andrewmusselman opened a new pull request, #1165:
URL: https://github.com/apache/tooling-trusted-releases/pull/1165
## API to list PMCs approved for CI staging
Fixes #1151
### Summary
New public endpoint `GET /api/projects/ci-staging` that returns projects
configured for CI staging and committees that have evidence of CI usage.
Two signals are combined:
1. **Configuration** — projects with `github_repository_name` set in their
release policy (returned as `projects`)
2. **Evidence** — committees with automated signing keys whose
`primary_declared_uid` contains "Automated Release Signing" or "Services RM"
(returned as `evidence_committee_keys`)
Consumers join on `project.committee_key` to determine which projects have
both configuration and evidence.
### Changes
- `atr/models/api.py`: Add `CiStagingListResults` response model
- `atr/api/__init__.py`: Add `projects_ci_staging` endpoint and
`AUTOMATED_KEY_PATTERNS` / `APACHE_ORG_RE` constants
### Design decisions
- Follows existing api.py conventions: `Sequence[sql.Project]` for projects,
flat `Sequence[str]` for evidence keys, no custom sub-models
- Unauthenticated public endpoint, consistent with `/projects/list` and
`/committees/list`
- Evidence query mirrors the sqlite3 approach used to generate the initial
PMC list for CI onboarding
- Release policy is eagerly loaded so `github_repository_name` and
`github_repository_branch` are available on each project without a second
request
### Testing
Added a key to `atr.db` and checked for a response:
```bash
$ sqlite3 state/database/atr.db "INSERT INTO publicsigningkey (fingerprint,
algorithm, length, created, primary_declared_uid, secondary_declared_uids,
ascii_armored_key) VALUES ('deadbeef01234567890123456789012345678901', 22, 256,
'2026-01-01T00:00:00', 'Apache Test Automated Release Signing
<test.apache.org>', '[]', '-----BEGIN PGP PUBLIC KEY BLOCK-----\ntest\n-----END
PGP PUBLIC KEY BLOCK-----');"
Error: stepping, database is locked (5)
$ curl -k https://localhost:8080/api/projects/ci-staging | python3 -m
json.tool
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left Speed
100 106 100 106 0 0 3860 0 --:--:-- --:--:-- --:--:--
3925
{
"endpoint": "/projects/ci-staging",
"evidence_committee_keys": [
"test"
],
"projects": []
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
