Separate builds for source and docs due to dependency differences
Closed this issue · 1 comments
sethmlarson commented
The builds for the documentation need to pull in many more dependencies, from both PyPI and apt. Once the source and docs builds have been moved to GitHub Actions the two should be separated so as not to allow a compromise of a docs dependency to affect the more important source artifact builds.
Requires: #66
From naively building a Docker container for ubuntu:22.04 and running the install scripts as they are in GitHub Actions we see (using Syft):
- 843 dependencies for docs and source: source-and-docs-deps.txt
- 171 dependencies for source source-deps.txt
sethmlarson commented
I separated the source and docs builds and attempted running each release stream:
- 3.13.0a6: https://github.com/sethmlarson/release-tools/actions/runs/8849259492
- 3.12.3: https://github.com/sethmlarson/release-tools/actions/runs/8839730786
- 3.11.9: https://github.com/sethmlarson/release-tools/actions/runs/8849267270
- 3.10.14: https://github.com/sethmlarson/release-tools/actions/runs/8849271993
- 3.9.19: https://github.com/sethmlarson/release-tools/actions/runs/8849275358
- 3.8.19: https://github.com/sethmlarson/release-tools/actions/runs/8848756395