[ANN] TagBot: Creates tags and releases for your Julia packages when they're registered

#1

Hello! In anticipation of the new package registration system I’d like to announce Julia TagBot, which will handle your packages’ GitHub releases automatically.

It’s a GitHub App, so just install and forget about it — nothing else is required on your part.
The only prerequisite is that you actually use Registrator rather than manually creating registry PRs.

The app unfortunately requires repository write access, but there aren’t more granular permissions that can be granted for just releases.
If you’re concerned, please view the source code which is available here.
The only interaction with your repository is the release creation, which is handled by Google’s GitHub API library.

Edit: TagBot will not change your usage of Registrator at all, it only completes the previously manual task of creating GitHub releases for you (see this comment).

22 Likes
#2

Blockquote
Creates tags and releases for your Julia packages when they’re registered

So my package has to first be registered in order to use TagBot? Or how does it work? Is this then similar to Attobot but for the new registry?

#3

Registrator does not tag your repository, because it does not have write permissions (there were concerns about giving that permission to Registrator).
So with this, you install it, and then proceed to register packages as per usual with Registrator. When the PR that Registrator made is merged, TagBot will create a GitHub release. That is all.

TLDR:

  • TagBot does not update your Project.toml
  • TagBot does not register your packages for you
  • TagBot does not use Registrator for you
  • TagBot DOES create GitHub releases for you after you have used Registrator to register your package
4 Likes
#4

Could someone clarify what the process would be for people who do not wish to grant write access?

This whole registering process seems too complicated and split into too many parts at this point.

#5

If you do not want to grant write access, then you cannot install TagBot. You just use Registrator normally and create your releases manually if desired.

#6

In terms of the julia package systems, there’s no real reason to create a Github release and tags other than for symbolic reasons. In other words, for other people trying to browse different versions of your code having github tags and releases are nice to have.

In other words, it’s not essential, but it’s highly recommended for others trying to understand how your code has changed from version to version.

There’s a couple of confusing points and needed clarification. For the github tag/release system it is important that the tags and version number in Project.toml are the same, so you don’t confuse people when they browse to a specific tag on github, but see a different version in Project.toml (even though it is perfectly acceptable that the tag on github and the version number in project.toml differ).

TagBot solves this by automatically creating tags/releases with the correct version number.

2 Likes
#7

This is not entirely true. The package manager relies on content hashes. Tags make sure those hashes are reachable and persistent. Without a tag for a release it would be easy to make a mistake and e.g. force push a branch and then Pkg won’t be able to find the correct content. Therefore I would strongly recommend to either use TagBot or tag yourself.

4 Likes
#8

Just an FYI for people who have installed TagBot and are releasing packages: It doesn’t work yet because it depends on this PR. When it’s working, your releases should appear within seconds of the registry PR being merged.

#9

Hmm, I don’t see the bot kicking in?

1 Like
#10

Could you link the registry PR?

#11

Tag bot didn’t trigger for this PR, which I expected it to do.

#12

Thanks. Are you sure that you have properly installed the app and configured it to have permission to that specific repo? I have the following log:

POST https://api.github.com/repos/baggepinnen/MonteCarloMeasurements.jl/releases: 403 Resource not accessible by integration []

There is of course a chance that there is an authentication bug in one of my dependencies but I want to rule this out first.

#13

It looks set up

#14

Hm, thanks. I’ll look into it some more.

#15

I’ve found the issue, working on a fix now.

#16

I believe I have fixed the issue and deployed the fix. Sorry about this! It was a pretty silly mistake on my part.

#17

People who have installed TagBot will receive an email asking for new permissions. This is only to help find problems like above more easily.

1 Like
#18

Updated with the new permissions. Do we somehow now need to register a new tag to trigger the bot? (ref musm/SLEEF.jl hasn’t been updated)

#19

Nothing retroactive will happen, it’ll just work properly next time you tag. So this time around, you’ll need to do a manual tag.

Going forward you should see a notification of success or failure.

1 Like
#20

I updated a release by calling @JuliaRegistrator register() again before the pull request was merged to general. TagBot tagged a release from the initial commit however, so now the two are out of sync. So I’m not quite sure what to do now; I can’t seem to edit or delete the GitHub release. I’m thinking to just bump the version (I have some small changes to make anyway) and register again so at least the latest version doesn’t have this discrepancy.