This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/sbp by this push:
new 5bf8c534 Migrate all revision creators to use quarantine
5bf8c534 is described below
commit 5bf8c53410555ef4e2d438f24ab07b4c975eef3c
Author: Sean B. Palmer <[email protected]>
AuthorDate: Wed Mar 4 14:47:04 2026 +0000
Migrate all revision creators to use quarantine
---
atr/post/draft.py | 12 +++++++++---
atr/post/revisions.py | 4 +++-
atr/storage/writers/keys.py | 4 +++-
atr/storage/writers/release.py | 26 ++++++++++++++++++++------
atr/storage/writers/vote.py | 8 ++++++--
atr/tasks/sbom.py | 8 ++++++--
6 files changed, 47 insertions(+), 15 deletions(-)
diff --git a/atr/post/draft.py b/atr/post/draft.py
index af36550b..7ce142f2 100644
--- a/atr/post/draft.py
+++ b/atr/post/draft.py
@@ -58,13 +58,15 @@ async def cache_reset(
description = "Empty revision to restart all checks without cache for the
whole release candidate draft"
async with storage.write(session) as write:
wacp = await write.as_project_committee_participant(str(project_name))
- await wacp.revision.create_revision(
+ result = await wacp.revision.create_revision_with_quarantine(
str(project_name),
str(version_name),
session.uid,
description=description,
reset_to_global_cache=True,
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for cache reset")
return await session.redirect(
get.compose.selected,
@@ -203,13 +205,15 @@ async def recheck(
description = "Empty revision to restart all checks without cache for the
whole release candidate draft"
async with storage.write(session) as write:
wacp = await write.as_project_committee_participant(str(project_name))
- await wacp.revision.create_revision(
+ result = await wacp.revision.create_revision_with_quarantine(
str(project_name),
str(version_name),
session.uid,
description=description,
set_local_cache=True,
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for recheck")
return await session.redirect(
get.compose.selected,
@@ -285,9 +289,11 @@ async def sbomgen(
if not success:
raise web.FlashError("Internal error: SBOM generation
timed out")
- await wacp.revision.create_revision(
+ result = await wacp.revision.create_revision_with_quarantine(
str(project_name), str(version_name), session.uid,
description=description, modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for SBOM generation")
except Exception as e:
log.exception("Error generating SBOM:")
diff --git a/atr/post/revisions.py b/atr/post/revisions.py
index 1c994030..e7bdd1b6 100644
--- a/atr/post/revisions.py
+++ b/atr/post/revisions.py
@@ -70,9 +70,11 @@ async def _set_revision(
description = f"Copy of revision {selected_revision_number} through web
interface"
async with storage.write(session) as write:
wacp = await write.as_project_committee_participant(project_name)
- new_revision = await wacp.revision.create_revision(
+ new_revision = await wacp.revision.create_revision_with_quarantine(
project_name, version_name, session.uid, description=description,
clone_from=selected_revision_number
)
+ if isinstance(new_revision, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for revision copy")
return await session.redirect(
get.revisions.selected,
success=f"Copied revision {selected_revision_number} to new latest
revision, {new_revision.number}",
diff --git a/atr/storage/writers/keys.py b/atr/storage/writers/keys.py
index 4b3cff77..2bbbe86e 100644
--- a/atr/storage/writers/keys.py
+++ b/atr/storage/writers/keys.py
@@ -490,9 +490,11 @@ class CommitteeParticipant(FoundationCommitter):
path_in_new_revision = path / "KEYS"
await aiofiles.os.remove(path_in_new_revision)
- await self.__write_as.revision.create_revision(
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
project_name, version_name, self.__asf_uid,
description=description, modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for KEYS file
removal")
return outcomes
def __block_models(self, key_block: str, ldap_data: dict[str, str]) ->
list[types.Key | Exception]:
diff --git a/atr/storage/writers/release.py b/atr/storage/writers/release.py
index 79735012..6a743e7f 100644
--- a/atr/storage/writers/release.py
+++ b/atr/storage/writers/release.py
@@ -172,9 +172,11 @@ class CommitteeParticipant(FoundationCommitter):
await aiofiles.os.rmdir(path_to_remove)
try:
- await self.__write_as.revision.create_revision(
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
project_name, version_name, self.__asf_uid,
description=description, modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for empty directory
deletion")
except types.FailedError as e:
return str(e)
return None
@@ -212,9 +214,11 @@ class CommitteeParticipant(FoundationCommitter):
# Delete the file
await aiofiles.os.remove(path_in_new_revision)
- await self.__write_as.revision.create_revision(
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
project_name, version, self.__asf_uid, description=description,
modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for file deletion")
return metadata_files_deleted
async def generate_hash_file(self, project_name: str, version_name: str,
rel_path: pathlib.Path) -> None:
@@ -251,9 +255,11 @@ class CommitteeParticipant(FoundationCommitter):
async with aiofiles.open(hash_path_in_new_revision, "w") as f:
await f.write(f"{hash_value} {rel_path.name}\n")
- await self.__write_as.revision.create_revision(
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
project_name, version_name, self.__asf_uid,
description=description, modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for hash generation")
async def import_from_svn(
self, project_name: str, version_name: str, svn_url: str, revision:
str, target_subdirectory: str | None
@@ -297,9 +303,11 @@ class CommitteeParticipant(FoundationCommitter):
)
try:
- await self.__write_as.revision.create_revision(
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
project_name, version_name, self.__asf_uid,
description=description, modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for file move")
except types.FailedError as e:
return str(e), moved_files_names, skipped_files_names
return None, moved_files_names, skipped_files_names
@@ -377,9 +385,11 @@ class CommitteeParticipant(FoundationCommitter):
renamed_count = await self.__remove_rc_tags_revision(path,
error_messages)
try:
- await self.__write_as.revision.create_revision(
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
project_name, version_name, self.__asf_uid,
description=description, modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for RC tag removal")
except types.FailedError as e:
return str(e), renamed_count, error_messages
return None, renamed_count, error_messages
@@ -444,7 +454,11 @@ class CommitteeParticipant(FoundationCommitter):
await self.__data.refresh(release)
description = "Creation of empty release candidate draft through web
interface"
- await self.__write_as.revision.create_revision(project_name, version,
self.__asf_uid, description=description)
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
+ project_name, version, self.__asf_uid, description=description
+ )
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for empty release
creation")
self.__write_as.append_to_audit_log(
asf_uid=self.__asf_uid,
project_name=project_name,
diff --git a/atr/storage/writers/vote.py b/atr/storage/writers/vote.py
index 1f276071..7c531b62 100644
--- a/atr/storage/writers/vote.py
+++ b/atr/storage/writers/vote.py
@@ -294,9 +294,11 @@ class CommitteeMember(CommitteeParticipant):
success_message = "Vote marked as passed"
description = "Create a preview revision from the last candidate
draft"
- await self.__write_as.revision.create_revision(
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
project_name, release.version, self.__asf_uid,
description=description
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for manual vote
resolution")
else:
release.phase = sql.ReleasePhase.RELEASE_CANDIDATE_DRAFT
await self.__data.commit()
@@ -381,9 +383,11 @@ class CommitteeMember(CommitteeParticipant):
success_message = "Vote marked as passed"
description = "Create a preview revision from the last candidate
draft"
- await self.__write_as.revision.create_revision(
+ result = await
self.__write_as.revision.create_revision_with_quarantine(
project_name, release.version, self.__asf_uid,
description=description
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for vote resolution")
if (voting_round == 2) and (release.podling_thread_id is not None):
round_one_email_address, round_one_message_id = await
util.email_mid_from_thread_id(
release.podling_thread_id
diff --git a/atr/tasks/sbom.py b/atr/tasks/sbom.py
index 5a6539f0..61eb2ada 100644
--- a/atr/tasks/sbom.py
+++ b/atr/tasks/sbom.py
@@ -111,9 +111,11 @@ async def augment(args: FileArgs) -> results.Results |
None:
async with aiofiles.open(new_full_path, "w", encoding="utf-8")
as f:
await f.write(merged.dumps())
- await wacp.revision.create_revision(
+ result = await wacp.revision.create_revision_with_quarantine(
args.project_name, args.version_name, args.asf_uid or
"unknown", description=description, modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for SBOM
augmentation")
return results.SBOMAugment(
kind="sbom_augment",
@@ -180,9 +182,11 @@ async def osv_scan(args: FileArgs) -> results.Results |
None:
async with aiofiles.open(new_full_path, "w", encoding="utf-8") as
f:
await f.write(merged.dumps())
- await wacp.revision.create_revision(
+ result = await wacp.revision.create_revision_with_quarantine(
args.project_name, args.version_name, args.asf_uid or "unknown",
description=description, modify=modify
)
+ if isinstance(result, sql.Quarantined):
+ raise RuntimeError("Unexpected quarantine for SBOM vulnerability
scan")
return results.SBOMOSVScan(
kind="sbom_osv_scan",
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
