-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v0.36.0 git tag associated with wrong commit. Doesn't match source in PyPI #4754
Comments
Unfortunately, there was an issue with that release, which explains the discrepancy. We've reconciled this for others though. Apologies for the inconvenience. |
I see. Can you move the git tag to the correct commit so it’s possible to examine the source in GitHub? |
I took a look and unfortunately I can't trivially do so. I'd recommend https://pypi.org/project/feast/0.37.1/ which was the release we were able to make correctly which corresponds to https://github.com/feast-dev/feast/releases/tag/v0.37.1 |
Thanks, can't you just force push the git tag to move it with a command like |
Do you happen to know which commit is the one published to pypi? I do know how to tag the commit, it's finding the right one that's the challenge. |
I don’t know. I thought the maintainers of this repo would haha |
You could try to match the hashsums assuming whoever published it did it from an actual commit and not a dirty branch. |
The problem is the published version to PyPi is different than what exists on GitHub so swapping it won't work either. I believe the commit is https://docs.google.com/document/d/1KX-rqre2x9obyHjKYzSYkg0et1_4nLOD5u75ls5q09o/edit?tab=t.0#heading=h.vtw6pppn20bd Unfortunately this was a botched release by me (sorry!) and I don't exactly recall what happened but I don't have the permission in PyPi to remove or revoke that PyPi release. Updating the tag would change the existing tag which I believe is what was pushed to docker, so we have a broken 0.36 and our view was to just advise people to move to 0.37.1 instead of using 0.36.0 because we weren't able to get the PyPi permissions to lock it down. |
Apologies for the inconvenience here, but things are much more stable now 😅 |
No worries. Thanks for looking into this. You can maybe “yank” this version on PyPI so it has a warning and people don’t use. Just a suggestion tho. Otherwise, feel free to close this. |
Expected Behavior
I expect git tags associated with released versions to correspond to the commit that produced software artifacts for those versions in PyPI.
Current Behavior
Currently v0.36.0 has a protobuf requirement of
protobuf>=4.24.0,<5.0.0
(permalink in case the tag moves). But when I download the sourcefeast-0.36.0.tar.gz
from https://pypi.org/project/feast/0.36.0/#files, I seesetup.py
hasprotobuf<4.23.4,>3.20
.Also the date that 0.36.0 was created in PyPI is Feb 17, 2024. The date of the git tag is April 15, 2024. 🤔
Steps to reproduce
See links in "current behavior."
The text was updated successfully, but these errors were encountered: