Skip to content

Add GitHub immutable releases#84

Open
snazy wants to merge 1 commit intoapache:mainfrom
snazy:immutable-releases
Open

Add GitHub immutable releases#84
snazy wants to merge 1 commit intoapache:mainfrom
snazy:immutable-releases

Conversation

@snazy
Copy link
Member

@snazy snazy commented Dec 25, 2025

Adds functionality to enable immutable GitHub releases using a new feature configuration:

github:
  # Default is false.
  immutable_releases: true|false

Fixes #83

@snazy snazy force-pushed the immutable-releases branch from e0db514 to 1380cf5 Compare December 25, 2025 11:56
@snazy snazy marked this pull request as ready for review January 7, 2026 15:50
@snazy snazy force-pushed the immutable-releases branch from 1380cf5 to afff053 Compare February 4, 2026 07:50
@snazy
Add GitHub immutable releases
16681a3 
Adds functionality to enable immutable GitHub releases using a new feature configuration:
```yaml
github:
  # Default is false.
  immutable_releases: true|false
```

Fixes apache#83
@snazy snazy force-pushed the immutable-releases branch from afff053 to 16681a3 Compare February 4, 2026 11:41
raboof
raboof approved these changes Feb 12, 2026
View reviewed changes
Copy link
Member

@raboof raboof left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems great!

I wonder if this should even be enabled by default, given AFAICT this is the spiritual successor of the earlier tag protection (#85) which IIRC was also enabled by default?

jbonofre
jbonofre approved these changes Feb 12, 2026
View reviewed changes
Copy link
Member

@jbonofre jbonofre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's cool !

Maybe we would consider to enable it by default, but some projects might be "surprised".

@snazy
Copy link
Member Author

snazy commented Feb 12, 2026

IMHO immutable releases should be the default. I'm just not sure whether that could break existing "moving tags" use cases like for GitHub actions v42.

Maybe it can become the default after a "heads up" email saying that "immutable releases" will become the default on some day X?

@jbonofre
Copy link
Member

jbonofre commented Feb 12, 2026

Yeah, that's a good point, and also my question. Is it a way to do a check on projects without changing the flag ? I guess not.

@snazy
Copy link
Member Author

snazy commented Feb 12, 2026

Ah, you remind me that there is at least Arrow who have "immutable releases" enabled manually via an ASF Infra.
I think, they should get a heads-up so they can add the setting before or shortly after the PR is merged, so we do not make Arrow releases "mutable".

@raboof
Copy link
Member

raboof commented Feb 12, 2026

Maybe we would consider to enable it by default, but some projects might be "surprised".

Then they can just disable it, right?

@snazy
Copy link
Member Author

snazy commented Feb 12, 2026
edited
Loading

(Err, not Arrow, but Airflow - at least I got the first and last letters right)

Actually, I was right with Arrow INFRA-27392

And Pekko via INFRA-24644

potiuk
potiuk approved these changes Feb 13, 2026
View reviewed changes
Copy link
Member

@potiuk potiuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@snazy
Copy link
Member Author

snazy commented Feb 13, 2026

Pinged dev@pekko and dev@arrow ML about this PR.

@raulcd
Copy link
Member

raulcd commented Feb 13, 2026

Nice, thanks for pinging the arrow dev ML. I requested it initially there. This is great! As per the default just in case this is relevant it would have broken our workflow if enabled without notice as we had to change to have our Release candidates (pre-releases) to be in draft mode so we could append new artifacts (binaries) while those are being generated. Based on our process those are created after source which is initially uploaded to the draft. Draft releases are not immutable and allow for adding more artifacts. Once we have uploaded all artifacts we remove the draft mode to make the Release Candidate also immutable.

Do we have to update .asf.yaml once this is merged or can we do it now? I am in the middle of a Release, just waiting for the vote to finish during the next couple of days, that's why I am asking :)

@snazy
Copy link
Member Author

snazy commented Feb 13, 2026

Do we have to update .asf.yaml once this is merged or can we do it now?

IIUC (I'm rather a Python noob) I think the answer is after this PR is being merged, because strictyaml is being used to parse .asf.yaml.

@raulcd
Copy link
Member

raulcd commented Feb 13, 2026

Thanks @snazy ! No worries, I've subscribed and will act promptly once I see this being merged! Thanks for doing this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raboof raboof raboof approved these changes

+3 more reviewers

@jbonofre jbonofre jbonofre approved these changes

@potiuk potiuk potiuk approved these changes

@raulcd raulcd raulcd approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add feature for immutable GitHub releases

5 participants

@snazy @jbonofre @raboof @raulcd @potiuk

Comments