Skip to content

chore(release): first-release groundwork + prep for 0.1.0#712

Open
potiuk wants to merge 4 commits into
apache:mainfrom
potiuk:release/0.1.0-groundwork
Open

chore(release): first-release groundwork + prep for 0.1.0#712
potiuk wants to merge 4 commits into
apache:mainfrom
potiuk:release/0.1.0-groundwork

Conversation

@potiuk

@potiuk potiuk commented Jul 3, 2026

Copy link
Copy Markdown
Member

Stands up Magpie's release infrastructure and preps the first release
(0.1.0). Part of #531.

Magpie's own release config (new projects/magpie/)

Magpie self-adopts the framework but had no <project-config>/ of its
own; the release-* skills had nothing to read. Adds:

  • release-management-config.md — ATR distribution backend
    (pending PMC ratification), dev-list-vote, announce-list, 72h window.
  • release-build.md — source .zip is the release, sha512.
  • release-trains.md — 0.x train off main, RM for 0.1.0.
  • pmc-roster.md — founding PMC (binding-vote tallying).

Version + changelog

  • pyproject.toml / uv.lock: 0.0.0 → 0.1.0.
  • CHANGELOG.md: initial-release summary.

Notes

  • Backend is atr per the ATR runbook (docs(release-management): add ATR (Apache Trusted Releases) runbook #711); marked pending PMC
    ratification
    since ATR is alpha — flips to svnpubsub with no other
    change if preferred.
  • RM and version are PMC calls; set to Jarek / 0.1.0 as defaults.
  • TODOs left explicit: site repo, root .gitattributes.
  • Prep only — no tag/sign/upload. Next: release-keys-syncrelease-rc-cut.

Tester added 2 commits July 4, 2026 00:42
Stand up Magpie's release infrastructure and prep the first release
(0.1.0). Part of apache#531.

Magpie self-adopts the framework but had no <project-config> of its
own, so the release-* skills had nothing to read. Add projects/magpie/:
- release-management-config.md: ATR distribution backend (pending PMC
  ratification), dev-list-vote, announce-list, 72h vote window.
- release-build.md: source .zip is the release, sha512 only.
- release-trains.md: 0.x train off main, RM for 0.1.0.
- pmc-roster.md: founding PMC for binding-vote tallying.

Version + changelog:
- pyproject.toml / uv.lock: 0.0.0 -> 0.1.0.
- CHANGELOG.md: initial-release summary.

Prep only: no tag/sign/upload. Next steps are release-keys-sync then
release-rc-cut for 0.1.0-rc1.
…-build

Magpie ships no convenience binaries — the signed source artefact is the
only release artefact. Remove the optional PyPI sdist/wheel note.
@justinmclean

Copy link
Copy Markdown
Member

Running teh magpie review skill shows two findings are on live config the release-* skills read, not on the prep TODOs the PR already tracks. The rest are minor.

projects/magpie/pmc-roster.md:40 — major — The ## PMC members table ships | Name | Apache ID | only, dropping the Primary email column the tally skill resolves against. The framework template (projects/_template/pmc-roster.md) defines binding resolution as "(1) The From: address matches a row's Primary email exactly, or (2) ... @apache.org ... local part matches a row's Apache ID," and states verbatim: "Personal Gmail / corporate addresses MUST appear in Primary email to count." With no Primary email column, rule (1) can never fire, so a PMC member who replies +1 from a non-@apache.org address is silently tallied non-binding on the 0.1.0 vote. Add the Primary email (and Binding since) columns.

pyproject.toml:35 — minor — Version is bumped to 0.1.0 but the line above still reads description = "Reusable framework for handling security vulnerabilities in Apache projects.", contradicting the governance-agnostic framing this same PR ships in CHANGELOG.md. The first release's source artefact carries a description that mislabels the project. (Flagging under "Quality signals"; the line is in the touched hunk.)

projects/magpie/release-management-config.md:56 — minor — release_dist_backend = atr with atr_platform_url = https://release-test.apache.org/ selects the alpha ATR test host as the live default, while the framework template states "ATR is in alpha; until a PMC ratifies it, svnpubsub remains the ratified default." Self-flagged "pending PMC ratification" with a one-line switch back, but the shipped default is the un-ratified one. Consider defaulting to svnpubsub until the PMC vote.

projects/magpie/release-build.md:38 — minor — Unresolved TODO: add .gitattributes with the export-ignore set before the first RC. Without it, git archive includes .github/ and editor metadata in the signed source .zip; the criteria's "compiled artifacts / source-only" concern and RAT catch this only after the artefact is built, forcing an RC re-cut. Prep item, but worth resolving before release-rc-cut.

projects/magpie/release-management-config.md:132 — minor — site_repo/site_pr_files are left as TODO placeholders in a file the PR frames as "the live config ... not a scaffold." release-announce-draft reads site_repo; confirm it before the announce step.

Body-level note (no file:line anchor): the new docs lean heavily on em-dashes, which reads against AGENTS.md § "Writing and editing documentation" ("use em dashes sparingly"). Per the criteria's "When in doubt — defer" rule I'm flagging it for your eye, not as a hard finding.
No findings on license headers (all new .md files carry the SPDX Apache-2.0 header) or compiled artifacts (none added).

