This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-atr-experiments.git
The following commit(s) were added to refs/heads/main by this push:
new 775f23a Add an implementation plan to the documentation
775f23a is described below
commit 775f23a1010b2deff3d659868ee2da4809b05be9
Author: Sean B. Palmer <s...@miscoranda.com>
AuthorDate: Wed Feb 19 14:43:00 2025 +0200
Add an implementation plan to the documentation
---
docs/plan.html | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
docs/plan.md | 114 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 273 insertions(+)
diff --git a/docs/plan.html b/docs/plan.html
new file mode 100644
index 0000000..fb5e91e
--- /dev/null
+++ b/docs/plan.html
@@ -0,0 +1,159 @@
+<h1>Implementation plan</h1>
+<p>This is a rough plan of immediate tasks. The priority of these tasks may
change, and we may add or drop tasks as appropriate using a reactive
development style.</p>
+<h2>UX improvements</h2>
+<ol>
+<li>
+<p>Enhance RC display</p>
+<ul>
+<li>Replace raw file hashes with the original filenames in the UI</li>
+<li>Add file size and upload timestamp</li>
+<li>Improve the layout of file listings</li>
+<li>Show validation status indicators</li>
+</ul>
+</li>
+<li>
+<p>Improve key management interface</p>
+<ul>
+<li>Add key expiration warnings</li>
+<li>Display which PMCs are using each key</li>
+<li>Improve key selection during RC creation</li>
+</ul>
+</li>
+<li>
+<p>Release status dashboard</p>
+<ul>
+<li>Add progress indicators for release phases</li>
+<li>Show current blockers and required actions</li>
+<li>Add quick actions for release managers</li>
+</ul>
+</li>
+</ol>
+<p>Advanced tasks, possibly deferred</p>
+<ul>
+<li>Implement a key revocation workflow</li>
+<li>Add developer RC download buttons with clear verification instructions</li>
+<li>Check RC file naming conventions</li>
+<li>Display vote status and timeline</li>
+</ul>
+<h2>Task scheduler</h2>
+<p>We aim to work on the task scheduler in parallel with the UX improvements
above. Artifact validation and the release status dashboard are dependent on
tasks, which are managed by the task scheduler.</p>
+<ol>
+<li>
+<p>Task runner workers</p>
+<ul>
+<li>Implement worker process with RLIMIT controls for CPU and RAM</li>
+<li>Add disk usage tracking through API and psutil polling</li>
+<li>Add rollback or reporting for failed tasks</li>
+<li>Ensure idempotent operations where possible</li>
+<li>Implement safe handling for compressed asset expansion</li>
+<li>Test external tool use</li>
+</ul>
+</li>
+<li>
+<p>Orchestrating scheduler and resource management</p>
+<ul>
+<li>Implement process-based task isolation</li>
+<li>Create task table in sqlite database</li>
+<li>Add task queue management</li>
+<li>Track and limit disk usage per task in the scheduler</li>
+</ul>
+</li>
+</ol>
+<p>Advanced tasks, possibly deferred</p>
+<ul>
+<li>Check fair scheduling across cores</li>
+<li>Add task monitoring and reporting</li>
+</ul>
+<h2>Basic RC validation</h2>
+<p>These tasks are dependent on the task scheduler above.</p>
+<ol>
+<li>
+<p>Basic artifact validation</p>
+<ul>
+<li>Implement basic structure validation (archives, signatures)</li>
+</ul>
+</li>
+<li>
+<p>License compliance</p>
+<ul>
+<li>Verify LICENSE and NOTICE files exist and are placed correctly</li>
+<li>Check for Apache License headers in source files</li>
+<li>Basic RAT integration for license header validation</li>
+</ul>
+</li>
+<li>
+<p>SBOM integration</p>
+<ul>
+<li>Generate a basic SBOM for release artifacts</li>
+<li>Store SBOMs with release metadata</li>
+<li>Add SBOM management options to UI</li>
+</ul>
+</li>
+</ol>
+<h2>Advanced RC validation</h2>
+<ol>
+<li>
+<p>Dependency analysis</p>
+<ul>
+<li>Parse and validate dependency licenses</li>
+<li>Check for prohibited licenses</li>
+<li>Generate dependency reports</li>
+<li>Flag dependency vulnerabilities</li>
+</ul>
+</li>
+<li>
+<p>Distribution channel integration</p>
+<ul>
+<li>Add PyPI distribution support</li>
+<li>Implement Maven Central publishing</li>
+<li>Add Docker Hub integration</li>
+<li>Support test distribution channels</li>
+</ul>
+</li>
+<li>
+<p>Reproducible build verification</p>
+<ul>
+<li>Track builds of binary artifacts from source release</li>
+<li>Compare built artifacts with the provided binaries</li>
+<li>Give a detailed report of the build and the differences</li>
+</ul>
+</li>
+</ol>
+<h2>Process automation</h2>
+<p>These are long term implementation requirements.</p>
+<ol>
+<li>
+<p>Vote management</p>
+<ul>
+<li>Automate vote thread creation</li>
+<li>Track votes and calculate results</li>
+<li>Generate vote summaries</li>
+<li>Handle binding vs non-binding votes</li>
+</ul>
+</li>
+<li>
+<p>Release announcement</p>
+<ul>
