Added a prototype for generating jsonschema files

[kommendorkapten]

WIP to generate JSON schema files, as coined by @woodruffw (see Slack: https://sigstore.slack.com/archives/C03SZ6SHU90/p1690490585606889)

Closes #67

Consider this PR WIP so far.

There are some general topics I would like to bring up for discussion too related to the current Docker image we are using for building the protoc compiler that I discovered when working on this. I'll create a separate issue for that.

Release Note

Added support for generating JSON schema files

Documentation

N/A

[kommendorkapten]

The reason I added a new Docker image is that namely/protoc-all is too old to build newer Go programs, see issue #113

[woodruffw]

This looks pretty good! I did a quick pass over the generated schemas and nothing looks way off 🙂

I've asked @jleightcap to take a look at using these to generate the Rust crate, once he's finished with some conformance suite work.

[kommendorkapten]

Yeah, we should pin the versions and make sure we perform this build for the all target. I’ll be away for vacation now for two weeks, but can take a stab when I’m back, and looking into creating a single new image that covers all languages so we can drop the namely image. If any of you are in a hurry to get the JSON schema in now, feel free to modify this PR. Maintainers will have permission to do so.

…

On Fri, 28 Jul 2023 at 22:42, Cody Soyland ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ On Makefile <#112 (comment)> : Should we add jsonschema to the list of targets for make all <https://github.com/sigstore/protobuf-specs/blob/main/Makefile#L19>? This way, it will become part of the CI check <https://github.com/sigstore/protobuf-specs/blob/main/.github/workflows/generate.yml> to make sure generated files are always updated. — Reply to this email directly, view it on GitHub <#112 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACSDVRCYWYDJZT4EM2ZYDODXSQPZXANCNFSM6AAAAAA23FGSP4> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[woodruffw]

If any of you are in a hurry to get the JSON schema in now, feel free to modify this PR. Maintainers will have permission to do so.

I'm going to have @jleightcap work off of the schema in this PR, so I'll take over! Enjoy your vacation!

[woodruffw]

NB: This repository doesn't appear to be versioned in any way, and isn't packaged in alpine. I could check out a fixed revision if we're like more consistency here.

[znewman01]

I'd like to pin it to a fixed revision.

[woodruffw]

Hmm, this is moderately annoying: we can't do a fast-path clone with a specific revision. I'll see about just downloading it directly as a ZIP or similar and unarchiving.

[woodruffw]

Did it with a checkout after all; the performance shouldn't be too bad.

[woodruffw]

NB: I picked these version numbers not because they're the most recent, but because they're consistent with Alpine's world version for the Alpine version chosen. More recent versions could probably be made to work, but I figured this was the path of least resistance.

[znewman01]

This LGTM, except I would like the googleapis/googleapis repo pinned too :)

[znewman01]

I'd like to pin it to a fixed revision.

[haydentherapper]

Do you know if dependabot will suggest updates for Go dependencies in Dockerfiles? Otherwise we might want to add a hack like https://github.com/sigstore/rekor/blob/main/hack/tools/go.mod

[haydentherapper]

Should the jsonschema be versioned and have releases cut along with the other languages? Otherwise, it'll always be from HEAD. We could have folders for each version, /schema/v0.2/? Not sure if there's precedent for this.

[woodruffw]

Should the jsonschema be versioned and have releases cut along with the other languages? Otherwise, it'll always be from HEAD. We could have folders for each version, /schema/v0.2/? Not sure if there's precedent for this.

Hmm, good call -- we want to use this as the building block for the Rust bindings, so we should probably version it. IMO that can be done either by tagging (like the other bindings) or by having directories for either version; I don't think it'll make a major difference to the Rust bindings either way.

[haydentherapper]

Is it sufficient to use an existing tag like https://github.com/sigstore/protobuf-specs/releases/tag/v0.2.0? Otherwise we could have its own tag, releases/jsonschema/vXYZ, but I can't think of a case where we'll have the json schema version deviate.

[znewman01]

Is it sufficient to use an existing tag like https://github.com/sigstore/protobuf-specs/releases/tag/v0.2.0? Otherwise we could have its own tag, releases/jsonschema/vXYZ, but I can't think of a case where we'll have the json schema version deviate.

In the past, we liked versioning each set of bindings independently to handle changes to the generation process. E.g. if there was a bug in the protoc-jsonschema generator. I think we should default to that if possible.

[haydentherapper]

SG, so we can just add a step to the release instructions to add a tag for release/json/vX.Y.Z, and we shouldn't need another release workflow.

[woodruffw]

SGTM! I'll add a note to the release instructions.