[
https://issues.apache.org/jira/browse/BEAM-4802?focusedWorklogId=125920&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-125920
]
ASF GitHub Bot logged work on BEAM-4802:
----------------------------------------
Author: ASF GitHub Bot
Created on: 23/Jul/18 08:11
Start Date: 23/Jul/18 08:11
Worklog Time Spent: 10m
Work Description: charlesccychen commented on a change in pull request
#499: [BEAM-4802] Update the contribution guide (Dependency section)
URL: https://github.com/apache/beam-site/pull/499#discussion_r204313771
##########
File path: src/contribute/dependencies.md
##########
@@ -44,14 +44,25 @@ One common solution for the diamond dependency problem is
[semantic versioning](
A big part of keeping dependencies up to date involves identifying outdated
dependencies of Beam that the community should try to upgrade.
-Beam currently executes a weekly Jenkins job that tries to identify outdated
dependencies for various SDKs. This Jenkins job generates a weekly report that
is shared in Beam dev list. In the future we hope to automatically create JIRAs
based on this report.
+Beam currently executes a weekly Jenkins job that tries to identify outdated
dependencies for various SDKs. This Jenkins job generates a weekly report that
is shared in Beam dev list.
In addition to this, Beam community members might identify other critical
dependency updates that have to be manually performed. For example,
* A minor release of a dependency due to a critical security vulnerability.
* A dependency conflict that was was triggered by a minor version release of a
Beam dependency (this does not apply to Java SDK that depends on exact minor
versions of dependencies).
These kind of urgently required upgrades might not get automatically picked up
by the Jenkins job for few months. So Beam community has to act to identify
such issues and perform upgrades early.
+## JIRA Automation
+
+In order to track the dependency upgrade process, JIRA tickets will be created
per significant outdated dependency base on the report. A bot named *Beam Jira
Bot* was created for managing JIRA issues. Beam community agrees on the
following policies that creates and updates issues.
+* Issues will be named as "Beam Dependency Update Request: <dep_name>
<dep_newest_version>".
+* Issues will be created under the component *"dependencies"*
+* Issues will be assigned to the primary owner of the dependencies, who are
mentioned in the dependency ownership files. ([Java Dependency
Owners](https://github.com/apache/beam/blob/master/ownership/JAVA_DEPENDENCY_OWNERS.yaml)
and [Python Dependency
Owners](https://github.com/apache/beam/blob/master/ownership/PYTHON_DEPENDENCY_OWNERS.yaml))
+* If more than one owners found for a dependency, the first owner will be
picked as the primary owner, the others will be pinged in the issue's
description.
+* If no owners found, leave the assignee empty. The component lead is
responsible for triage the issue.
Review comment:
"triaging"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 125920)
Time Spent: 1h (was: 50m)
> Update "Dependency" section of the Contribution Guide
> -----------------------------------------------------
>
> Key: BEAM-4802
> URL: https://issues.apache.org/jira/browse/BEAM-4802
> Project: Beam
> Issue Type: Bug
> Components: dependencies
> Reporter: yifan zou
> Assignee: yifan zou
> Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
