feat: add reusable workflow for autofilling an issue when there's a new TUF version #224
Conversation
Signed-off-by: Radoslav Dimitrov <[email protected]>
Signed-off-by: Radoslav Dimitrov <[email protected]>
|
I have a question on permissions: can the python-tuf workflow define a permission so that the embedded action can't override that? I'm asking in context of the |
Yes, you should be able to either set the permissions for a specific job or for the whole workflow 👍 |
There was a problem hiding this comment.
Can we add a comment to the top of the reusable workflow which includes a one-line description of what the workflow does and includes an example of how to use it?
It might also be worth mentioning in the README that the reusable workflow exists and implementers can use it to be notified of when new specification versions are released? This could also be a follow-on PR if preferred.
…eck workflow Signed-off-by: Radoslav Dimitrov <[email protected]>
…readme Signed-off-by: Radoslav Dimitrov <[email protected]>
Signed-off-by: Radoslav Dimitrov <[email protected]>
Thanks! I've addressed the suggestions 👍 |
|
Could we get a second review here from an @theupdateframework/tap-editors ? |
|
This is a great idea! I'd love to see maintainers of other TUF
implementations comment as well, but I am very supportive overall.
…On Thu, May 19, 2022 at 7:08 PM Joshua Lock ***@***.***> wrote:
Could we get a second review here from an @theupdateframework/tap-editors
<https://github.com/orgs/theupdateframework/teams/tap-editors> ?
—
Reply to this email directly, view it on GitHub
<#224 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGRODYQ64J2I4MAEJ6PAITVKYOLHANCNFSM5VOQZHKQ>
.
You are receiving this because you are on a team that was mentioned.Message
ID: ***@***.***>
|
There was a problem hiding this comment.
This is really great! And it LGTM, modulo a copy-pasted typo, some trailing whitespace and a line-wrap nit. Feel free to address or ignore. I'll approve as is.
Note, I also diffed the script with python-tuf's specification-version.yml, which we know works and probably served as a base for this workflow(?). It looks like they do the same thing.
Co-authored-by: Lukas Pühringer <[email protected]>
Thanks for the review! 👍 I've used it as a base so thus the reason for the PR in python-tuf which discards the old one and switches to the one that will be hosted here - theupdateframework/python-tuf#2001 |
Oh yeah, it was not meant as a criticism, but more as a this has already been reviewed elsewhere, so it should be fine statement. :) |
The following adds a workflow that can be used by projects that want to keep track and be notified when there's a new version of the TUF specification.
In case there's a newer version, it will file an issue against the project with several links, like the currently supported version, and a comparison showing what's changed. Here's an example of the issue it will create -
Title:
Body:
Note:
A few other PRs will be created and referenced here for https://github.com/theupdateframework/python-tuf and https://github.com/theupdateframework/go-tuf which can serve as examples of how to use this workflow.
Related to - theupdateframework/go-tuf#283