{"id":34701774,"url":"https://github.com/hubmapconsortium/pipeline-release-mgmt","last_synced_at":"2026-05-26T15:32:39.041Z","repository":{"id":98320155,"uuid":"265671582","full_name":"hubmapconsortium/pipeline-release-mgmt","owner":"hubmapconsortium","description":null,"archived":false,"fork":false,"pushed_at":"2025-03-05T16:19:44.000Z","size":51,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-12-26T10:53:13.870Z","etag":null,"topics":["ot2od030545"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hubmapconsortium.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-05-20T19:48:01.000Z","updated_at":"2025-06-24T13:21:25.000Z","dependencies_parsed_at":"2025-03-05T17:24:04.201Z","dependency_job_id":"1e6e1047-c4ee-44e1-9150-f4ce37a20980","html_url":"https://github.com/hubmapconsortium/pipeline-release-mgmt","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/hubmapconsortium/pipeline-release-mgmt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubmapconsortium%2Fpipeline-release-mgmt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubmapconsortium%2Fpipeline-release-mgmt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubmapconsortium%2Fpipeline-release-mgmt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubmapconsortium%2Fpipeline-release-mgmt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hubmapconsortium","download_url":"https://codeload.github.com/hubmapconsortium/pipeline-release-mgmt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubmapconsortium%2Fpipeline-release-mgmt/sbom","scorecard":{"id":471957,"data":{"date":"2025-08-11","repo":{"name":"github.com/hubmapconsortium/pipeline-release-mgmt","commit":"8dd5d753a61ce5945ed69915aef2a67f2518c54f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 1/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T14:08:38.994Z","repository_id":98320155,"created_at":"2025-08-19T14:08:38.994Z","updated_at":"2025-08-19T14:08:38.994Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33527577,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"ssl_error","status_checked_at":"2026-05-26T15:22:15.568Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ot2od030545"],"created_at":"2025-12-24T22:53:00.419Z","updated_at":"2026-05-26T15:32:39.036Z","avatar_url":"https://github.com/hubmapconsortium.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":".. image:: https://travis-ci.com/hubmapconsortium/salmon-rnaseq.svg?branch=master\n    :target: https://travis-ci.com/hubmapconsortium/pipeline-release-mgmt\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n    :target: https://github.com/psf/black\n\nHuBMAP pipeline release management\n==================================\n\nOverview\n--------\n\nThis package provides a convenience script which automates some aspects of\ntagging and releasing production-ready versions of HuBMAP computational\nanalysis pipelines.\n\nInstallation\n------------\n\nRun ``python3 -m pip install hubmap-pipeline-release-mgmt``.\n\nUsage\n-----\n\nOnce the package is installed, navigate to a repository containing a\npipeline, and ensure that the main branch is what you would like\nto release as a new tagged version, including the *committed* state of any\nsubmodules. (See Configuration_ for setting persistent configuration\nparameters globally or for each pipeline, including the name of the \"main\"\nbranch.)\n\nChoose a new version number (preferably starting with ``v``), like ``v1.0``,\nand run::\n\n  tag_release_pipeline v1.0\n\nMost of the script is automated, but Git will ask you for a tag message (by\nopening a text editor) unless a tag message is given as an argument to this\nscript via the ``--tag-message`` argument.\n\nTo sign Git tags with GPG, append ``--sign`` (and if you want to sign with\na non-default key, add ``--sign=preferred@email.address``).\n\n(Your local main branch can be behind or ahead of its remote version\n-- if behind, it will be updated with ``git pull``, and if ahead\nthe remote branch will be updated with ``git push``. Your main branch\nand its remote version cannot have *diverged*, however; ``tag_release_pipeline``\nwill abort if this is the case.)\n\nThe ``tag_release_pipeline`` script makes several assumptions about the state\nof your repository, and if these assumptions are violated, the script will\nprobably fail loudly and leave your local copy in an arbitrary state. Make sure\nyou have no local modifications for best results (though you shouldn't anyway,\nif preparing a release version of a pipeline).