Re: [DISCUSS] JanusGraph 0.6.1 release
automating the release process or at least parts of it would definitely be great!
Right now, we have all issues and PRs closed that are linked to the milestone for 0.6.1 so we could in general proceed with the release process, but I think it wouldn’t be a big problem if we’d delay the release a bit so we could already use an automated release process.
Do you think that it makes sense to wait with the 0.6.1 release for this? Would it maybe even help if you could try out some of the automation directly during the release process? Or would this delay the release too much?
Von: janusgraph-dev@... <janusgraph-dev@...> Im Auftrag von Oleksandr Porunov
Gesendet: Montag, 10. Januar 2022 14:23
Betreff: Re: [janusgraph-dev] [DISCUSS] JanusGraph 0.6.1 release
I'm in favor of releasing 0.6.1 version. That said, it would make sense to automate the releasing process as Jan mentioned.
I'm planning to try to work on automation or partial automation this week. The main reason for that is to have deterministic way of making those builds.
At this moment when we are creating `jar`s which we are publishing everywhere - we are creating it locally on a release manager's computer with their own `java` installation.
Yes, the release manager signs every resource but we have no idea what version of Java was used to create this build. In theory if the release manager have vulnerable machine it could lead to infecting that `jar` with malicious code.
I think, it would be better to make all the builds in GH actions and use only them for release artifacts.
I will try to work on that this week but I'm good if you release 0.6.1 using the current release process. Just use openjdk 1.8.<latest> for the release.