Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release failing #236

Closed
McHaillet opened this issue Nov 6, 2024 · 16 comments
Closed

release failing #236

McHaillet opened this issue Nov 6, 2024 · 16 comments

Comments

@McHaillet
Copy link
Collaborator

The release for 0.7.4 is failing. The logs mention some missing file.

Seems similar to what was reported here: pypa/gh-action-pypi-publish#291

@McHaillet
Copy link
Collaborator Author

@sroet that clearly was not the problem...

@McHaillet
Copy link
Collaborator Author

Is there a way to revert the commits on the main branch?

@sroet
Copy link
Collaborator

sroet commented Nov 11, 2024

Not easily, and it is fine for now. I will make an issue on their tracker

@McHaillet
Copy link
Collaborator Author

The action was updated to v1.12 last week: https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.12.0

Looking at the quirks in the release notes it mentions something about self-hosted runners. That does coincide with the timeframe when our release started failing. Maybe we should downgrade to v1.11 instead.

@McHaillet
Copy link
Collaborator Author

And report an issue

@sroet
Copy link
Collaborator

sroet commented Nov 11, 2024

yeah, let's pin to 1.11 until that issue has been resolved

@McHaillet
Copy link
Collaborator Author

Right, at least that fixed the part where the action docker file could not be found, however now this happens:

https://github.com/SBC-Utrecht/pytom-match-pick/actions/runs/11781022041/job/32812923743

Actually, I recall now that this what I initially had when I tried to release 0.7.4, but then I reran deployment and got the other error. So now I am fairly confused

@McHaillet
Copy link
Collaborator Author

OMG attestations are mentioned in the v1.11 update: https://github.com/SBC-Utrecht/pytom-match-pick/actions/runs/11781022041/job/32812923743

This is not really Okham's razor, but what I think might have happened is that I released 0.7.4 when the action was on v1.11 (while 0.7.3 was on v1.10), this caused the attestation problem that we see now. I did not immediately click redeploy and v1.12 might have come out in between the initial 0.7.4 deployment and the time I tried to rerun the workflow, hence we saw the second error. Alternatively, I might have gone crazy lol

@McHaillet
Copy link
Collaborator Author

Seems to have something to do with this: https://docs.pypi.org/attestations/producing-attestations/

Apparently we need to Trusted publishing to use attestations. Need to read into it more.

@McHaillet
Copy link
Collaborator Author

As a workaround we know use v1.11 while setting attestations to False, as in PR #240. We should upload attestations though.

@McHaillet
Copy link
Collaborator Author

I checked our project on pypi and the release is already registered as an OIDC workflow, hence it should be able to handle attestations. The documentations says that for request the temporary tokens are only active for 15 minutes (see here): perhaps the token request is made before the tutorial tests run (which takes ~2 hours) and therefore no longer available when the attestations are published?

@McHaillet
Copy link
Collaborator Author

The release workflow does trigger at the tagging/release of the new version according to the release overview, while it still had to wait until the tutorial tests were finished (it had the waiting icon for 2 hours).

@sroet
Copy link
Collaborator

sroet commented Nov 12, 2024

I checked our project on pypi and the release is already registered as an OIDC workflow, hence it should be able to handle attestations. The documentations says that for request the temporary tokens are only active for 15 minutes (see here): perhaps the token request is made before the tutorial tests run (which takes ~2 hours) and therefore no longer available when the attestations are published?

It only errors out at the real PyPI upload and not during testPyPI, so I don't think there is a time limit issue.

Looking at the error:

dist/pytom_match_pick-0.7.7-py3-none-any.whl.publish.attestation: ERROR    InvalidDistribution: Unknown distribution format

So I think it tries to check and upload the attestations that are created during testPyPI uploading, and it has no clue what to do with that file.
It should be as easy as removing that file after the test-upload to testpypi

@McHaillet
Copy link
Collaborator Author

So I think it tries to check and upload the attestations that are created during testPyPI uploading, and it has no clue what to do with that file. It should be as easy as removing that file after the test-upload to testpypi

Hmm, you're right, it would not explain the difference in the test-pypi and pypi workflows. It must be something like that.

@sroet
Copy link
Collaborator

sroet commented Nov 20, 2024

The release of 0.7.9 completed sucessfully (with provenance!) on the current v1 of pypi release action after #242 , will close this issue

@sroet sroet closed this as completed Nov 20, 2024
@McHaillet
Copy link
Collaborator Author

Really nice, also on digging up and fixing the pypa actions! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants