Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bundle composer vendor dependencies with released tarballs to support reproducible build system packaging #1122

Closed
amessina opened this issue Jul 16, 2024 · 7 comments
Closed

Bundle composer vendor dependencies with released tarballs to support reproducible build system packaging #1122

amessina opened this issue Jul 16, 2024 · 7 comments
Assignees
@Shadow243
Labels
strategic Important for the Cypht community globally

Comments

@amessina
Copy link

🚀 Feature

Bundling composer vendor dependencies with released tarballs supports build system (like Koji) packaging that doesn't enable network connections. This is in support of reproducible builds.
@marclaporte
Copy link
Member

Related: #597

@marclaporte
Copy link
Member

@kroky what do you think?

@kroky
Copy link
Member

kroky commented Jul 23, 2024

Yes, +1 for bundling the vendor packages with the release tarballs.

@marclaporte marclaporte assigned Shadow243 and unassigned kroky Jul 23, 2024
@Shadow243 Shadow243 mentioned this issue Aug 2, 2024
Merged
@Shadow243
Copy link
Member

Shadow243 commented Aug 15, 2024
edited
Loading

It seams like the GITHUB_TOKEN provided by GitHub Actions has limited permissions by default. I'l review it and create a new one with right access permission.

@marclaporte marclaporte added the strategic Important for the Cypht community globally label Dec 28, 2024
@Shadow243
Copy link
Member

@marclaporte @kroky @amessina Can we close this since the PR is already merged ?

@marclaporte
Copy link
Member

I'l review it and create a new one with white access permission

Is it done?

@Shadow243
Copy link
Member

Shadow243 commented Jan 5, 2025
edited
Loading

I'l review it and create a new one with white access permission

Is it done?

since the last release we have cypht.tar.gz which is added to the release and which contains the vendor folder already with the dependencies

#1142

I just checked, the token has expired since like a week. I will have to renew that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Shadow243 Shadow243

Labels
strategic Important for the Cypht community globally
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@marclaporte @amessina @kroky @Shadow243