CTTY commented on PR #2715: URL: https://github.com/apache/iceberg-rust/pull/2715#issuecomment-4873161416
I'm thinking that we should have release manager/maintainers trigger the pypi publish manually, or configure security_audit as a prerequisite of the publish workflow What usually happen in the release is: 1. Upload artifacts to apache dev repo 2. Push the new RC tag 3. Two CIs will be triggered: security_audit and publish 4. If security_audit failed, it won't fail publish, so we may end up publishing artifacts with security vulnerabilities Previously, since the auto-publish always fail due to reusable workflow issues (it's a feature, not a bug!), pypi publishing is always done manually, but after we inlining the pypi publish workflow, we may end up with 4. So I'm suggesting that we fix this in the current PR -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
