[Conductor] Address tagging and pushing logic #123273
Comments
|
I like the idea of keeping the logic for emergency situations, but since the release workflow should always require multi-party approval if we are hoping to get SLSA verified on flutter/flutter, I wonder if we will have to remove the logic from Conductor in order to satisfy that requirement. @godofredoc what do you think? |
|
Interesting perspective here that I did not consider. In the case that our recipes fail catastrophically, are we completely blocked from releasing if we want to maintain our SLSA level? |
|
I'll recommend 2) hide the functionality with a flag to avoid as much as possible human errors. @itsjustkevin yes, after validating the process with multiple releases we are removing individuals access to push to beta | release. Once we're ready for SLSA L3 the release process will need to generate provenance that can be validated by the public. Ideally the process will be:
A few of these items will happen after the flutter product gets to SLSA L2 compliance. |
|
From a turn down perspective, we can continue to use the toolproxy approach for pushing releases. If we ship the next stable without issues, removing the tag + push logic from conductor SGTM. |
|
From the feedback here it seems like the way to go while keeping with SLSA compliance is to remove the tag and push logic after the next stable release. |
itsjustkevin
changed the title
XilaiZhang
added
P2
|
the remaining step is to delete the tagging and pushing logic in conductor |
With tagging and pushing now handled by a recipe that is behind Multi-party approval, we may want to consider a few approaches.
We may want to keep the logic around for "Break glass in case of emergency" situations.
Manually tagging and pushing to the release branch is an error prone process that could introduce extra risk.
The text was updated successfully, but these errors were encountered: