chore(release): first-release groundwork + prep for 0.1.0#712
Conversation
Stand up Magpie's release infrastructure and prep the first release (0.1.0). Part of apache#531. Magpie self-adopts the framework but had no <project-config> of its own, so the release-* skills had nothing to read. Add projects/magpie/: - release-management-config.md: ATR distribution backend (pending PMC ratification), dev-list-vote, announce-list, 72h vote window. - release-build.md: source .zip is the release, sha512 only. - release-trains.md: 0.x train off main, RM for 0.1.0. - pmc-roster.md: founding PMC for binding-vote tallying. Version + changelog: - pyproject.toml / uv.lock: 0.0.0 -> 0.1.0. - CHANGELOG.md: initial-release summary. Prep only: no tag/sign/upload. Next steps are release-keys-sync then release-rc-cut for 0.1.0-rc1.
…-build Magpie ships no convenience binaries — the signed source artefact is the only release artefact. Remove the optional PyPI sdist/wheel note.
|
Running teh magpie review skill shows two findings are on live config the release-* skills read, not on the prep TODOs the PR already tracks. The rest are minor. projects/magpie/pmc-roster.md:40 — major — The ## PMC members table ships | Name | Apache ID | only, dropping the Primary email column the tally skill resolves against. The framework template (projects/_template/pmc-roster.md) defines binding resolution as "(1) The From: address matches a row's Primary email exactly, or (2) ... @apache.org ... local part matches a row's Apache ID," and states verbatim: "Personal Gmail / corporate addresses MUST appear in Primary email to count." With no Primary email column, rule (1) can never fire, so a PMC member who replies +1 from a non-@apache.org address is silently tallied non-binding on the 0.1.0 vote. Add the Primary email (and Binding since) columns. pyproject.toml:35 — minor — Version is bumped to 0.1.0 but the line above still reads description = "Reusable framework for handling security vulnerabilities in Apache projects.", contradicting the governance-agnostic framing this same PR ships in CHANGELOG.md. The first release's source artefact carries a description that mislabels the project. (Flagging under "Quality signals"; the line is in the touched hunk.) projects/magpie/release-management-config.md:56 — minor — release_dist_backend = atr with atr_platform_url = https://release-test.apache.org/ selects the alpha ATR test host as the live default, while the framework template states "ATR is in alpha; until a PMC ratifies it, svnpubsub remains the ratified default." Self-flagged "pending PMC ratification" with a one-line switch back, but the shipped default is the un-ratified one. Consider defaulting to svnpubsub until the PMC vote. projects/magpie/release-build.md:38 — minor — Unresolved TODO: add .gitattributes with the export-ignore set before the first RC. Without it, git archive includes .github/ and editor metadata in the signed source .zip; the criteria's "compiled artifacts / source-only" concern and RAT catch this only after the artefact is built, forcing an RC re-cut. Prep item, but worth resolving before release-rc-cut. projects/magpie/release-management-config.md:132 — minor — site_repo/site_pr_files are left as TODO placeholders in a file the PR frames as "the live config ... not a scaffold." release-announce-draft reads site_repo; confirm it before the announce step. Body-level note (no file:line anchor): the new docs lean heavily on em-dashes, which reads against AGENTS.md § "Writing and editing documentation" ("use em dashes sparingly"). Per the criteria's "When in doubt — defer" rule I'm flagging it for your eye, not as a hard finding. |
Per @justinmclean's review of apache#712: - pmc-roster.md (major): restore the Primary email + Binding since columns and the binding-resolution rules the release-vote-tally skill needs. Without Primary email, rule (1) never fires and a PMC member voting from a non-@apache.org address tallies non-binding. Add a note that personal/corporate addresses must be added before the vote. - release-management-config.md: default release_dist_backend to svnpubsub (the ASF-ratified default) instead of the alpha ATR test host; ATR stays fully documented as the intended direction, switched in after a PMC ratification vote. - pyproject.toml: fix the stale security-only description so the source artefact no longer mislabels the project. - .gitattributes: add the export-ignore set so git archive drops CI/editor metadata from the signed source .zip (resolves the release-build.md prep TODO). site_repo/site_pr_files remain TODO (site not yet stood up; only used at the downstream announce step).
