Skip to content

SimpleRisk 20260709-001 Release#145

Closed
simplerisk-core-sync[bot] wants to merge 1 commit into
masterfrom
update-20260709-001
Closed

SimpleRisk 20260709-001 Release#145
simplerisk-core-sync[bot] wants to merge 1 commit into
masterfrom
update-20260709-001

Conversation

@simplerisk-core-sync

Copy link
Copy Markdown

Automated version bump from code-development testing @ 51416c0e (bump_downstream_versions.yml). Review and merge as part of the 20260709-001 release.

@jsokol

jsokol commented Jul 12, 2026

Copy link
Copy Markdown
Member

Closing this automated version bump rather than merging it:

  • CI can't pass. All four image builds fail at the bundle download step — public/bundles/simplerisk-20260709-001.tgz returns 403 AccessDenied (the release bundle isn't published at that path), so the streaming curl … | tar xz fails. (The 20260519-001 bundle still returns 200, confirming it's this artifact specifically.)
  • Superseded by Verify the release bundle hash before extracting (both images) #141. This PR bumps the version on the old streaming-curl | tar Dockerfile — the exact lines Verify the release bundle hash before extracting (both images) #141 replaces with a download → verify-sha256 → extract step. Merging it as-is would regress that work.
  • The 20260709-001 release already shipped (images are deployed), so master's version string is catch-up history at this point.

Plan: land #141 (fail-closed bundle verification — which would make the missing-bundle case above a loud build failure instead of a silent one), then regenerate the version bump with make update_version VERSION=… on top, producing a CI-green Dockerfile that uses the verify script. That fresh bump replaces this one.

Separately worth checking: whether simplerisk-20260709-001.tgz was ever published to public/bundles/.

@jsokol jsokol closed this Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant