All new package releases must be requested for inclusion in a catalog. These requests ensure that only package releases that meet your catalog’s standards get approved. This article describes how requests can be made and reviewed.
Requesting package releases
A new package release can happen at several different points:
- From the development environment – While a developer is working on a repository, they can use Tidelift CLI to check for and request package releases that are not currently approved in the catalog.
- After a build is blocked – With the Tidelift Subscription integrated into a CI/CD pipeline, builds will fail if they use package releases not approved in the catalog. Developers will receive a link to an overview page and can request approval for these releases from there.
- Ad-hoc – Package releases can be manually requested at any time from the Catalog > Packages page in the Tidelift web application.
If a request for a new release contains no standards violations, this request is automatically approved. If, however, you want to manually review all new requests, including those without standards violations, you can enable the "Manual review required" standard on the Catalog > Standards page.
Catalog administrators must always manually review requests that violate standards (eg. a vulnerability that must be reviewed or a license that would not comply). The catalog administrator will be prompted to review each of the standards violations. The administrator can either resolve the violations and approve the request or deny the request.
The person requesting the package release will be notified via email when their request has been reviewed.