Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

canary version initially published as latest #862

Closed
ljharb opened this issue Nov 7, 2016 · 6 comments
Closed

canary version initially published as latest #862

ljharb opened this issue Nov 7, 2016 · 6 comments

Comments

@ljharb
Copy link
Contributor

ljharb commented Nov 7, 2016

chai v4.0.0-canary.1 was initially published as "latest", which sadly our internal sinopia cached, so it broke some builds.

I see that you've corrected it, and I'm sure it wasn't intentional.

Can you please use https://npmjs.com/safe-publish-latest, and try to use --tag in your npm publish commands, so that non-latest versions are not published as latest, even initially?
@keithamus
Copy link
Member

Thanks for the issue @ljharb.

Right now, our main releases are automated through travis. We are manually publishing canary versions for 4.0 as a one-off, but soon (likely 5.0) we'll be moving to semantic-release, meaning all releases will be fully automated and only ever main (not alpha/beta/canary/whatever) releases.

I suppose we could add this though. @lucasfcosta thoughts?

@ljharb
Copy link
Contributor Author

ljharb commented Nov 7, 2016

I highly discourage automated publishing for many reasons, but that's not the point of this issue :-)

When manually publishing versions, if you add --tag=canary to npm publish, this won't happen.

(I'm not sure how semantic-release handles backports)

@vieiralucas
Copy link
Member

Hello @ljharb.

First of all, I'm very sorry you had issues with this incident.
I did the publish together with @lucasfcosta and we did use --tag=canary, but somehow it got published as latest.
You can read more about this incident here

@keithamus
Copy link
Member

Just want to reiterate for crystal clarity - our solution for preventing this in the future will be semantic-release. We're already rolling out semantic-release to sub-projects. All releases will be handled by semantic-releases - by scanning the commit logs or code for what has changed.

As for backports, I don't think semantic-release has a full solution for backporting - but we haven't backported fixes since I've been here. We effectively (implicitly I suppose) only support the latest version of chai.

@ljharb
Copy link
Contributor Author

ljharb commented Nov 8, 2016

Thanks, I think this is answered.

@ljharb ljharb closed this as completed Nov 8, 2016
@lucasfcosta
Copy link
Member

Hi @ljharb, first of all I'd like to apologize for this, I'm sorry this caused you problems 😓

Me and @vieiralucas were extra careful when releasing 4.0.0 and we prepared and tested every single command in a dummy package before running them, but before doing the release itself we ended up adding a new tag on the repo for the canary release and this ended up automatic releasing that version as latest.

As it has already been said, I also agree that manual releases are safer, but given the strict rules we've got on other repos for semantic-release I think this problem can also be solved that way.

Thanks for your feedback and sorry again for breaking your build, it's great to hear our user's feedback!
Have a nice day 😄

@keithamus keithamus mentioned this issue Nov 8, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ljharb @keithamus @lucasfcosta @vieiralucas