From 39c23cb5043ad2c0d873f7cc7191a7256f6a3cb6 Mon Sep 17 00:00:00 2001 From: Radoslav Dimitrov Date: Fri, 10 Jun 2022 16:36:38 +0300 Subject: [PATCH] feat: add workflow responsible for notifying of new TUF spec release (#287) * feat: add workflow responsible for notifying of new TUF spec release Signed-off-by: Radoslav Dimitrov * chore: limit the permissions for the job calling the version check workflow Signed-off-by: Radoslav Dimitrov * docs: update the MAINTAINERS docs to address a TUF specification bump Signed-off-by: Radoslav Dimitrov --- .github/workflows/specification-version-check.yml | 14 ++++++++++++++ docs/MAINTAINERS.md | 9 +++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/specification-version-check.yml diff --git a/.github/workflows/specification-version-check.yml b/.github/workflows/specification-version-check.yml new file mode 100644 index 00000000..1c4834f8 --- /dev/null +++ b/.github/workflows/specification-version-check.yml @@ -0,0 +1,14 @@ +on: + schedule: + - cron: "0 13 * * *" + workflow_dispatch: +name: Specification version check +jobs: + # Get the latest TUF specification release and open an issue (if needed) + specification-bump-check: + permissions: + contents: read + issues: write + uses: theupdateframework/specification/.github/workflows/check-latest-spec-version.yml@master + with: + tuf-version: "v1.0.29" # Should be updated to the according version either manually or extracted automatically as how it's done in python-tuf diff --git a/docs/MAINTAINERS.md b/docs/MAINTAINERS.md index 9968fd39..6b03d4f2 100644 --- a/docs/MAINTAINERS.md +++ b/docs/MAINTAINERS.md @@ -17,12 +17,12 @@ Speedy communication makes contributors happy! Versioning: - go-tuf releases follow [SemVer](https://semver.org/) with the following modification: - - While go-tuf is pre-1.0, increment the minor version for any breaking changes (in SemVer, there are no guarantees about API stability). + - While go-tuf is pre-1.0, increment the minor version for any breaking changes (in SemVer, there are no guarantees about API stability). - Releases should be tagged in this repository as usual in Go ([Publishing a module](https://go.dev/doc/modules/publishing)). Project management: -- Try to keep issues up-to-date with status updates! +- Try to keep issues up-to-date with status updates! - Feel free to ping open issues to check on them. - Use the "assignee" field to indicate when you are working on an issue. - Use GitHub issue labels to describe the issue (exact labels are still changing, so just look through and add those that seem like a good fit). @@ -45,4 +45,9 @@ Pre-merge (check everything again before hitting the merge button!): - This may be waived for PRs which only update docs or comments, or trivial changes to tests. - Make sure that the PR title, commit message, and description are updated if the PR changes significantly during review. +New version of the TUF specification: +- There's an automated workflow which monitors and opens an issue in case there's newer version of the [TUF specification](https://theupdateframework.github.io/specification/latest/) +- Closing the issue should happen after completing the following steps: + - Review the changes to the specification and make sure they're addressed (possibly requires breaking out a few relevant issues). + - Bump the `tuf-version` in the `.github/workflows/specification-version-check.yml` workflow.