We can automate the release signing, and get a role account on dist. It requires working pretty closely with the Apache infra team. https://infra.apache.org/release-signing.html#automated-release-signing
On 2023/10/30 19:10:50 Austin Bennett wrote: > This would be worth asking ASF Infra. I would hope that's something that > could be largely automated, though - if memory serves - we need a human to > choose to perform [ ex: trigger ] the release. > > That also invites how authentication is happening -- definitely I prefer > short-lived credentials, but unclear whether ASF has some sort of OIDC > provider [ ex: > https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect > ] > > On Mon, Oct 30, 2023 at 11:19 AM proton_mail_bridge > <jason_...@protonmail.com.invalid> wrote: > > > I’m working on automating some tasks for the release process. Does anybody > > know if we can get an apache service account such that a GitHub action can > > post builds to https://dist.apache.org/, or is that something that only a > > human can do? And if so, could such a service account be used for dev/, > > release/, and test/? > > > > - Jason >
