Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds details on how to run a manual file integrity check #1446

Merged
merged 4 commits into from Jun 15, 2022

Conversation

nickfloyd
Copy link
Contributor

@nickfloyd nickfloyd commented Jun 13, 2022

Adds details on how to check the files that are packed in the gem to help anyone who intends on releasing this make sure they are building and releasing this as intended.

This adds a script that is executed when the release or package scripts are run to naively check the permissions of the files in the gem - just as a safeguard.

Additionally, this adds parameters to script/release so that dry runs can be performed

Hopefully, we'll be able to automate this, but for now, if anyone tries to release from something like a code space, for instance, then the gem will be released with world writeable files. We need to make sure that this is verified before release.

RELEASE.md Outdated
1. Commit and push directly to master
1. Run the `script/release` script to cut a release
1. Draft a new release at https://github.com/octokit/octokit.rb/releases/new containing the curated changelog
2. Run the "File integrity check"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It feels like this would make more sense as a separate step, rather than a sub-step of updating the version. What do you think of doing it directly before running script/release?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure that sounds good.

RELEASE.md Outdated
Use the version from the build in the next commands

```
> tar -x -f octokit-#.##.#.gem
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be really nice to have a more automated way to do these checks recursively down the directory tree - but not essential for now.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. I made note of that in the details above and will sketch up an issue for it once done with the releases.

@nickfloyd nickfloyd requested a review from timrogers June 14, 2022 20:50
@nickfloyd nickfloyd merged commit 1c8edec into 4-stable Jun 15, 2022
@nickfloyd nickfloyd deleted the updates-release-steps-ic branch June 15, 2022 20:40
@nickfloyd nickfloyd added Type: Documentation Improvements or additions to documentation and removed docs-and-samples labels Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: Documentation Improvements or additions to documentation
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants