-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Quality Declarations to level 3. #77
Changes from 2 commits
323527d
5f40330
4cb9459
02e1ad2
89a6fd3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,9 +2,9 @@ This document is a declaration of software quality for the `rosidl_typesupport_c | |
|
||
# rosidl_typesupport_cpp Quality Declaration | ||
|
||
The package `rosidl_typesupport_cpp` claims to be in the **Quality Level 4** category. | ||
The package `rosidl_typesupport_cpp` claims to be in the **Quality Level 3** category. | ||
|
||
Below are the rationales, notes, and caveats for this claim, organized by each requirement listed in the [Package Requirements for Quality Level 4 in REP-2004](https://www.ros.org/reps/rep-2004.html). | ||
Below are the rationales, notes, and caveats for this claim, organized by each requirement listed in the [Package Requirements for Quality Level 3 in REP-2004](https://www.ros.org/reps/rep-2004.html). | ||
|
||
## Version Policy [1] | ||
|
||
|
@@ -14,7 +14,7 @@ Below are the rationales, notes, and caveats for this claim, organized by each r | |
|
||
### Version Stability [1.ii] | ||
|
||
`rosidl_typesupport_cpp` is not yet at a stable version, i.e. `>= 1.0.0`. | ||
`rosidl_typesupport_cpp` is at a stable version, i.e. >= 1.0.0. The current version can be found in its [package.xml](./package.xml), and its change history can be found in its [CHANGELOG](./CHANGELOG.rst). | ||
|
||
### Public API Declaration [1.iii] | ||
|
||
|
@@ -28,7 +28,7 @@ All installed headers are in the `include` directory of the package, headers in | |
|
||
### ABI Stability Within a Released ROS Distribution [1.v]/[1.vi] | ||
|
||
`rosidl_typesupport_cpp` contains C code and therefore must be concerned with ABI stability, and will maintain ABI stability within a ROS distribution. | ||
`rosidl_typesupport_cpp` contains C++ code and therefore must be concerned with ABI stability, and will maintain ABI stability within a ROS distribution. | ||
|
||
## Change Control Process [2] | ||
|
||
|
@@ -39,6 +39,7 @@ All installed headers are in the `include` directory of the package, headers in | |
This package requires that all changes occur through a pull request. | ||
|
||
### Contributor Origin [2.ii] | ||
|
||
This package uses DCO as its confirmation of contributor origin policy. | ||
More information can be found in [CONTRIBUTING](../CONTRIBUTING.md). | ||
|
||
|
@@ -68,31 +69,37 @@ All pull requests must resolve related documentation changes before merging. | |
|
||
### Public API Documentation [3.ii] | ||
|
||
`rosidl_typesupport_cpp` has documentation of its public API, but it is not yet hosted. | ||
`rosidl_typesupport_cpp` has documentation of its public API, but it is not yet publicly hosted. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is not publicly available -> http://docs.ros2.org/latest/api/rosidl_typesupport_cpp/index.html I will include it There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sorry, I don't think I understand this comment. As you say, the documentation isn't publically available, but this quality declaration is also saying "it is not yet publicly hosted". So those would seem to agree. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. PR is open ros2/docs.ros2.org#37 to make it public There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The documentation PR has now been merged. You can link to the api link @ahcorde gives above. |
||
|
||
### License [3.iii] | ||
|
||
The license for `rosidl_typesupport_cpp` is Apache 2.0, and a summary is in each source file, the type is declared in the [package.xml](package.xml) manifest file, and a full copy of the license is in the [LICENSE](./LICENSE) file. | ||
|
||
There is an automated test which runs a linter that ensures each file has a license statement. | ||
|
||
Most recent test results can be found [here](http://build.ros2.org/view/Epr/job/Epr__rosidl_typesupport__ubuntu_bionic_amd64/lastBuild/testReport/rosidl_typesupport_cpp/) | ||
Most recent test results can be found [here](http://ci.ros2.org/job/nightly_linux_release/lastBuild/testReport/rosidl_typesupport_cpp/copyright). | ||
|
||
### Copyright Statements [3.iv] | ||
|
||
The copyright holders each provide a statement of copyright in each source code file in `rosidl_typesupport_cpp`. | ||
|
||
There is an automated test which runs a linter that ensures each file has at least one copyright statement. | ||
|
||
Most recent test results can be found [here](http://ci.ros2.org/job/nightly_linux_release/lastBuild/testReport/rosidl_typesupport_cpp/copyright). | ||
|
||
## Testing [4] | ||
|
||
### Feature Testing [4.i] | ||
|
||
There are currently no public features undergoing tests. | ||
The features of `rosidl_typesupport_cpp` are tested, and their tests are located in the test directory. | ||
|
||
Most recent test results can be found [here](https://ci.ros2.org/job/nightly_linux_release/lastBuild/testReport/rosidl_typesupport_cpp). | ||
|
||
### Public API Testing [4.ii] | ||
|
||
There are currently no tests for the public API. | ||
The public API of `rosidl_typesupport_cpp` is tested, and the tests are located in the test directory. | ||
|
||
Most recent test results can be found [here](https://ci.ros2.org/job/nightly_linux_release/lastBuild/testReport/rosidl_typesupport_cpp). | ||
|
||
### Coverage [4.iii] | ||
brawner marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
|
@@ -106,17 +113,20 @@ There are currently no tests for the public API. | |
|
||
`rosidl_typesupport_cpp` uses and passes all the standard linters and static analysis tools for a C++ package as described in the [ROS 2 Developer Guide](https://index.ros.org/doc/ros2/Contributing/Developer-Guide/#linters). | ||
|
||
The latest linting results can be found [here](http://build.ros2.org/view/Epr/job/Epr__rosidl_typesupport__ubuntu_bionic_amd64/lastBuild/testReport/rosidl_typesupport_cpp/). | ||
Results of the linting tests can be found [here](https://ci.ros2.org/job/nightly_linux_release/lastBuild/testReport/rosidl_typesupport_cpp/). | ||
