Skip to content

chore(release): first-release groundwork + prep for 0.1.0#712

Open
potiuk wants to merge 4 commits into
apache:mainfrom
potiuk:release/0.1.0-groundwork
Open

chore(release): first-release groundwork + prep for 0.1.0#712
potiuk wants to merge 4 commits into
apache:mainfrom
potiuk:release/0.1.0-groundwork

Conversation

@potiuk

@potiuk potiuk commented Jul 3, 2026

Copy link
Copy Markdown
Member

Stands up Magpie's release infrastructure and preps the first release
(0.1.0). Part of #531.

Magpie's own release config (new projects/magpie/)

Magpie self-adopts the framework but had no <project-config>/ of its
own; the release-* skills had nothing to read. Adds:

  • release-management-config.md — ATR distribution backend
    (pending PMC ratification), dev-list-vote, announce-list, 72h window.
  • release-build.md — source .zip is the release, sha512.
  • release-trains.md — 0.x train off main, RM for 0.1.0.
  • pmc-roster.md — founding PMC (binding-vote tallying).

Version + changelog

  • pyproject.toml / uv.lock: 0.0.0 → 0.1.0.
  • CHANGELOG.md: initial-release summary.

Notes

  • Backend is atr per the ATR runbook (docs(release-management): add ATR (Apache Trusted Releases) runbook #711); marked pending PMC
    ratification
    since ATR is alpha — flips to svnpubsub with no other
    change if preferred.
  • RM and version are PMC calls; set to Jarek / 0.1.0 as defaults.
  • TODOs left explicit: site repo, root .gitattributes.
  • Prep only — no tag/sign/upload. Next: release-keys-syncrelease-rc-cut.

Tester added 2 commits July 4, 2026 00:42
Stand up Magpie's release infrastructure and prep the first release
(0.1.0). Part of apache#531.

Magpie self-adopts the framework but had no <project-config> of its
own, so the release-* skills had nothing to read. Add projects/magpie/:
- release-management-config.md: ATR distribution backend (pending PMC
  ratification), dev-list-vote, announce-list, 72h vote window.
- release-build.md: source .zip is the release, sha512 only.
- release-trains.md: 0.x train off main, RM for 0.1.0.
- pmc-roster.md: founding PMC for binding-vote tallying.

Version + changelog:
- pyproject.toml / uv.lock: 0.0.0 -> 0.1.0.
- CHANGELOG.md: initial-release summary.

Prep only: no tag/sign/upload. Next steps are release-keys-sync then
release-rc-cut for 0.1.0-rc1.
…-build

Magpie ships no convenience binaries — the signed source artefact is the
only release artefact. Remove the optional PyPI sdist/wheel note.
@justinmclean

Copy link
Copy Markdown
Member

Running teh magpie review skill shows two findings are on live config the release-* skills read, not on the prep TODOs the PR already tracks. The rest are minor.

projects/magpie/pmc-roster.md:40 — major — The ## PMC members table ships | Name | Apache ID | only, dropping the Primary email column the tally skill resolves against. The framework template (projects/_template/pmc-roster.md) defines binding resolution as "(1) The From: address matches a row's Primary email exactly, or (2) ... @apache.org ... local part matches a row's Apache ID," and states verbatim: "Personal Gmail / corporate addresses MUST appear in Primary email to count." With no Primary email column, rule (1) can never fire, so a PMC member who replies +1 from a non-@apache.org address is silently tallied non-binding on the 0.1.0 vote. Add the Primary email (and Binding since) columns.

pyproject.toml:35 — minor — Version is bumped to 0.1.0 but the line above still reads description = "Reusable framework for handling security vulnerabilities in Apache projects.", contradicting the governance-agnostic framing this same PR ships in CHANGELOG.md. The first release's source artefact carries a description that mislabels the project. (Flagging under "Quality signals"; the line is in the touched hunk.)