+<li>Template-based announcement generation with all required metadata</li>
+<li>Support customisation by PMCs</li>
+<li>Automate mailing list distribution</li>
+</ul>
+</li>
+<li>
+<p>GitHub integration</p>
+<ul>
+<li>Support GHA-based release uploads</li>
+<li>Add release tagging integration</li>
+<li>Support automated PR creation</li>
+<li>Implement security checks for GHA workflows</li>
+</ul>
+</li>
+</ol>
+<h2>Success metrics</h2>
+<ul>
+<li>Increased number of PMCs using the platform</li>
+<li>Reduction in release process duration</li>
+<li>Decreased number of failed release votes</li>
+<li>Improved compliance with ASF release policies</li>
+<li>Reduced manual intervention in release process</li>
+</ul>
diff --git a/docs/plan.md b/docs/plan.md
new file mode 100644
index 0000000..166c8ed
--- /dev/null
+++ b/docs/plan.md
@@ -0,0 +1,114 @@
+# Implementation plan
+
+This is a rough plan of immediate tasks. The priority of these tasks may
change, and we may add or drop tasks as appropriate using a reactive
development style.
+
+## UX improvements
+
+1. Enhance RC display
+ - Replace raw file hashes with the original filenames in the UI
+ - Add file size and upload timestamp
+ - Improve the layout of file listings
+ - Show validation status indicators
+
+2. Improve key management interface
+ - Add key expiration warnings
+ - Display which PMCs are using each key
+ - Improve key selection during RC creation
+
+3. Release status dashboard
+ - Add progress indicators for release phases
+ - Show current blockers and required actions
+ - Add quick actions for release managers
+
+Advanced tasks, possibly deferred
+ - Implement a key revocation workflow
+ - Add developer RC download buttons with clear verification instructions
+ - Check RC file naming conventions
+ - Display vote status and timeline
+
+## Task scheduler
+
+We aim to work on the task scheduler in parallel with the UX improvements
above. Artifact validation and the release status dashboard are dependent on
tasks, which are managed by the task scheduler.
+
+1. Task runner workers
+ - Implement worker process with RLIMIT controls for CPU and RAM
+ - Add disk usage tracking through API and psutil polling
+ - Add rollback or reporting for failed tasks
+ - Ensure idempotent operations where possible
+ - Implement safe handling for compressed asset expansion
+ - Test external tool use
+
+2. Orchestrating scheduler and resource management
+ - Implement process-based task isolation
+ - Create task table in sqlite database
+ - Add task queue management
+ - Track and limit disk usage per task in the scheduler
+
+Advanced tasks, possibly deferred
+ - Check fair scheduling across cores
+ - Add task monitoring and reporting
+
+## Basic RC validation
+
+These tasks are dependent on the task scheduler above.
+
+1. Basic artifact validation
+ - Implement basic structure validation (archives, signatures)
+
+2. License compliance
+ - Verify LICENSE and NOTICE files exist and are placed correctly
+ - Check for Apache License headers in source files
+ - Basic RAT integration for license header validation
+
+3. SBOM integration
+ - Generate a basic SBOM for release artifacts
+ - Store SBOMs with release metadata
+ - Add SBOM management options to UI
+
+## Advanced RC validation
+
+1. Dependency analysis
+ - Parse and validate dependency licenses
+ - Check for prohibited licenses
+ - Generate dependency reports
+ - Flag dependency vulnerabilities
+
+2. Distribution channel integration
+ - Add PyPI distribution support
+ - Implement Maven Central publishing
+ - Add Docker Hub integration
+ - Support test distribution channels
+
+3. Reproducible build verification
+ - Track builds of binary artifacts from source release
+ - Compare built artifacts with the provided binaries
+ - Give a detailed report of the build and the differences
+
+## Process automation
+
+These are long term implementation requirements.
+
+1. Vote management
+ - Automate vote thread creation
+ - Track votes and calculate results
+ - Generate vote summaries
+ - Handle binding vs non-binding votes
+
+2. Release announcement
+ - Template-based announcement generation with all required metadata
+ - Support customisation by PMCs
+ - Automate mailing list distribution
+
+3. GitHub integration
+ - Support GHA-based release uploads
+ - Add release tagging integration
+ - Support automated PR creation
+ - Implement security checks for GHA workflows
+
+## Success metrics
+
+- Increased number of PMCs using the platform
+- Reduction in release process duration
+- Decreased number of failed release votes
+- Improved compliance with ASF release policies
+- Reduced manual intervention in release process
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org
For additional commands, e-mail: dev-h...@tooling.apache.org