|
||
## Dependencies [5] | ||
|
||
### Direct Runtime ROS Dependencies [5.i/5.ii] | ||
### Direct and Optional Runtime ROS Dependencies [5.i/5.ii] | ||
|
||
`rosidl_typesupport_cpp` has the following runtime ROS dependencies: | ||
* `rcpputils` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hm. I honestly don't think that format is a good idea. It means that when we go to change the quality level, not only do we have to change it in the source repository for the package itself, we also have to change it in all of the dependent repositories as well. That seems like a lot of churn to me. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I agree, and we've talked about the maintenance burden before. I expected quality level automation to take care of it. @wjwwood ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I doubt the automation will address dependencies anytime soon due to the complexity and the timelines I think that will be involved. I wouldn't rely on that for now. Keeping this information up to date is tedious, but also necessary if you want to stay up to date. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
But I don't actually agree that it is necessary. If you just put the quality levels in the packages they pertain to, then you only have to update it in one spot when you change the quality level. Having it in all of the downstream dependencies mean you then have to make a PR for the package it belongs to and for all of the downstream dependencies. That seems more than tedious, and I'm not convinced it adds a lot of benefit anyway. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So I went ahead and prototyped a solution in python to find quality declarations of dependencies: https://gist.github.com/clalancette/d0a77b0433670803cf69de73c1f05cd0 . It's not perfect; it has at least the following flaws:
Regardless, none of the above problems are show-stoppers, and with a few hours of work I could easily fix them. But this is the direction I'd much rather see us head in, rather than duplicating all of the quality information everywhere. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The thing that I think will take time is getting the right version for each. In the future when the foxy version is QL 3, Rolling is QL 2, and master is QL 1, how will you know which to check? This will require the user specifying which but then it will require using rosdistro. It isn't impossible, but it is some more work. Also, what if not all the dependencies should be considered for QL? My thinking is that you need to annotate the package.xml, then have your script avoid looking at those. We need to come up with a way to do the annotation and then detect it, which might be an issue since looking for XML comments or something may not be trivial. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
In the short-term, the easiest way I can think of to do that would be to clone https://github.com/ros2/ros2/blob/master/ros2.repos at the revision you are interested in looking at, then running the script. If you want to look at packages outside of the ROS 2 core, then you could do the same sort of thing with
It's an interesting point. Could you give an example of what you are thinking of here? I can think of 2 different ways to handle it; either on the producer (package.xml) or consumer (script) side. On the producer side, you would have to do what you said; add some annotation to package.xml, and then respect that. On the consumer side, we could augment the script to take a list of exceptions to ignore. The benefit of the latter is that we don't need to iterate package.xml, and it seems like that exclusion would be a decision the consumer would want to make (not the producer). But it sort of depends on the situations you are thinking of. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I ended up spending some more time on this, and ended up fixing most of the issues that were pointed out above. The tool is now at https://github.com/clalancette/walk-qds , and can walk dependencies recursively. It now looks at both I'd encourage people to give it a try and see if it fits what we are looking to do here. If it does, I'd like to try to move forward with this PR as-is, and then go back and remove the (what I consider) redundant information from rclcpp. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not here to weigh in on documenting everything vs automation. But I can suggest one possible approach for documentation that I believe should result in minimal maintenance, unless an upstream package downgrades their status. State that each dependency is at least "QL 3", then link to the location where their current quality levels can be found. |
||
* `rosidl_runtime_c` | ||
* `rosidl_typesupport_cpponnext_c` | ||
* `rosidl_runtime_cpp` | ||
* `rosidl_typesupport_c` | ||
* `rosidl_typesupport_connext_cpp` | ||
* `rosidl_typesupport_interface` | ||
* `rosidl_typesupport_introspection_c` | ||
* `rosidl_typesupport_introspection_cpp` | ||
|
||
It has "buildtool" dependencies, which do not affect the resulting quality of the package, because they do not contribute to the public library API. | ||
It also has several test dependencies, which do not affect the resulting quality of the package, because they are only used to build and run the test code. | ||
|
@@ -135,6 +145,8 @@ Currently nightly results can be seen here: | |
* [mac_osx_release](https://ci.ros2.org/view/nightly/job/nightly_osx_release/lastBuild/testReport/rosidl_typesupport_cpp/) | ||
* [windows_release](https://ci.ros2.org/view/nightly/job/nightly_win_rel/lastBuild/testReport/rosidl_typesupport_cpp/) | ||
|
||
## Vulnerability Disclosure Policy [7.i] | ||
## Security [7] | ||
|
||
### Vulnerability Disclosure Policy [7.i] | ||
|
||
This package conforms to the Vulnerability Disclosure Policy in [REP-2006](https://www.ros.org/reps/rep-2006.html). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.