Skip to content

Define and implement repo-level UB validation #4267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 of 5 tasks
premun opened this issue Mar 27, 2024 · 2 comments
Open
1 of 5 tasks

Define and implement repo-level UB validation #4267

premun opened this issue Mar 27, 2024 · 2 comments
Labels
area-unified-build Epic Groups multiple user stories. Can be grouped under a theme.

Comments

@premun
Copy link
Member

premun commented Mar 27, 2024
edited
Loading

Context

There are several validations running in the VMR at the moment such as license or binary file scanning. Once we move to the full VMR code flow, it is possible that repos will keep breaking these validations more and more. From the past experience with SB and the SB legs running in repos, we know that it's great to shift these checks left and deal with them right when when they are created - in the original repositories.

Goal

  • Collect and define the set of validations run in repos before they accept a change.
    • License scans
    • Binary scans
    • ???
  • Build tooling and pipeline templates (in Arcade) and add a new build leg to every repo that flows into the VMR that runs these validations. You can get inspired with the already existing Source Build legs.
  • Create documentation and guidance to validation failures for devs who encounter these.

Work Items
@premun premun added the Epic Groups multiple user stories. Can be grouped under a theme. label Mar 27, 2024
@dotnet-issue-labeler dotnet-issue-labeler bot added area-build Improvements in source-build's own build process untriaged labels Mar 27, 2024
@premun premun removed the untriaged label Mar 27, 2024
@ellahathaway ellahathaway mentioned this issue Mar 27, 2024
Closed
@jkotas
Copy link
Member

jkotas commented Mar 27, 2024

it is possible that repos will keep breaking these validations more and more

It would be useful to see the frequency of these breaks and compare it to relative frequency of other types of breaks before deciding about the validations to push to individual repos.

In general, we have a tiered validation system, and we accept that some limited number of breaks is allowed to enter the system and that these breaks are only found later.

@MichaelSimons
Copy link
Member

[Triage] The license scan isn't something that is plausible to run as part of PR validation. Therefore there is questionable value in having it at the repo level as it is likely to not be monitored.

@MichaelSimons MichaelSimons added area-testing Improvements in CI and testing and removed untriaged area-build Improvements in source-build's own build process labels Apr 4, 2024
@MichaelSimons MichaelSimons added area-unified-build and removed area-testing Improvements in CI and testing labels Apr 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-unified-build Epic Groups multiple user stories. Can be grouped under a theme.
Projects
.NET Unified Build
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkotas @premun @MichaelSimons