Kaxil - it would be good to know how you generated the client to get there and fix the reproducibility issue.
BTW. Very related thing - I am going tonight to Vienna for two days to take part in the "Reproducible Builds Summit" https://reproducible-builds.org/news/2025/08/20/reproducible-builds-summit-in-vienna/ -> with the goal to make our builds permanently reproducible and following some emerging standards of reproducibility (there are things brewing and the Summit is the place where things are not only talked but also there are some workshops where I will attempt to apply those things I will learn). This will be extremely useful in the near future, when Apache Trusted Releases ( https://news.apache.org/foundation/entry/apache-trusted-releases-platform-begins-second-alpha) gets out of Alpha status - because having fully reproducible builds is the prerequisite to release our software automatically via ASF-managed build infrastructure. This will mean that our releases will not only be safer and more secure, but will also have cryptographic attestations of both - source provenance and managed and verified build process. This is something that will make Airflow one of the first projects in the ASF to make sort of a "golden standard" for supply-chain attack prevention (following the recent outbreak of things like xz ( https://en.wikipedia.org/wiki/XZ_Utils_backdoor), or more recent shai-hulud attack - self-replicating worm attacking 180+ packages ( https://www.trendmicro.com/en_us/research/25/i/npm-supply-chain-attack.html ). We are also working in the security team to tighten our security for our dependencies at release time as part of that effort. J. On Mon, Oct 27, 2025 at 9:17 AM Jarek Potiuk <[email protected]> wrote: > +1 (binding): checked reproducibility, signatures, checksums (licences not > needed as we are using already checked and released "airflow" sources to > generate all client code). > > I think there is a bit of discrepancy between the tag and release. I run a > reproducibility check and the code is slightly different (both .sdist and > whl are different). > > ├── apache_airflow_client-3.1.0.tar > │ ├── file list > │ │ @@ -164,15 +164,15 @@ > │ │ -rw-r--r-- 0 0 0 7140 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/task_instance_response.py > │ │ -rw-r--r-- 0 0 0 1374 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/task_instance_state.py > │ │ -rw-r--r-- 0 0 0 6436 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/task_instances_batch_body.py > │ │ -rw-r--r-- 0 0 0 3152 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/task_instances_log_response.py > │ │ -rw-r--r-- 0 0 0 3019 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/task_outlet_asset_reference.py > │ │ -rw-r--r-- 0 0 0 6362 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/task_response.py > │ │ -rw-r--r-- 0 0 0 3083 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/time_delta.py > │ │ --rw-r--r-- 0 0 0 3641 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/trigger_dag_run_post_body.py > │ │ +-rw-r--r-- 0 0 0 3639 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/trigger_dag_run_post_body.py > │ │ -rw-r--r-- 0 0 0 3101 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/trigger_response.py > │ │ -rw-r--r-- 0 0 0 2920 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/triggerer_info_response.py > │ │ -rw-r--r-- 0 0 0 2997 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/update_hitl_detail_payload.py > │ │ -rw-r--r-- 0 0 0 3299 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/validation_error.py > │ │ -rw-r--r-- 0 0 0 5081 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/validation_error_loc_inner.py > │ │ -rw-r--r-- 0 0 0 5140 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/value.py > │ │ -rw-r--r-- 0 0 0 3159 2025-09-23 20:07:31.000000 > apache_airflow_client-3.1.0/airflow_client/client/models/variable_body.py > │ ├── > apache_airflow_client-3.1.0/airflow_client/client/models/trigger_dag_run_post_body.py > │ │ @@ -58,15 +58,15 @@ > │ │ * Fields in `self.additional_properties` are added to the > output dict. > │ │ """ > │ │ excluded_fields: Set[str] = set(['additional_properties']) > │ │ _dict = self.model_dump(by_alias=True, > exclude=excluded_fields, exclude_none=True) > │ │ if 'logical_date' not in _dict: > │ │ _dict['logical_date'] = None > │ │ if self.additional_properties is not None: > │ │ - for (_key, _value) in self.additional_properties.items(): > │ │ + for _key, _value in self.additional_properties.items(): > │ │ _dict[_key] = _value > │ │ return _dict > │ │ > │ │ @classmethod > │ │ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> > Optional[Self]: > │ │ """Create an instance of TriggerDAGRunPostBody from a dict""" > │ │ if obj is None: > > I am not sure how the client was generated - and where the difference came > from - either different generator or our post-processing code (we > post-process the generated code to fix some of the generator issues -> > https://github.com/apache/airflow/pull/50704 - or maybe that is a > "black/ruff" formatting issue with different version of ruff/black > used? But the difference is insignificant enough and easily manually > verifiable, so that's not a reason for -1 (reproducibility for now is > optional check that can be followed by inspecting the differences). > > J. > > > On Mon, Oct 27, 2025 at 2:16 AM Kaxil Naik <[email protected]> wrote: > >> Aah, yes thanks Jens. Files have been pushed. >> >> On Sun, 26 Oct 2025 at 18:00, Jarek Potiuk <[email protected]> wrote: >> >> > Ah.. I missed this one. Yeah - we need those. >> > >> > On Sun, Oct 26, 2025 at 6:56 PM Jens Scheffler <[email protected]> >> > wrote: >> > >> > > Hi Kaxil, >> > > >> > > finally wanted to make my PMC duties and check release but needed to >> > > realize that ASC and SHA512 files are missing/not uploaded. Can you >> > > please push them to SVN for validation? >> > > >> > > Jens >> > > >> > > On 22.10.25 22:26, Kaxil Naik wrote: >> > > > Hey fellow Airflowers, >> > > > >> > > > I have cut the first release candidate for the Apache Airflow Python >> > > Client >> > > > 3.1.0. >> > > > This email is calling for a vote on the release, >> > > > which will last for 72 hours. Consider this my (binding) +1. >> > > > >> > > > Airflow Client 3.1.0rc1 is available at: >> > > > >> > https://dist.apache.org/repos/dist/dev/airflow/clients/python/3.1.0rc1/ >> > > > >> > > > The apache_airflow_client-3.1.0.tar.gz is an sdist release that >> > contains >> > > > INSTALL instructions, and also >> > > > is the official source release. >> > > > >> > > > The apache_airflow_client-3.1.0-py3-none-any.whl is a binary wheel >> > > release >> > > > that pip can install. >> > > > >> > > > Those packages do not contain .rc* version as, when approved, they >> will >> > > be >> > > > released as the final version. >> > > > >> > > > The rc packages are also available at PyPI (with rc suffix) and you >> can >> > > > install it with pip as usual: >> > > > https://pypi.org/project/apache-airflow-client/3.1.0rc1/ >> > > > >> > > > Public keys are available at: >> > > > https://dist.apache.org/repos/dist/release/airflow/KEYS >> > > > >> > > > Only votes from PMC members are binding, but all members of the >> > community >> > > > are encouraged to test the release and vote with "(non-binding)". >> > > > >> > > > The test procedure for PMC members is described in: >> > > > >> > > >> > >> https://github.com/apache/airflow/blob/main/dev/README_RELEASE_PYTHON_CLIENT.md#verify-the-release-candidate-by-pmc-members >> > > > >> > > > The test procedure for contributors and members of the community who >> > > would >> > > > like to test this RC is described in: >> > > > >> > > >> > >> https://github.com/apache/airflow/blob/main/dev/README_RELEASE_PYTHON_CLIENT.md#verify-the-release-candidate-by-contributors >> > > > >> > > > *Changelog*: https://github.com/apache/airflow-client-python >> > > > /blob/3.1.0rc1/CHANGELOG.md >> > > > >> > > > Regards, >> > > > Kaxil >> > > > >> > > >> > > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: [email protected] >> > > For additional commands, e-mail: [email protected] >> > > >> > > >> > >> >
