v0.36.0 git tag associated with wrong commit. Doesn't match source in PyPI #4754
Comments
|
Unfortunately, there was an issue with that release, which explains the discrepancy. We've reconciled this for others though. Apologies for the inconvenience. |
|
I see. Can you move the git tag to the correct commit so it’s possible to examine the source in GitHub? |
|
I took a look and unfortunately I can't trivially do so. I'd recommend https://pypi.org/project/feast/0.37.1/ which was the release we were able to make correctly which corresponds to https://github.com/feast-dev/feast/releases/tag/v0.37.1 |
|
Thanks, can't you just force push the git tag to move it with a command like |
|
Do you happen to know which commit is the one published to pypi? I do know how to tag the commit, it's finding the right one that's the challenge. |
|
I don’t know. I thought the maintainers of this repo would haha |
|
You could try to match the hashsums assuming whoever published it did it from an actual commit and not a dirty branch. |
|
The problem is the published version to PyPi is different than what exists on GitHub so swapping it won't work either. I believe the commit is https://docs.google.com/document/d/1KX-rqre2x9obyHjKYzSYkg0et1_4nLOD5u75ls5q09o/edit?tab=t.0#heading=h.vtw6pppn20bd Unfortunately this was a botched release by me (sorry!) and I don't exactly recall what happened but I don't have the permission in PyPi to remove or revoke that PyPi release. Updating the tag would change the existing tag which I believe is what was pushed to docker, so we have a broken 0.36 and our view was to just advise people to move to 0.37.1 instead of using 0.36.0 because we weren't able to get the PyPi permissions to lock it down. |
|
Apologies for the inconvenience here, but things are much more stable now 😅 |
|
No worries. Thanks for looking into this. You can maybe “yank” this version on PyPI so it has a warning and people don’t use. Just a suggestion tho. Otherwise, feel free to close this. |
Expected Behavior
I expect git tags associated with released versions to correspond to the commit that produced software artifacts for those versions in PyPI.
Current Behavior
Currently v0.36.0 has a protobuf requirement of
protobuf>=4.24.0,<5.0.0(permalink in case the tag moves). But when I download the sourcefeast-0.36.0.tar.gzfrom https://pypi.org/project/feast/0.36.0/#files, I seesetup.pyhasprotobuf<4.23.4,>3.20.Also the date that 0.36.0 was created in PyPI is Feb 17, 2024. The date of the git tag is April 15, 2024. 🤔
Steps to reproduce
See links in "current behavior."
The text was updated successfully, but these errors were encountered: