Open-Source Contribution Submission #2664
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Note: Added contributions with links to PRs to original proposal README to more easily find them. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Assignment Proposal
Title
DevOps Course File Requirements & Spoon Checksum Registration
Names and KTH ID
Deadline
Category
Description
The open source contribution we propose is divided in two (unrelated) parts, each targeting separate repositories.
On one hand, we wish to resolve issue #2583 in the present repository (KTH DevOps Course), aiming to improve the existing GitHub CI workflows to validate Pull Requests targeting the
contributions/folder. In particular, we hope to check that Pull Requests add exactly one file (aREADME.mdat the correct location), and that its contents match the Pull Request's description -- with the exception of feedback submissions, which should instead modify an existing file.On the other hand, we would also like to work on a solution to issue #5957 in Spoon (allegedly the best code analysis tool for Java), hoping to extend the release pipelines by introducing a new step to push package checksum attestations to sigstore/rekor. We most likely plan to do this using actions/attest-build-provenance, as suggested by Martin.
Relevance
Both of these proposed contributions concern automatic pipelines in very active open-source projects hosted on GitHub. The first one relates to improving the automated testing suite used in this course, making it relevant to the topics discussed in week 2. Conversely, the second fields within the scope of CD, which was brought up in week 3, and in part also DevSecOps, more recently the focus of week 6. Combined, we believe that our proposal has a very clear relevance to DevOps, and in specific to this course by targeting multiple of its aspects of prominence.
Contributions
Pull requests with proposed solutions to the previously mentioned issues can be found at #2644 and #6016, respectively.