Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce policy for new images/packages #2016

Merged
merged 4 commits into from
Oct 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ Table of Contents
:maxdepth: 2
:caption: Maintainer Guide

maintaining/new-images-and-packages-policy
maintaining/tasks
maintaining/aarch64-runner

Expand Down
35 changes: 35 additions & 0 deletions docs/maintaining/new-images-and-packages-policy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Policy on adding new images and packages

There are many things we consider, while adding new images and packages.

Here is a non exhaustive list of things we do care about:

1. **Software health**, details, and maintenance status
- reasonable versioning is adopted, and the version is considered to be stable
- has been around for several years
- the package maintains documentation
- a changelog is actively maintained
- a release procedure with helpful automation is established
- multiple people are involved in the maintenance of the project
- provides a `conda-forge` package besides a `pypi` package, where both are kept up to date
- supports both `x86_64` and `aarch64` architectures
2. **Installation consequences**
- GitHub Actions build time
- Image sizes
- All requirements should be installed as well
3. Jupyter Docker Stacks _**image fit**_
- new package or stack is changing (or inherits from) the most suitable stack
4. **Software impact** for users of docker-stacks images
- How this image can help existing users, or maybe reduce the need to build new images
5. Why it shouldn't just be a documented **recipe**
6. Impact on **security**
- Does the package open additional ports, or add new web endpoints, that could be exploited?

With all this in mind, we have a voting group, which consists of
[mathbunnyru](https://github.com/mathbunnyru),
[consideRatio](https://github.com/consideRatio),
[yuvipanda](https://github.com/yuvipanda) and
[manics](https://github.com/manics).

This voting group is responsible for accepting or declining new packages and stacks.
The change is accepted, if there are **at least 2 positive votes**.
1 change: 1 addition & 0 deletions docs/maintaining/tasks.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ Pushing the `Run Workflow` button will trigger this process.
```{note}
In general, we do not add new core images and ask contributors to either
create a [recipe](../using/recipes.md) or [community stack](../contributing/stacks.md).
We have a [policy](./new-images-and-packages-policy.md), which we consider when adding new images or new packages to existing images.
```

You can see an example of adding a new image [here](https://github.com/jupyter/docker-stacks/pull/1936/files).
Expand Down