts with them. Just as with the branch protection rules I have added the release-managers team, where you are a member, to the people/groups that can by pass the rules.

[mauritsvanrees]

That changed the error message, but it is still an error:

$ git push
Enumerating objects: 7, done.
Counting objects: 100% (7/7), done.
Delta compression using up to 16 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (4/4), 1.06 KiB | 1.06 MiB/s, done.
Total 4 (delta 2), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
remote: error: GH013: Repository rule violations found for refs/heads/master.
remote: Review all repository rules at http://github.com/zopefoundation/Products.PluggableAuthService/rules?ref=refs%2Fheads%2Fmaster
remote: 
remote: - 6 of 6 required status checks are expected.
remote: 
To github.com:zopefoundation/Products.PluggableAuthService.git
 ! [remote rejected] master -> master (push declined due to repository rule violations)
error: failed to push some refs to 'github.com:zopefoundation/Products.PluggableAuthService.git'

[dataflake]

I deleted the rule set, this makes no sense. The PR is fully tested and approved. You should be able to merge it without any issue. GH is broken.

[mauritsvanrees]

Thanks for trying. I do not see the logic either.

On a side note, could I ask one of you to release Products.CMFCore (support for 3.12) and Products.CMFUid (fix deprecation warning)? I don't have PyPI access. I could ask Eric Steele, but I expect he would get the same branch problems.

[dataflake]

What is your PyPI account?

[mauritsvanrees]

maurits

[dataflake]

I have added you to the "zope" organization on GitHub and also added CMFCore and CMFUid to it. That should give yyou rights to publish releases.

[mauritsvanrees]

Thanks! I have accepted the invitation on PyPI.

Upload fails though: "The user 'maurits' isn't allowed to upload to project 'Products.CMFCore'." Same for CMFUid, though I see both are in the organisation.

Maybe it just needs a little while. I will retry later.

[dataflake]

Unfortunately there's no usable documentation for PyPI organizations. I had added you as "Maintainer" at the organization level because that type of user can "Own/maintain specific projects". Apparently that does not automatically mean you're permitted to do anything on member projects.

I have now added a team "Release Managers" to the zope organization and then went to the settings for Products.CMFCore and Products.CMFUid to add that new team with the Maintainer role. So it looks like for anyone but organization owners they (or a team they're member of) must be added to each individual project, which kind of sucks. That's not what I expected.

I do know from experience that organization owners can automatically administer all projects within the organization. Matter of fact, when adding a project to the organization PyPI insists on removing my personal account from the project owner/maintainers because my access remains the same as organization owner.

[mauritsvanrees]

Now it works: I have released CMFCore and CMFUid to PyPI.

In the plone PyPI organisation we have no teams yet. The 5 persons in the organisation are all Owners. No one has complained yet, but I myself am mostly the one doing releases, and various other persons already had permissions on individual projects. We probably need a team at some point as well.