Skip to content

Drop release attestations for Jazzband upload #2209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 30, 2025
Merged

Drop release attestations for Jazzband upload #2209

merged 2 commits into from
Jul 30, 2025

Conversation

webknjaz
Copy link
Member

@webknjaz webknjaz commented Jul 30, 2025
edited
Loading

This patch cleans up the attestation files that the first pypi-publish invocation leaves on disk so that the following one would not attempt uploading them to the private package index of Jazzband as it might not support such uploads just yet.

Contributor checklist
  • Included tests for the changes.
  • A change note is created in changelog.d/ (see changelog.d/README.md for instructions) or the PR text says "no changelog needed".
Maintainer checklist
  • If no changelog is needed, apply the skip-changelog label.
  • Assign the PR to an existing or new milestone for the target version (following Semantic Versioning).

@webknjaz
Drop release attestations for Jazzband upload
05daad6 
This patch cleans up the attestation files that the first
`pypi-publish` invocation leaves on disk so that the following one
would not attempt uploading them to the private package index of
Jazzband as it might not support such uploads just yet.
@webknjaz webknjaz requested a review from sirosen July 30, 2025 13:17
@webknjaz webknjaz added the skip-changelog Avoid listing in changelog label Jul 30, 2025
@webknjaz webknjaz mentioned this pull request Jul 30, 2025
Open
@webknjaz webknjaz enabled auto-merge July 30, 2025 13:19
@webknjaz webknjaz removed the skip-changelog Avoid listing in changelog label Jul 30, 2025
sirosen
sirosen approved these changes Jul 30, 2025
View reviewed changes
Copy link
Member

@sirosen sirosen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

I'll want us to talk with Jannis to find out if we can help add (or confirm) attestation support, since this impacts other Jazzband projects. I see you already started that conversation elsewhere.

@webknjaz webknjaz added this pull request to the merge queue Jul 30, 2025
Merged via the queue into jazzband:main with commit 96ed4d2 Jul 30, 2025
41 checks passed
@webknjaz
Copy link
Member Author

I'm 99% sure it doesn't. I think it's not even devpi but a flask app or something like that.
Though, the thing is that internal validation in pypi-publish will fail if attestation files are on disk already. It's meant to be called from a dedicated job, not twice. This hack will unblock us. But maybe eventually, when I get to making a reusable workflow (and it's supported), we'll just migrate everything to that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sirosen sirosen sirosen approved these changes

Assignees
No one assigned
Labels
bot:chronographer:provided
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@webknjaz @sirosen