\n\nAt a high level, ``tag_release_pipeline`` does:\n\n* Checkout the main branch, pull/push so it and its remote version match\n* Checkout or create a release branch, ``git pull --ff-only`` if checking out\n  a local branch that already exists\n* Sync the main branch to the release branch -- note that this is *not* a\n  merge; the previous contents of the release branch are overwritten entirely\n* Update the content of all submodules to match the versions committed in the\n  main branch\n* Build all Docker images in ``docker_images.txt``, using the\n  ``multi-docker-build`` package\n* Tag all images as ``latest`` and with the new tag name\n* Push all Docker images/tags to Docker Hub\n* Update all CWL files to use tagged versions of any images built from the\n  pipeline repository (*i.e.* those listed in ``docker_images.txt``)\n* Commit the updated CWL files (on the release branch)\n* Tag the new commit, signed or not\n* Push the main and release branches, and the new tag\n\nOptions:\n\n--pretend   Don't run anything that would make any modifications to any Git\n            repositories or Docker images. This will still run\n            ``git branch -a`` to obtain the list of Git branches, however.\n            This will print all commands which would be run.\n\n--tag-message  (alias: ``-m``) Use this string as the tag message. This is\n               given to Git as the ``-m`` argument to ``git tag``, which stops\n               Git from asking for a tag message interactively.\n\n--sign      Sign the new tag with GPG using your default identity.\n\n--sign=identity    Sign the new tag with GPG, using the specified\n                   identity (email address).\n\n--no-push     Don't push anything to Docker Hub or the Git remote repository.\n              Everything will be committed, tagged, and built locally.\n\n--main-branch   Name of the main branch. Overrides the default (``master``)\n                and anything found in configuration files.\n\n--release-branch   Name of the release branch. Overrides the default (``release``)\n                   and anything found in configuration files.\n\n--remote-repository   Name of the remote repository. Overrides the default\n                      (``origin``) and anything found in configuration files.\n\nConfiguration\n-------------\n\nThis package uses the `confuse \u003chttps://confuse.readthedocs.io/en/latest/\u003e`_\nlibrary to read user and pipeline configuration. The default configuration\nspecifies branch names, the remote repository name, and whether to sign each\nrelease version of a pipeline, via the following contents of\n``config_default.yaml``::\n\n  main_branch: master\n  release_branch: release\n  remote_repository: origin\n  sign: false\n\nThis configuration can be overridden globally (affecting all usage of this\npackage) and separately for each repository. These configuration parameters\nare read in this order, with each source overriding earlier ones:\n\n1. Package default configuration shown above\n2. Global (user) configuration from ``~/.config/hubmap_pipeline_release_mgmt/config.yaml``\n   (on Linux)\n3. Pipeline configuration options, from ``pipeline_release_mgmt.yaml`` in the\n   base directory of the pipeline repository\n4. Command-line arguments passed to the ``tag_release_pipeline`` script\n\nFor example, to sign all Git tags by default with a specific GPG key, you could\ncreate the user configuration file noted above, containing::\n\n  sign: mruffalo@cs.cmu.edu\n\nThe default ``main_branch`` of ``master`` is likely to change in the near future.\n\nRequirements\n------------\n\nPython 3.6 or newer.\n\nThe following package dependencies should be automatically installed when\ninstalling via ``pip`` or ``python setup.py install``:\n\n* Version 0.7.1 or newer of the ``multi-docker-build`` PyPI package\n* `confuse \u003chttps://confuse.readthedocs.io/en/latest/\u003e`_, (recent) version\n  unimportant\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhubmapconsortium%2Fpipeline-release-mgmt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhubmapconsortium%2Fpipeline-release-mgmt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhubmapconsortium%2Fpipeline-release-mgmt/lists"}