From f9fd021257653839f62f8ece6e75f16934b1351f Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Thu, 14 Nov 2024 14:55:52 -0500 Subject: [PATCH] Correct and update align release guidance (#104) * Fix tags in release page to be SemVer for GSA/fedramp-automation#847 The content is generally correct, but the tags are not actually SemVer. They are halfway between the "soon-to-be-deprecated" approach from the ADR permalinked below. A new ADR is forthcoming. https://github.com/GSA/fedramp-automation/blob/fcdd25e3177d4bf31178041648fdc74d610146e9/documents/adr/0002-git-release-version-strategy.md * Add callouts deprecating Spock versions for GSA/fedramp-automation#847 * Add placeholder ADR 10 link to wrap up GSA/fedramp-automation#847 * Remove redundant phrase per @brian-ruf's review * Update with links to finalized ADR 10 from #866 as part of #847, prep for review --- content/about/release.md | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/content/about/release.md b/content/about/release.md index 7d29bf5..6b6bc09 100755 --- a/content/about/release.md +++ b/content/about/release.md @@ -31,23 +31,31 @@ This FedRAMP versioning strategy will: - Provide content and semantic compatibility tied to a specific version, allowing version-based data to be used by different tools. - Minimize disruption for tool maintainers by indicating when a major change is compatibility breaking. -[SemVer](https://semver.org/), which is short for semantic versioning, is used as a common practice to version software. Using SemVer, version numbers convey meaning around the degree of compatibility resulting from modifications made to the underlying code or tool. +[Semantic Versioning (SemVer)](https://semver.org/) is used as a common practice to version software. Using SemVer, version numbers convey meaning around the degree of compatibility resulting from modifications made to the underlying code or tool. -A SemVer is the combination of *MAJOR*.*MINOR*.*PATCH* as follows: +A SemVer version is the combination of *MAJOR*.*MINOR*.*PATCH* as follows: - Incrementing the **MAJOR** version indicates significant incompatible changes. - Incrementing the **MINOR** version adds functionality in a backward-compatible manner. - Incrementing the **PATCH** version indicates backward-compatible bug fixes. +{{}} +In the past, FedRAMP used Spock versioning, per [Architectural Decision Record #2](https://github.com/GSA/fedramp-automation/blob/fcdd25e3177d4bf31178041648fdc74d610146e9/documents/adr/0002-git-release-version-strategy.md) and deprecated it in [ADR #10](https://github.com/GSA/fedramp-automation/blob/e3b9676fe25bd0513132aa606cfd6a93b9874bd4/documents/adr/0010-semantic-versions-only.md). The last release that uses the deprecated release and version guidance is [FedRAMP Version 2.0.0 for OSCAL 1.0.4](https://github.com/GSA/fedramp-automation/releases/tag/fedramp-2.0.0-oscal-1.0.4). +{{}} + ## Versioning Examples Examples of FedRAMP using SemVer in a sequence: -- `fedramp-3.0.0` (MAJOR: 3, MINOR: 0, PATCH : 0) indicates the MAJOR release 3. -- `fedramp-3.0.1` (MAJOR: 3, MINOR: 0, PATCH : 1) indicates the first PATCH release for MAJOR release 3. -- `fedramp-3.1.0` (MAJOR: 3, MINOR: 1, PATCH : 0) indicates the first MINOR release for MAJOR release 3. +- `3.0.0` (MAJOR: 3, MINOR: 0, PATCH : 0) indicates the MAJOR release 3. +- `3.0.1` (MAJOR: 3, MINOR: 0, PATCH : 1) indicates the first PATCH release for MAJOR release 3. +- `3.1.0` (MAJOR: 3, MINOR: 1, PATCH : 0) indicates the first MINOR release for MAJOR release 3. + +{{}} +The last version to use Spock versioning, per [ADR #10](https://github.com/GSA/fedramp-automation/blob/e3b9676fe25bd0513132aa606cfd6a93b9874bd4/documents/adr/0010-semantic-versions-only.md), is [FedRAMP Version 2.0.0 for OSCAL 1.0.4 (`fedramp-2.0.0-oscal-1.0.4`)](https://github.com/GSA/fedramp-automation/releases/tag/fedramp-2.0.0-oscal-1.0.4). All subsequent releases will use version tag described above. +{{}} -The following illustrates some drivers that will motivate specific version changes. +The following illustrates some drivers that will motivate specific version changes. OSCAL data within a release will use `oscal-version` in `metadata` to identify the minimally required version. ### PATCH