Skip to content

Commit

Permalink
Extend secuity description and minor corrections.
Browse files Browse the repository at this point in the history
  • Loading branch information
vlunov-spryker committed Oct 9, 2023
1 parent 8f3e244 commit c0e4e95
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 30 deletions.
46 changes: 23 additions & 23 deletions docs/scu/dev/features/autointegration-of-spryker-module-releases.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,33 +11,33 @@ With Spryker Code Upgrader, the process of integrating plugins, configuration up
As the result the manual step can be skipped when engineers have to understand and apply code changes by themselves in order to add new features in the project.

Supported extension points:
- Configure
- module
- environment
- Copy module files
- Add/Remove
- plugin
- navigation
- widget
- glue relationship
- Add
- transfer
- db schema

# What is release rating
The release rating is a measure of the integrability coverage of each spryker release, representing the percentage of integrated plugins, configurations, schemas, and other components.
This rating is determined through internal testing, where the updated code is compared with the released code to assess the level of integration achieved.

There are some kind of releases that provide only dependency updates without any code integrations (so called module-only releases). Such releases have 100% coverage.

The rating for each applied release can be found in the upgrader pull request description.
- Configuration
- Module
- Environment
- Copying module files
- Adding/Removing
- Plugin
- Navigation element
- Widget
- Glue relationship
- Adding
- Transfer definition
- DB schema definition

# What is a release rating
The release rating is a measure of the integrability coverage of each Spryker release, representing the percentage of automatically integratable plugins, configurations, schemas, and other components.
This rating is determined during internal testing, where the generated integration code is compared with the manually released code to assess the level of integration achieved. If both are equal, then the release is fully integratable.

There are some kind of releases that provide only dependency updates without any code integrations (so called module-only releases). Such releases have 100% coverage.

The rating for each suggested release can be found in the Upgrader pull request description.

# How to enable and configure
By default, the Integrator is enabled. It applies integrations of releases that have rating of more than 70% (this threshold can be configured through the spryker CI configuration).
By default, the Integrator is enabled. It applies integrations of releases with rating 70% or more (this threshold can be configured through the spryker CI configuration).

It is important to note that after the integration process is completed, a style fixer is applied to the updated files. It's recommended for the project to have its own style fixer to expose project-specific code style conventions.
It is important to note that after the integration process is completed, a style fixer is applied to the changed files. It's recommended for the project to have its own style fixer to expose project-specific code style conventions.

# What to do if you see a generated code, that is not valid
1. Make sure that your project code follows the Upgradability Guidelines and passes the [Evaluator check](/docs/scos/dev/guidelines/keeping-a-project-upgradable/run-the-evaluator-tool.html).
2. You can try manually updating the generated code as a quick fix.
2. You can try manually correcting the generated code as a quick fix.
3. If none of the above solutions work, please contact us for further assistance.
7 changes: 5 additions & 2 deletions docs/scu/dev/features/security-upgrades.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@ description: How Spryker Code Upgrader works with releases related to known secu
template: concept-topic-template
---

TBD: Generic Description
Being on top of security releases of your vendor or 3rd-parties is very crusial:
* *Vulnerability Mitigation*: Security updates often address known vulnerabilities or weaknesses in software. Installing these updates promptly helps to mitigate these vulnerabilities, reducing the risk of unauthorized access, data breaches, or malicious activities.
* *Enhanced Protection and risk mitigation*: Security updates typically include patches and improvements that enhance the overall security of the system.
* *Regulatory Compliance*: Many regulatory bodies require organizations to maintain up-to-date security measures, which often includes installing security updates promptly. Compliance with these regulations not only reduces legal and financial risks but also helps to maintain a positive reputation and trust with stakeholders and customers.

# What kind of security releases covered?

Expand All @@ -20,7 +23,7 @@ These tools assist in identifying and preventing potential security risks from t
Security release is a type of release that aims to deliver a security vulnerability fixes, rather than introducing new features or functionalities.
The example of security release is [https://api.release.spryker.com/release-group/4753](https://api.release.spryker.com/release-group/4753)

The security releases are applied alongside other releases, but the security release being prioritized and delivered first, ensuring the fast delivery of critical security updates.
The security releases are applied alongside other releases, but the security release is being prioritized and delivered first, ensuring the fast delivery of critical security updates.

Automatic installation of security releases is only available between the major version releases. However, the major releases require manual installation, similar to all major releases.

Expand Down
10 changes: 5 additions & 5 deletions docs/scu/dev/features/upgrade-verification.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: How Spryker Code Upgrader actively detects and warns you when your
template: concept-topic-template
---

It is very important for Spryker Code Upgrader to ensure stability of the upgrades. On the one hand you have your automated tests that you rely on, those tests are run in your CI system and you use them before you merge the pull requested created by Spryker Code Upgrader. On the other hand and in addition we run a number of code checks to offer an early warning system even without having a full context or knowledge of your project.
It is very important for Spryker Code Upgrader to ensure stability of the upgrades. On the one hand you have your automated tests that you rely on, those tests are run in your CI system and you use them before you merge the pull request created by Spryker Code Upgrader. On the other hand and in addition we run a number of code checks to offer an early warning system even without having a full context or knowledge of your project.

# Validations and warnings

Expand All @@ -13,11 +13,11 @@ The warnings provide guidance on potential risks or necessary actions for a succ

Warning types:
- Major code releases warning.
All the major releases should be installed manually to avoid the BC breaks.
- PHP Broken Files.
All the major releases should be installed manually to integrate the BC breaks.
- PHP Broken Files.
Phpstan checks project code after each release application and provides corresponding warnings.
- Conflict between project class, which extends a private class in a Spryker module, and a changes made by Spryker in their latest release.
To resolve this conflict need to re-write custom class with the necessary updates.
To resolve this conflict you need to re-write the custom class with the necessary changes.
- Module name conflict warnings.
Custom project module has the same name with spryker released module and should be renamed.
- Release integration warnings (warnings related to the integration process)
Expand All @@ -26,5 +26,5 @@ Warning types:
# What to do when you see these warnings in the PR?

In most cases, warnings come with specific information that helps you identify the class or file needed to fix the issue.
Most of these issues are easily fixable by an IDE.
Most of these issues are easily fixable in your IDE.

0 comments on commit c0e4e95

Please sign in to comment.