Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Compliance check: annualDependencyRefresh #112

Open
24 tasks
UlisesGascon opened this issue Dec 13, 2024 · 1 comment
Open
24 tasks

Add Compliance check: annualDependencyRefresh #112

UlisesGascon opened this issue Dec 13, 2024 · 1 comment
Assignees
@UlisesGascon
Labels
blocked This PR/issue is waiting for external factors compliance-checks discussion Priority-Group-14
Milestone
Include all the c...

Comments

@UlisesGascon
Copy link
Member

How the Check Works

Provide a clear definition based on the spreadsheet

Pending Tasks

You can find more details in the contributing guide

  • 1. Define a Good Implementation Example
    • Read the documentation (guidelines, best practices...)
    • Brainstorm how to implement this check (logic, alerts, tasks, validations, edge cases...).
    • Achieve an agreement on the implementation details before starting to work on this.
  • 2. Update Check Record Example
    • Update the compliance_checks row with the following fields: how_to_url, implementation_status, implementation_type and implementation_details_reference
    • Check the migration scripts using npm run db:migrate and npm run db:rollback
    • Update the database schema by running npm run db:generate-schema
  • 3. Implement the Business Logic Validator Example and Check Example
    • Add the specific validator in src/checks/validators/index.js
    • Add the check logic in src/checks/complianceChecks
    • Ensure that the check is in scope for the organization (use isCheckApplicableToProjectCategory)
    • Ensure that the severity value is well calculated (use getSeverityFromPriorityGroup)
    • Add the alert row in the compliance_checks_alerts table when is needed.
    • Add the task row in the compliance_checks_tasks table when is needed.
    • Add the result row in the compliance_checks_results table.
  • 4. Ensure It Works as Expected
    • Add new unit tests for the validator check.
    • Add new integration test cases for this check.
    • Verify that all tests are passing.
    • Run the command check run --name {check_code_name} and verify the changes in the database. Update the seed script if needed (npm run db:seed)
  • 5. Update the website Example
@UlisesGascon UlisesGascon self-assigned this Dec 13, 2024
@UlisesGascon
Copy link
Member Author

UlisesGascon commented Dec 14, 2024
edited
Loading

This is a tricky one, we probably want to have a question included in the form to ensure that the maintainers are actively working on this, but maybe we can also check if there was no releases in the last natural year and then alert about it.

There are plently edge cases, like when a repo is deprecated or the project does not have any dependency, etc.. As it is a GP14 not sure how much effort we want to put into it. WDYT @ruddermann? Should we only go for the manual check?

@UlisesGascon UlisesGascon added discussion blocked This PR/issue is waiting for external factors and removed research-needed labels Dec 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@UlisesGascon UlisesGascon

Labels
blocked This PR/issue is waiting for external factors compliance-checks discussion Priority-Group-14
Projects
None yet
Milestone
Include all the compliance checks
Development

No branches or pull requests
1 participant
@UlisesGascon