Tester added 2 commits July 4, 2026 02:05
Per @justinmclean's review of apache#712:

- pmc-roster.md (major): restore the Primary email + Binding since
  columns and the binding-resolution rules the release-vote-tally skill
  needs. Without Primary email, rule (1) never fires and a PMC member
  voting from a non-@apache.org address tallies non-binding. Add a note
  that personal/corporate addresses must be added before the vote.
- release-management-config.md: default release_dist_backend to
  svnpubsub (the ASF-ratified default) instead of the alpha ATR test
  host; ATR stays fully documented as the intended direction, switched
  in after a PMC ratification vote.
- pyproject.toml: fix the stale security-only description so the source
  artefact no longer mislabels the project.
- .gitattributes: add the export-ignore set so git archive drops
  CI/editor metadata from the signed source .zip (resolves the
  release-build.md prep TODO).

site_repo/site_pr_files remain TODO (site not yet stood up; only used
at the downstream announce step).
The mission statement repeated 'the creation and maintenance of software
related to'. Remove the duplication so the sentence reads once.
@potiuk

potiuk commented Jul 4, 2026

Copy link
Copy Markdown
Member Author

Thanks for running the review skill on this — all six addressed in the latest push.

  • pmc-roster.md (major) — Fixed. Restored the Primary email and Binding since columns and the full binding-resolution rules from the template, so rule (1) can fire. Primary email is set to each member's @apache.org address; I added an explicit note that anyone intending to vote from a personal/corporate address must have it added here before the 0.1.0 [VOTE], or their +1 tallies non-binding. Binding since is [resolution] pending the confirmed establishment date (informational only — not used for resolution).
  • release-management-config.md backend default — Good call; changed release_dist_backend to svnpubsub, the ASF-ratified default. ATR stays fully documented as the intended direction, with a one-line switch to atr after the PMC ratification vote. The alpha release-test.apache.org host is no longer the live default.
  • pyproject.toml description — Fixed; now "Reusable, governance-agnostic framework of agentic skills for maintaining open-source projects," matching the CHANGELOG framing.
  • .gitattributes export-ignore — Resolved rather than deferred: added a root .gitattributes with the export-ignore set (.github/, editor/CI metadata) so git archive drops them from the signed source .zip. release-build.md now links to it instead of carrying a TODO.
  • site_repo / site_pr_files — Left as TODO for now: the project site isn't stood up yet, so there's nothing accurate to point at. release-announce-draft only reads it at the far-downstream announce step; I'll fill it before then.
  • Em-dashes — Noted, thanks; trimmed where they were gratuitous and will keep an eye on AGENTS.md § "Writing and editing documentation" going forward.

Also fixed the doubled clause in the MISSION.md mission sentence in this PR.

@choo121600 choo121600 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on the re-review — all six findings from the earlier review-skill pass are verified addressed in eacb78d, CI is green, and the tree is mergeable clean. One minor packaging note below (non-blocking — safe to fold into the RC-cut prep). The version bump, changelog, and new projects/magpie/ release config read cleanly.

Prior findings — verified addressed

  • pmc-roster.md (major) — ✅ Primary email and Binding since columns restored, both binding-resolution rules present, plus an explicit note that a member intending to vote from a personal/corporate address must be added before the 0.1.0 [VOTE] or their +1 tallies non-binding. Rule (1) can fire again.
  • pyproject.toml description — ✅ now "Reusable, governance-agnostic framework of agentic skills for maintaining open-source projects," matching the CHANGELOG framing.
  • ATR alpha as live default — ✅ release_dist_backend = svnpubsub (the ASF-ratified default); ATR stays fully documented as the intended direction with a one-line switch after PMC ratification.
  • .gitattributes export-ignore TODO — ✅ resolved, not deferred: root .gitattributes added and release-build.md links it.
  • site_repo / site_pr_files — ➖ left as TODO; fine as an accepted downstream deferral (only read at the announce step, and the site isn't stood up yet).
  • Em-dashes — ✅ trimmed.

Also confirmed the MISSION.md doubled-clause fix.

Smaller observations

  • .gitattributes:7 — export-ignore set omits .claude/, which will leave dangling symlinks in the source .zip. The list excludes .agents/ and .github/ but not .claude/. .claude/skills/ is committed and holds the relay symlinks magpie-* → ../../.agents/skills/magpie-*; since .agents/ is export-ignored, git archive keeps .claude/skills/ but drops its targets, so the signed source artefact the [VOTE] votes on would carry a directory of dangling relay symlinks. Suggest adding .claude/ (and any other holdout skill-relay dir) to the export-ignore set so all the self-adoption wiring is excluded consistently:

    .claude/            export-ignore

    Minor — release-verify-rc / RAT would catch it on RC1, and release-build.md already says to extend the set if RAT flags anything, so this just saves an RC re-spin.


This review was drafted by an AI-assisted tool and confirmed by an Apache Magpie maintainer. The maintainer approving this PR has read the findings and signed off. If something feels off, please reply on the PR and a maintainer will follow up.

More on how Apache Magpie handles contributions: CONTRIBUTING.md.

@choo121600

Copy link
Copy Markdown
Member

looks good ;)
let's gooo 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants