populace.data.contract: enforce the release artifact contract at the producer#12
Closed
PavelMakarchuk wants to merge 1 commit into
Closed
populace.data.contract: enforce the release artifact contract at the producer#12PavelMakarchuk wants to merge 1 commit into
PavelMakarchuk wants to merge 1 commit into
Conversation
…e producer The releases already on policyengine/populace-us disagree with each other: 1abddeb has no build_manifest.json and an unversioned release_manifest schema, while later releases carry schema_version 1. Every consumer was left to implement its own defensive filter. validate_release_dir() is the single gate: required files, manifest schema version, and build-id agreement between both manifests and the directory name — raising ReleaseContractError that names every violation at once. Verified against the real 9f1260b release (passes) and the real 1abddeb release (rejected with six named failures). Fixes #11. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Contributor
|
Superseded by #37, which merged the release artifact contract into main with the latest pointer, calibration diagnostics, stricter validation, and CI coverage. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #11.
What
Adds
populace.data.contract— the single gate every release must pass before publishing:build_manifest.json,release_manifest.json,sound_ecps_replacement_comparison.json.release_manifest.jsonmust carryschema_version == 1; unversioned manifests (the 1abddeb-era shape) are rejected by name.releases/<build_id>directory name about which build this is.artifactsentry must carrypath,repo_id,sha256.validate_release_dir()raisesReleaseContractErrornaming every violation at once — a publisher sees the full repair list, not one failure per run.Why
The three releases on
policyengine/populace-usare mutually inconsistent:1abddebhas no build manifest and an unversioned release-manifest schema, while later releases carryschema_version: 1. Every consumer was re-implementing its own defensive filter (the calibration-diagnostics dashboard literally filters to releases containingbuild_manifest.json). The charter makes "stage manifests are load-bearing" a binding rule; the contract belongs with the producer.Testing
9f1260brelease passes, the real1abddebrelease is rejected with six named failures.ruff checkclean.uv build --wheel packages/populace-datasucceeds.Not in this PR
1abddebrelease on the Hub is a repo-curation call — flagged in Define and enforce a release artifact contract for populace-us (releases differ in files and manifest schema) #11 for the steward.🤖 Generated with Claude Code