cypht icon indicating copy to clipboard operation
cypht copied to clipboard
verified publisher icon cypht-org

Bundle composer vendor dependencies with released tarballs to support reproducible build system packaging

Open amessina opened this issue 1 year ago • 4 comments

🚀 Feature

Bundling composer vendor dependencies with released tarballs supports build system (like Koji) packaging that doesn't enable network connections. This is in support of reproducible builds.

amessina avatar Jul 16 '24 15:07 amessina

Related: https://github.com/cypht-org/cypht/issues/597

marclaporte avatar Jul 17 '24 04:07 marclaporte

@kroky what do you think?

marclaporte avatar Jul 22 '24 21:07 marclaporte

Yes, +1 for bundling the vendor packages with the release tarballs.

kroky avatar Jul 23 '24 11:07 kroky

It seams like the GITHUB_TOKEN provided by GitHub Actions has limited permissions by default. I'l review it and create a new one with right access permission.

Shadow243 avatar Aug 15 '24 10:08 Shadow243

@marclaporte @kroky @amessina Can we close this since the PR is already merged ?

Shadow243 avatar Jan 04 '25 21:01 Shadow243

I'l review it and create a new one with white access permission

Is it done?

marclaporte avatar Jan 05 '25 02:01 marclaporte

I'l review it and create a new one with white access permission

Is it done?

since the last release we have cypht.tar.gz which is added to the release and which contains the vendor folder already with the dependencies

https://github.com/cypht-org/cypht/pull/1142

I just checked, the token has expired since like a week. I will have to renew that

Shadow243 avatar Jan 05 '25 03:01 Shadow243