Dear ToC members,
During tomorrow’s ToC meeting, I would like to make several requests for your consideration on our development practices. This email provides a preview for these requests. We have gone through most of these
items during the Bronze dev cycle, but postponed the decision till Cherry dev cycle.
- Requiring all Gerrit code change submissions to include JIRA
- The JIRA ticket references inside of a Gerrit submission will help Gerrit submission reviewers to better understand the background for the submission,
--something very helpful when we have more community involvement in the review process beyond the contribution company. Such references also trigger LF tools to add links pointing to the submissions on the relevant JIRA ticket pages, making it easier for
dev management to identify and view the actual dev works resolving the JIRA tickets.
- Previously we have requested LF to add a warning message when a Gerrit submission is made without JIRA reference. This time the request is for the enforcement
of such references. In future a submission will be rejected if it does not have JIRA references.
- Work item if approved: INT team will make the request to LF RelEng team.
- License attribution. Requesting the ToC to grant permission to use code under OSI approved licenses (https://opensource.org/licenses)
within OSC repos, in a fashion that is permitted by the original licenses (i.e. separate folder, maintaining original license claims, etc).
- Previously the ToC has granted case-by-case use of such licenses.
- Work item if approved: Wiki page updates on the decision, as well as best practice guideline for how to use such external code.
- License scans. Requesting the ToC decision on making Nexus-IQ scan mandatory on all repos.
- Nexus-IQ is a license and security scanning tool the LF supports via a third party. LF pre-release license scan does not cover O-RAN Software licensed
repos, only Apache 2 repos. This leaves our scp/* repos vulnerable for licensing risks. Nexus-IQ scan will help identifying license risks.
- Work item if approved: all repo owners need to add Jenkins job definition for the Nexus-IQ scan job (periodically triggered). The INT team already provided
documentation and example jobs.
- Enforcing Sematic Versioning
- Previously semver was identified and discussed without major rejection. Unifying versioning will help automation in identifying artifacts to include
in automated integration testing.
- Work item if approved: INT will work with LF RelEng to introduce a script for checking the version tags of artifacts to make sure: 1. formatting; 2.
version is newer than those of released artifacts.
Thank you for your time and consideration.