latest 20 messages by amitprakash
+
[2016-12-05T15:08:07Z]
amitprakash
I'd rather this be automated via CI than users
+
[2016-12-05T15:07:50Z]
amitprakash
canton7, because developers (including myself) are stupid
+
[2016-12-05T15:05:33Z]
amitprakash
Thanks
+
[2016-12-05T15:05:30Z]
amitprakash
canton7, perfect, this works!
+
[2016-12-05T15:04:35Z]
amitprakash
Aight, sorry about that
+
[2016-12-05T15:03:25Z]
amitprakash
Verifying authenticity of tag implies the tag is from a particular author .. i.e. someuser@domain.com
+
[2016-12-05T15:02:14Z]
amitprakash
This is clearly not desired.. so two things we can do 1) restrict develoeprs from pushing tags - (which I don't see a way of doing) or 2) verify the authenticity of tag
+
[2016-12-05T15:01:42Z]
amitprakash
But any developer can push tags to a project, which means any one can trigger a release
+
[2016-12-05T15:01:19Z]
amitprakash
So lets say we trigger this on tags against the project.
+
[2016-12-05T15:00:51Z]
amitprakash
either you manually trigger this job, or you can trigger this on commits against particular branch or you can trigger this on tags against the project
+
[2016-12-05T15:00:11Z]
amitprakash
Okay, how do you know when to release new software to production?
+
[2016-12-05T14:59:46Z]
amitprakash
I want to find a way to ensure releases. This I want to be based on git (either via tags, branches etc) handled via CI..
+
[2016-12-05T14:58:46Z]
amitprakash
Yes, Verifying the authenticity would be a step in the CI/deployment process
+
[2016-12-05T14:57:54Z]
amitprakash
Prevent releases when other developers push tags to repo
+
[2016-12-05T14:56:44Z]
amitprakash
Since I can not restrict users from pushing their own tags, the next step was to verify the authenticity of tag, this I sought to handle by verifing the author/comitter against the tag
+
[2016-12-05T14:56:07Z]
amitprakash
canton7, So in my current CI process, any time a tag is pushed to the project, it is assumed to be a new release which the CI pushes to production
+
[2016-12-05T14:54:27Z]
amitprakash
Alternately, rethink the strategy from tags to a separate branch for releases to production
+
[2016-12-05T14:54:10Z]
amitprakash
But tag author can also be changed, so I am not sure how I can verify if a tag is genuine
+
[2016-12-05T14:53:47Z]
amitprakash
canton7, release to production on tag... however since I cant' restrict tags, verify that tags are genuine via tag author
+
[2016-12-05T14:52:03Z]
amitprakash
But that too can be faked