Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🌱 Add lifecycle field to probes #4147

Merged
merged 7 commits into from
Jul 2, 2024

Conversation

spencerschrock
Copy link
Member

What kind of change does this PR introduce?

structured results update

What is the current behavior?

There is no indication around whether a probe can be depended on or not. And there are examples of probes being removed (#3666 and #3559 (comment))

What is the new behavior (if this is a feature change)?**

Clearly mark if a probe is:

  • experimental (the semantics of the probe may change)
  • stable (the probe behavior and semantics should remain stable, there may be bug fixes as needed)
  • deprecated (the probe doesn't receive further updates)
  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

NONE

Signed-off-by: Spencer Schrock <sschrock@google.com>
Some are listed as stable if they're not expected to change,
others are listed as experimental if there are still expected changes.

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
Copy link
Member Author

This PR marks all probes as stable, except for the following:

  • codeReviewOneReviewers: Because it's not being used by a check and hasn't been thoroughly viewed.
  • All of the token permission probes, as the semantics may not be final
    • topLevelPermissions:
    • jobLevelPermissions
    • hasNoGitHubWorkflowPermissionUnknown
  • probes which are still in active development or belong to experimental checks:
    • hasReleaseSBOM
    • hasSBOM
    • releasesHaveVerifiedProvenance
    • webhooksUseSecrets
  • probes which may have significant bugs in their behavior
    • contributorsFromOrgOrCompany

@spencerschrock spencerschrock marked this pull request as ready for review June 21, 2024 17:19
@spencerschrock spencerschrock requested a review from a team as a code owner June 21, 2024 17:19
@spencerschrock spencerschrock requested review from naveensrinivasan and removed request for a team June 21, 2024 17:19
Copy link

github-actions bot commented Jul 2, 2024

This pull request has been marked stale because it has been open for 10 days with no activity

@github-actions github-actions bot added the Stale label Jul 2, 2024
@spencerschrock spencerschrock enabled auto-merge (squash) July 2, 2024 17:07
@spencerschrock spencerschrock merged commit 6629b09 into ossf:main Jul 2, 2024
36 checks passed
@spencerschrock spencerschrock deleted the lifecycle branch July 2, 2024 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants