Proposal for Pinax Distribution Versioning

[jtauber]

Unlike monolithic open source projects like Django or Python, Pinax is collection of separately developed components with complex dependency relationships. In many respects, it's more akin to something like Ubuntu than a project like Django.

I'm proposing we do (potentially time-based) releases of "Pinax distributions", so there'd be (to borrow from Ubuntu's numbering) a "Pinax 16.4" which would just be a certain combination of apps, themes, and starter projects.

This would enable us to have a support policy, a minimum bar for documentation and localization, etc that just applies at the "distribution" level, not the individual app level.

Work could freely happen on apps, themes, and starter projects at any time but there'd be some documented process and timeline (TBD) to snapshot particular versions of each of these components to become a versioned Pinax distribution.

[paltman]

👍

[jtauber]

one requirement of a pinax distribution release is documenting how to upgrade

[jtauber]

so rather than a combinatorial explosion of upgrade instructions, we'd just publish upgrade instructions for each distribution

[brosner]

One of the larger problems I find I face when working on apps is how we version them. With our move to semver this becomes a non-issue. Here's a current brain dump of my line of thinking including some questions.

The various changes we make to repos are:

• features (both backward-compatible and incompatible)
• bug fixes (both backward-compatible and incompatible)

Based on the @paltman description of how he releases Pinax apps we have:

X.Y.Z

• where X is bumped when a change(s) land that break backward compatibility or are very large (chances are pretty high they are breaking)
• where Y are new features that don't break any compatibility.
• and where Z are bug fixes

Security patches would likely fall in a Z bump, but in the rare case of a backward-incompatible change to fix a security bug, do we bump X or Z? I suppose following this strictly, we should bump X.

Once an app is tagged to a distribution that has a support policy we need to consider how the versioning works there too. Any changes to the version pinned to a distribution are going to backward-compatible, but we need to consider the cases where a change must be made that is backward-incompatible (likely in the name of security.)

We'll need to come up with a git flow for this. @paltman if you already have one, I'd love to hear about it. I feel it should be a simple branching and tagging process that corresponds to distribution versions as I don't think we'll have any support policies for individual apps outside of what we do with distributions.

App versions should be PEP 440 compatible. This is easy enough, but we do want to consider the version of unreleased code. Let's say a maintainer adds a new feature and releases it. When did the maintainer update the version in the repo? Historically we bump the version right before the release to the correct released version then once after the release to indicate development towards the next release. What does the latter version look like? I am thinking if we release 1.0 of X then the next version after release is 1.1.dev1 then 1.1 or 2.0 given the kind of changes after 1.0. This ensures that if a git repo is installed with -e we have a unique version outside of the released versions.

[jtauber]

http://semver.org

[brosner]

I've read semver before, but thanks for smacking me with a refresher. It looks like I largely hit the nail on the head. The answer to the security change versioning when the change is backward-incompatible seems to be to just bump the major version. However the question remains on how this is handled at the distribution level if changes happened to the app after the tagged distribution version.

The only thing that is incompatible with my proposal are the build metadata. The specified way in semver is not PEP 440 compatible. I think we should stick with my proposal so we have correctly ordered versioning.

[paltman]

I only ever bump release number right before cutting the release to PyPI as I never know if the next release is going to be X, Y, or Z. After release, I don't bump anything. I do tag with the version number and push the tag, to make it easier to track release diffs and to be an easy to find SHA to branch from should we need to patch a release.

Now, I haven't been fully consistent with the tagging and should be better about it but this process has served me well. I often pip install -e to work on apps but the non-unique version number never gets in my way as part of the process of working on an app, is I just pip uninstall <package_name> first.

[brosner]

It doesn't matter what the next release is going to be. It just needs to be greater than the current release and less than the next release. X.Y.Z.devN is perfect for that. N will always be 1 in our case.

It's more than just our workflow with the version. If a user is using a development version, but the versions string is wrong it can get confusing in error reports. Also, it bothers me that the version string is extremely misleading.

I had brought this up before and we did agree to it (hence why I said historically.) I guess we all didn't implement it in our workflows. ;-)

[paltman]

But in your example above you say after releasing 1.0 you'd update the version number to 1.1.dev1, how do you know it's going to be 1.1 (a feature) versus 1.0.1 a bug fix as the next release? Seems wrong to do 1.1.dev1 and then do a bug fix and release 1.0.1.

[brosner]

You don't ever release 1.1.dev1. It is just to give the code in the repository a different version than a released version. So, there's nothing wrong about it. It doesn't have to be 1.1.0.dev1. If 1.0.1.dev1 makes it feel less wrong then we can go with that.

[jtauber]

I'm wondering if the way forward on this is to shoot for, say, a 16.4 release with a very small subset of starter projects and their apps. Perhaps even just zero and account.

I think the discussion questions are:

1. what date do we shoot for? April 2016?
2. what starter projects and apps do we include?
3. what state do the apps and projects need to be in in terms of tests, documentation to be included?
4. what should the deadlines leading up to the final release?

[jtauber]

I wonder if it's reasonable to say that the apps/themes have to be feature complete in February and the starter projects feature complete in March.

[jtauber]

Perhaps we decide 3 and 4 before 2 and the starter projects and apps included are those that make the cut in time.

[paltman]

@jtauber i think this is a reasonable approach. i think documentation is paramount for anything we want to consider in a release. it's hard to have a good metric for doc completeness but I think it's easy to know when you see it.