Release 1.1.0

[mauritsvanrees]

I got this after releasing 1.1.0:

OK to push commits to the server? (Y/n)? 
INFO     remote: error: GH006: Protected branch update failed for refs/heads/main.                                                                                                                                                      
         remote: error: Organization mandated required workflow checks need to run succesfully to be able merge to this branch. Please push changes to a new branch and create a pull request to run the checks.                        
         To github.com:plone/plone.base.git                                                                                                                                                                                             
         ! [remote rejected] main -> main (protected branch hook declined)                                                                                                                                                              
         error: failed to push some refs to 'github.com:plone/plone.base.git'                                                                                                                                                           
INFO     To github.com:plone/plone.base.git                                                                                                                                                                                             
         * [new tag]         1.1.0 -> 1.1.0                                                                                                                                                                                             
INFO     Finished full release.

As release manager I should be able to push. I can make this PR for now, and will merge it myself immediately.

[mister-roboto]

@mauritsvanrees thanks for creating this Pull Request and helping to improve Plone!

TL;DR: Finish pushing changes, pass all other checks, then paste a comment:

@jenkins-plone-org please run jobs

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically.

Happy hacking!

[gforcada]

🤦🏾 so on repositories with the shared workflow we can not push to master directly? 😕 that does not sound that helpful... I mean, yes, it does its job, but not being able to go around them at all seems unpractical 🤔

@gotcha mentions reusable workflows as an alternative to the shared workflow... this means that we need to add a workflow file on all repositories (even if minimal) that ends up calling the generic one... not sure if that would still prevent anyone to push to main branches though

[davisagli]

so on repositories with the shared workflow we can not push to master directly?

This appears to be related to a change that github made on Friday: https://github.blog/changelog/2023-03-10-github-actions-required-workflows-improvements/

I can sort of understand the reasoning (if some checks are required, then you don't want to give a way to bypass the checks) but I am surprised there is no consideration of a way to bypass it in selected situations for things like release automation.

[mauritsvanrees]

I wonder why the test gh-action did not run on this PR. Ah, of course: it has [ci skip] in the commits. Okay, I merge.

[mauritsvanrees]

Well, no I can't merge, even as admin.

[mauritsvanrees]

I need to go now, and am back only later in the evening.

@gforcada There was one PR in a package for which we needed a newer plone.base. I have updated https://dist.plone.org/release/6.0-dev/constraints.txt and versions.cfg.

[gforcada]

I disabled the workflow for this repository and then we can merge 🤔

Either we adapt our tooling (zest.releaser) or we stop using this organization level and use the reusable workflows approach 🤔

@mauritsvanrees thanks, I will re-run the jobs 🙇🏾

[mauritsvanrees]

I once defined a reusable workflow in collective/.github. I tried using that in collective.multisearch, but after many failed tries I gave up and went with an action instead. You can get the number of lines in a repo down with a centrally defined action.

[mauritsvanrees]

I think my release problems with plone.base are because the main branch has extra protection. See https://github.com/plone/plone.base/settings/branch_protection_rules/25107091

I am not completely sure what to change. Maybe "Restrict who can push to matching branches"?

[davisagli]

@mauritsvanrees In general users with the Admin permission level (including organization Owners) can bypass the branch restrictions unless the "Do not allow bypassing the above settings" checkbox is checked. So I don't think the branch protection rules are the problem for you.

I think the problem is this new restriction based on the org-level required workflows, which seems to not allow bypassing by admins.

[mauritsvanrees]

I released plone.batching today without problems. It is in the list of repos using the required workflow, but it has no branch protection rules.

There is a discussion in zope/meta about this restriction too.

I am going to switch on "Restrict who can push to matching branches". This sounds to me like it should only take away rights for some people, but I think it also grants the pushing right to some others. I think we must switch this on when "Require a pull request before merging" is on, which it is for the plone.base repo. Here are the settings, I only switched it on and did not change anything else:

[davisagli]

@mauritsvanrees sure, let's see if that makes a difference.