The mission statement repeated 'the creation and maintenance of software related to'. Remove the duplication so the sentence reads once.
|
Thanks for running the review skill on this — all six addressed in the latest push.
Also fixed the doubled clause in the |
choo121600
left a comment
There was a problem hiding this comment.
LGTM on the re-review — all six findings from the earlier review-skill pass are verified addressed in eacb78d, CI is green, and the tree is mergeable clean. One minor packaging note below (non-blocking — safe to fold into the RC-cut prep). The version bump, changelog, and new projects/magpie/ release config read cleanly.
Prior findings — verified addressed
pmc-roster.md(major) — ✅Primary emailandBinding sincecolumns restored, both binding-resolution rules present, plus an explicit note that a member intending to vote from a personal/corporate address must be added before the 0.1.0[VOTE]or their+1tallies non-binding. Rule (1) can fire again.pyproject.tomldescription — ✅ now "Reusable, governance-agnostic framework of agentic skills for maintaining open-source projects," matching the CHANGELOG framing.- ATR alpha as live default — ✅
release_dist_backend = svnpubsub(the ASF-ratified default); ATR stays fully documented as the intended direction with a one-line switch after PMC ratification. .gitattributesexport-ignore TODO — ✅ resolved, not deferred: root.gitattributesadded andrelease-build.mdlinks it.site_repo/site_pr_files— ➖ left as TODO; fine as an accepted downstream deferral (only read at the announce step, and the site isn't stood up yet).- Em-dashes — ✅ trimmed.
Also confirmed the MISSION.md doubled-clause fix.
Smaller observations
-
.gitattributes:7— export-ignore set omits.claude/, which will leave dangling symlinks in the source.zip. The list excludes.agents/and.github/but not.claude/..claude/skills/is committed and holds the relay symlinksmagpie-* → ../../.agents/skills/magpie-*; since.agents/is export-ignored,git archivekeeps.claude/skills/but drops its targets, so the signed source artefact the[VOTE]votes on would carry a directory of dangling relay symlinks. Suggest adding.claude/(and any other holdout skill-relay dir) to the export-ignore set so all the self-adoption wiring is excluded consistently:.claude/ export-ignore
Minor —
release-verify-rc/ RAT would catch it on RC1, andrelease-build.mdalready says to extend the set if RAT flags anything, so this just saves an RC re-spin.
This review was drafted by an AI-assisted tool and confirmed by an Apache Magpie maintainer. The maintainer approving this PR has read the findings and signed off. If something feels off, please reply on the PR and a maintainer will follow up.
More on how Apache Magpie handles contributions: CONTRIBUTING.md.
|
looks good ;) |
Stands up Magpie's release infrastructure and preps the first release
(0.1.0). Part of #531.
Magpie's own release config (new
projects/magpie/)Magpie self-adopts the framework but had no
<project-config>/of itsown; the
release-*skills had nothing to read. Adds:release-management-config.md— ATR distribution backend(pending PMC ratification), dev-list-vote, announce-list, 72h window.
release-build.md— source .zip is the release, sha512.release-trains.md— 0.x train off main, RM for 0.1.0.pmc-roster.md— founding PMC (binding-vote tallying).Version + changelog
pyproject.toml/uv.lock: 0.0.0 → 0.1.0.CHANGELOG.md: initial-release summary.Notes
atrper the ATR runbook (docs(release-management): add ATR (Apache Trusted Releases) runbook #711); marked pending PMCratification since ATR is alpha — flips to
svnpubsubwith no otherchange if preferred.
.gitattributes.release-keys-sync→release-rc-cut.