projects/magpie/release-management-config.md:56 — minor — release_dist_backend = atr with atr_platform_url = https://release-test.apache.org/ selects the alpha ATR test host as the live default, while the framework template states "ATR is in alpha; until a PMC ratifies it, svnpubsub remains the ratified default." Self-flagged "pending PMC ratification" with a one-line switch back, but the shipped default is the un-ratified one. Consider defaulting to svnpubsub until the PMC vote.

projects/magpie/release-build.md:38 — minor — Unresolved TODO: add .gitattributes with the export-ignore set before the first RC. Without it, git archive includes .github/ and editor metadata in the signed source .zip; the criteria's "compiled artifacts / source-only" concern and RAT catch this only after the artefact is built, forcing an RC re-cut. Prep item, but worth resolving before release-rc-cut.

projects/magpie/release-management-config.md:132 — minor — site_repo/site_pr_files are left as TODO placeholders in a file the PR frames as "the live config ... not a scaffold." release-announce-draft reads site_repo; confirm it before the announce step.

Body-level note (no file:line anchor): the new docs lean heavily on em-dashes, which reads against AGENTS.md § "Writing and editing documentation" ("use em dashes sparingly"). Per the criteria's "When in doubt — defer" rule I'm flagging it for your eye, not as a hard finding.
No findings on license headers (all new .md files carry the SPDX Apache-2.0 header) or compiled artifacts (none added).

Tester added 2 commits July 4, 2026 02:05
Per @justinmclean's review of apache#712:

- pmc-roster.md (major): restore the Primary email + Binding since
  columns and the binding-resolution rules the release-vote-tally skill
  needs. Without Primary email, rule (1) never fires and a PMC member
  voting from a non-@apache.org address tallies non-binding. Add a note
  that personal/corporate addresses must be added before the vote.
- release-management-config.md: default release_dist_backend to
  svnpubsub (the ASF-ratified default) instead of the alpha ATR test
  host; ATR stays fully documented as the intended direction, switched
  in after a PMC ratification vote.
- pyproject.toml: fix the stale security-only description so the source
  artefact no longer mislabels the project.
- .gitattributes: add the export-ignore set so git archive drops
  CI/editor metadata from the signed source .zip (resolves the
  release-build.md prep TODO).

site_repo/site_pr_files remain TODO (site not yet stood up; only used
at the downstream announce step).
The mission statement repeated 'the creation and maintenance of software
related to'. Remove the duplication so the sentence reads once.
@potiuk

potiuk commented Jul 4, 2026

Copy link
Copy Markdown
Member Author

Thanks for running the review skill on this — all six addressed in the latest push.

  • pmc-roster.md (major) — Fixed. Restored the Primary email and Binding since columns and the full binding-resolution rules from the template, so rule (1) can fire. Primary email is set to each member's @apache.org address; I added an explicit note that anyone intending to vote from a personal/corporate address must have it added here before the 0.1.0 [VOTE], or their +1 tallies non-binding. Binding since is [resolution] pending the confirmed establishment date (informational only — not used for resolution).
  • release-management-config.md backend default — Good call; changed release_dist_backend to svnpubsub, the ASF-ratified default. ATR stays fully documented as the intended direction, with a one-line switch to atr after the PMC ratification vote. The alpha release-test.apache.org host is no longer the live default.
  • pyproject.toml description — Fixed; now "Reusable, governance-agnostic framework of agentic skills for maintaining open-source projects," matching the CHANGELOG framing.
  • .gitattributes export-ignore — Resolved rather than deferred: added a root .gitattributes with the export-ignore set (.github/, editor/CI metadata) so git archive drops them from the signed source .zip. release-build.md now links to it instead of carrying a TODO.
  • site_repo / site_pr_files — Left as TODO for now: the project site isn't stood up yet, so there's nothing accurate to point at. release-announce-draft only reads it at the far-downstream announce step; I'll fill it before then.
  • Em-dashes — Noted, thanks; trimmed where they were gratuitous and will keep an eye on AGENTS.md § "Writing and editing documentation" going forward.

Also fixed the doubled clause in the MISSION.md mission sentence in this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants