We've had a couple of community contributions to SCIMple, so I'd like to get a release out.
Leading up to this release, I'd like to set up automated releases for SCIMple (possibly as a canary for other Directory projects, but that's TBD) *NOTE*: This does NOT replace the vote requirements! You can read the details here: https://infra.apache.org/release-signing.html#automated-release-signing Personally, I see few big benefits: - Remove toil - Release from trusted hardware - Requires builds to be reproducible *How this could work in practice:* 1. Release manager pushes a tag to git 2. CI (GitHub Actions) runs build and publishes artifacts to a Nexus Staging repo (replacing the need for the release manager to do it) 3. Release manager sends out a vote email ... Release process continues as normal *What is next:* - I don't think this needs a vote, but I'd like to get a general consensus. - Creation of a INFRA JIRA ticket to do the following: - ASF Infra sets up a signing key and adds it to our KEYS file ( https://dist.apache.org/repos/dist/release/directory/KEYS ?) - ASF Infra sets up secrets (not available to forks, etc) - I tweak the SCIMple build to watch for tags (probably something like tags matching `v\d.*` to avoid confusion any manual processes) - I cut a SCIMple release (1.0.0-M2) using the new process - If it works, great... if not I fall back to running it manually - Vote Thoughts?
