Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Develop a process for keeping metadata.SPECIFICATION_VERSION up-to-date #1598

Closed
joshuagl opened this issue Sep 30, 2021 · 1 comment · Fixed by #1760
Closed

Develop a process for keeping metadata.SPECIFICATION_VERSION up-to-date #1598

joshuagl opened this issue Sep 30, 2021 · 1 comment · Fixed by #1760
Labels
backlog Issues to address with priority for current development goals

Comments

@joshuagl
Copy link
Member

Description of issue or feature request:

tuf.api.metadata.SPECIFICATION_VERSION is currently 1.0.19, latest TUF spec is 1.0.25. The larger these differences become, the more of a chore it is to ensure we are fully compliant with new specification versions.

Let's develop a process for ensuring we frequently assess new spec versions, make changes to python-tuf where appropriate, and keep tuf.api.metadata.SPECIFICATION_VERSION up-to-date.

I think the ideal would be some GitHub Actions automation that monitors the specification releases and files issues to trigger a manual comparison, but in the short-term we could simply add a step to the release checklist?

Current behavior:

  • Updating tuf.api.metadata.SPECIFICATION_VERSION requires remembering to check spec releases and reviewing all changes in bulk
  • tuf.api.metadata.SPECIFICATION_VERSION is several releases behind the specification

Expected behavior:

  • Monitoring the spec and making appropriate changes to python-tuf is a standard part of the development process
  • tuf.api.metadata.SPECIFICATION_VERSION is up-to-date with the specification
@joshuagl joshuagl mentioned this issue Oct 5, 2021
Open
@jku jku added the backlog Issues to address with priority for current development goals label Oct 13, 2021
@joshuagl joshuagl mentioned this issue Nov 11, 2021
Closed
@jku
Copy link
Member

jku commented Dec 9, 2021
edited
Loading

rough code to compare latest spec release tag to metadata api supported version number:

https://github.com/jku/python-tuf/blob/ci-check-spec-version/.github/workflows/spec-version.yml

something like this combined with code for "open new issue" from securesystemslib check-upstream-ed25519.yml should work

I'm not working on this right now: if someone wants to push this forward be my guest

kairoaraujo pushed a commit to kairoaraujo/python-tuf that referenced this issue Jan 7, 2022
Add to CI check for specification version.
faa9573 
This commit adds to the CI an automatic check for the TUF
specification version and compares it with the python-tuf metadata
API version.

If the version does not match and there is not a issue already open,
a new issue is opened.

Closes theupdateframework#1598

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
@kairoaraujo kairoaraujo mentioned this issue Jan 7, 2022
Merged
3 tasks
kairoaraujo pushed a commit to kairoaraujo/python-tuf that referenced this issue Jan 11, 2022
Add to CI check for specification version.
2f4565e 
This commit adds to the CI an automatic check for the TUF
specification version and compares it with the python-tuf metadata
API version.

If the version does not match and there is not a issue already open,
a new issue is opened.

Closes theupdateframework#1598

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
@jku jku closed this as completed in #1760 Jan 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog Issues to address with priority for current development goals
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add to CI check for specification version. kairoaraujo/python-tuf
2 participants
@jku @joshuagl