This guide will help you get started with developing ATR. For detailed technical documentation, see the Developer Guide.
ATR can be developed on Linux or macOS. Windows and other platforms are not supported. This is because ATR's build scripts and test harnesses use POSIX shell, Docker volume mounts behave differently on Windows, and several tools (mkcert, cmark) have platform-specific considerations.
Required (install manually):
- Git - For cloning the repository
- Python 3.13 - The runtime for ATR (can be installed via uv)
- uv - Python package manager (installation guide)
- Docker or Podman - For containerized development (recommended)
- mkcert - For local TLS certificates (if running directly)
- make - POSIX-compliant make utility
- biome - For JavaScript/TypeScript linting (installation guide)
- cmark - CommonMark processor (optional, for rebuilding documentation)
Installed via uv sync: pre-commit, ruff, pyright, playwright, and other dev/test tools (see pyproject.toml).
Alpine Linux:
apk add cmark curl git make mkcert@testing
curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR="/usr/local/bin" sh
uv python install 3.13macOS (Homebrew):
brew install cmark mkcert
curl -LsSf https://astral.sh/uv/install.sh | sh
rehash
uv python install 3.13There are two ways to run the server: in a container (recommended) or directly. Do not use both methods simultaneously - they share the same state directory and will conflict.
The easiest way to run ATR with all dependencies (CycloneDX, syft, Apache RAT for SBOM generation and license checking):
# Clone your fork
git clone https://github.com/YOUR_USERNAME/tooling-trusted-releases.git
cd tooling-trusted-releases
# Create state directory and start
mkdir -p state
docker compose up --buildThe first build takes several minutes. Subsequent runs are faster due to caching.
Visit https://127.0.0.1:8080/ and accept the self-signed certificate.
The container:
- Runs in test mode (
TESTS=1) with mock authentication - Mounts
atr/for live code changes without rebuilding - Auto-reloads when files change
Optional LDAP credentials (for rsync writes and certain tasks):
LDAP_BIND_DN=dn LDAP_BIND_PASSWORD=pass docker compose up --buildUseful container commands:
docker compose exec atr bash # Shell in running container
docker compose run --rm atr bash # Start container with shell (not ATR)
docker compose down # Stop the serverFor faster iteration without containers:
# Clone your fork
git clone https://github.com/YOUR_USERNAME/tooling-trusted-releases.git
cd tooling-trusted-releases
# Install Python dependencies
uv sync --frozen --all-groups
# Create state directory and certificates
mkdir -p state
make certs-local
# Start the server
make serve-localTo add your username as an administrator of ATR during testing, you can set the ADMIN_USERS_ADDITIONAL environment variable in the call to make. For example: ADMIN_USERS_ADDITIONAL=alice make serve-local. This is a comma separated variable, so to add alice and bob you can use ADMIN_USERS_ADDITIONAL=alice,bob.
Accessing the site:
We recommend using localhost.apache.org, which requires adding to /etc/hosts:
127.0.0.1 localhost.apache.org
Then visit: https://localhost.apache.org:8080/
Alternatively, use https://127.0.0.1:8080/ without modifying hosts.
Note: Pick one host and stick with it - logging in on one host doesn't log you in on another.
Why TLS is required: ATR uses the actual ASF OAuth server for login, even in development. This keeps development behavior aligned with production.
Initial startup: It takes 1-2 minutes to fetch committee and project information from the ASF website. Until complete, no existing committees/projects will appear.
-
Set up pre-commit hooks:
uv run pre-commit --frozen install
-
Run code checks:
make check # Full checks make check-light # Quick checks
-
Run tests:
sh tests/run-playwright.sh # Browser tests with Docker Compose sh tests/run-e2e.sh # End-to-end tests
-
Build documentation:
make docs
| Target | Description |
|---|---|
make serve-local |
Run server locally with debug mode |
make check |
Run all pre-commit checks |
make check-light |
Run quick pre-commit checks |
make docs |
Build documentation |
make build-alpine |
Build the Alpine container |
make run-playwright |
Run browser tests |
See BUILD.md for the complete list of build targets.
tooling-trusted-releases/
├── atr/ # Main application source code
│ ├── api/ # API endpoints
│ ├── db/ # Database interfaces
│ ├── docs/ # Documentation (Markdown)
│ ├── get/ # GET route handlers
│ ├── models/ # Data models (SQLModel/Pydantic)
│ ├── post/ # POST route handlers
│ ├── shared/ # Shared route handler code
│ ├── storage/ # Storage interface
│ ├── tasks/ # Background task definitions
│ └── templates/ # Jinja2 templates
├── playwright/ # Browser test scripts
├── scripts/ # Build and utility scripts
├── state/ # Runtime state (created at runtime)
└── tests/ # Test configuration and e2e tests
- Overview of the Code - High-level architecture
- Running and Creating Tests - Testing guide
- Code Conventions - Style guidelines
- Contributing - How to contribute code
- Build Guide - Complete build targets reference
If you encounter TLS certificate problems when running directly:
- Ensure
mkcertis installed and runmake certs-local - You may need to run
mkcert -installto trust the local CA - See the mkcert documentation for platform-specific guidance
Security note:
mkcert -installcreates a CA valid for 10 years for your system, Java, and Firefox. If the private key (rootCA-key.pemin the directory shown bymkcert -CAROOT) is ever leaked, anyone could create certificates trusted by your system. See the mkcert caveats.
If Docker Compose fails:
# Clean up and rebuild
docker compose down -v
docker compose build --no-cache
docker compose upDevelopers without LDAP credentials can cache session information:
- Visit
/user/cache - Press the "Cache me!" button
- Restart the server to clear the authorization cache if needed
This writes your session to the ATR state directory, which is consulted instead of LDAP. This feature only works in debug mode (make serve-local).