I recall I even promised to do something, but I did not :-) automatically determine "which is latest 3.0.x" does not make much sense, it is stable branch, very conservative. we can stick to 3.0.7, for example. I do not expect any breaking change between 3.0.7 and 3.0.8
we can move "latest" to weekly, np. as for stable branches CI, I think them do not have to follow the same rules as development branch, we can have different matrix for stable and development. вт, 6 дек. 2022 г. в 19:37, William Lallemand <wlallem...@haproxy.com>: > Hello, > > We are experiencing difficulties with the way the CI matrix is > generated with the SSL libraries. > > As I already mentionned, I don't really like the "latest" keyword for > the OpenSSL version as it prevent us to have reproducible builds. > It updates versions without warning, even major ones. > > Since OpenSSL 3.1.0-aplha1 was released we are affected by the problem, > we stopped building with 3.0.x without noticing, and our internal CI for > the stable branches start failing because of that. Majour versions must > never change in the previous branches. > > What I suggest is to stop using "latest" for the "git push" CI, but > using it only in a separate CI (once a day/week I don't know). And only > use fixed version of the libraries on the CI so builds are not broken by > external components. Because in my opinion the "git push" CI is to test > our code, not the libraries. > > What do you guys think? > > -- > William Lallemand >
