chore(release): first-release groundwork + prep for 0.1.0#712
Conversation
Stand up Magpie's release infrastructure and prep the first release (0.1.0). Part of apache#531. Magpie self-adopts the framework but had no <project-config> of its own, so the release-* skills had nothing to read. Add projects/magpie/: - release-management-config.md: ATR distribution backend (pending PMC ratification), dev-list-vote, announce-list, 72h vote window. - release-build.md: source .zip is the release, sha512 only. - release-trains.md: 0.x train off main, RM for 0.1.0. - pmc-roster.md: founding PMC for binding-vote tallying. Version + changelog: - pyproject.toml / uv.lock: 0.0.0 -> 0.1.0. - CHANGELOG.md: initial-release summary. Prep only: no tag/sign/upload. Next steps are release-keys-sync then release-rc-cut for 0.1.0-rc1.
…-build Magpie ships no convenience binaries — the signed source artefact is the only release artefact. Remove the optional PyPI sdist/wheel note.
|
Running teh magpie review skill shows two findings are on live config the release-* skills read, not on the prep TODOs the PR already tracks. The rest are minor. projects/magpie/pmc-roster.md:40 — major — The ## PMC members table ships | Name | Apache ID | only, dropping the Primary email column the tally skill resolves against. The framework template (projects/_template/pmc-roster.md) defines binding resolution as "(1) The From: address matches a row's Primary email exactly, or (2) ... @apache.org ... local part matches a row's Apache ID," and states verbatim: "Personal Gmail / corporate addresses MUST appear in Primary email to count." With no Primary email column, rule (1) can never fire, so a PMC member who replies +1 from a non-@apache.org address is silently tallied non-binding on the 0.1.0 vote. Add the Primary email (and Binding since) columns. pyproject.toml:35 — minor — Version is bumped to 0.1.0 but the line above still reads description = "Reusable framework for handling security vulnerabilities in Apache projects.", contradicting the governance-agnostic framing this same PR ships in CHANGELOG.md. The first release's source artefact carries a description that mislabels the project. (Flagging under "Quality signals"; the line is in the touched hunk.) projects/magpie/release-management-config.md:56 — minor — release_dist_backend = atr with atr_platform_url = https://release-test.apache.org/ selects the alpha ATR test host as the live default, while the framework template states "ATR is in alpha; until a PMC ratifies it, svnpubsub remains the ratified default." Self-flagged "pending PMC ratification" with a one-line switch back, but the shipped default is the un-ratified one. Consider defaulting to svnpubsub until the PMC vote. projects/magpie/release-build.md:38 — minor — Unresolved TODO: add .gitattributes with the export-ignore set before the first RC. Without it, git archive includes .github/ and editor metadata in the signed source .zip; the criteria's "compiled artifacts / source-only" concern and RAT catch this only after the artefact is built, forcing an RC re-cut. Prep item, but worth resolving before release-rc-cut. projects/magpie/release-management-config.md:132 — minor — site_repo/site_pr_files are left as TODO placeholders in a file the PR frames as "the live config ... not a scaffold." release-announce-draft reads site_repo; confirm it before the announce step. Body-level note (no file:line anchor): the new docs lean heavily on em-dashes, which reads against AGENTS.md § "Writing and editing documentation" ("use em dashes sparingly"). Per the criteria's "When in doubt — defer" rule I'm flagging it for your eye, not as a hard finding. |
Per @justinmclean's review of apache#712: - pmc-roster.md (major): restore the Primary email + Binding since columns and the binding-resolution rules the release-vote-tally skill needs. Without Primary email, rule (1) never fires and a PMC member voting from a non-@apache.org address tallies non-binding. Add a note that personal/corporate addresses must be added before the vote. - release-management-config.md: default release_dist_backend to svnpubsub (the ASF-ratified default) instead of the alpha ATR test host; ATR stays fully documented as the intended direction, switched in after a PMC ratification vote. - pyproject.toml: fix the stale security-only description so the source artefact no longer mislabels the project. - .gitattributes: add the export-ignore set so git archive drops CI/editor metadata from the signed source .zip (resolves the release-build.md prep TODO). site_repo/site_pr_files remain TODO (site not yet stood up; only used at the downstream announce step).
The mission statement repeated 'the creation and maintenance of software related to'. Remove the duplication so the sentence reads once.
|
Thanks for running the review skill on this — all six addressed in the latest push.
Also fixed the doubled clause in the |
Stands up Magpie's release infrastructure and preps the first release
(0.1.0). Part of #531.
Magpie's own release config (new
projects/magpie/)Magpie self-adopts the framework but had no
<project-config>/of itsown; the
release-*skills had nothing to read. Adds:release-management-config.md— ATR distribution backend(pending PMC ratification), dev-list-vote, announce-list, 72h window.
release-build.md— source .zip is the release, sha512.release-trains.md— 0.x train off main, RM for 0.1.0.pmc-roster.md— founding PMC (binding-vote tallying).Version + changelog
pyproject.toml/uv.lock: 0.0.0 → 0.1.0.CHANGELOG.md: initial-release summary.Notes
atrper the ATR runbook (docs(release-management): add ATR (Apache Trusted Releases) runbook #711); marked pending PMCratification since ATR is alpha — flips to
svnpubsubwith no otherchange if preferred.
.gitattributes.release-keys-sync→release-rc-cut.