DS template version support
Problem to solve
Dependency Scanning currently (as of %18.5) has 3 templates, 1 CI/CD component, and 2 analyzers it supports. The templates are default, latest, v2 and the analyzers are dependency-scanning and gemnasium. The CI/CD component is at version 0 and if existing methodology is followed the component should go to version 1. The goal of this issue is to settle on what the support matrix should be going forward. In addition, the definition of backwards support to older versions should also be settled.
Current state
Proposal
| 18.5 (release of tpl v2 and ds:1) |
[18.6, 19.0) | 19.0 | [19.1, 20.0) | |
|---|---|---|---|---|
| template: stable | gemnasium:6 | gemnasium:6 | gemnasium:6 | gemnasium:6 |
| template: latest | gemnasium:6 OR dependency-scanning:0 | gemnasium:6 OR dependency-scanning:1 | dependency-scanning:1 | dependency-scanning:1 |
| template: v2 | dependency-scanning:1 | dependency-scanning:1 | dependency-scanning:1 | dependency-scanning:1 |
| ci/cd component v0 | dependency-scanning:0 | dependency-scanning:1 | dependency-scanning:1 | dependency-scanning:1 |
Decisions summary:
- Don't use the new DS analyzer in the
stableCI template - Upgrade DS analyzer to v1 in the
latestCI template - Do not deprecate any CI template yet, this can be revisited after we ship GA and move forward with other AST groups on the CI template versionning proposal #523986
- Don't upgrade DS analyzer to v1 in the CI/CD component v0
- Release CI/CD component v1 which uses DS analyzer v1
- Deprecate CI/CD component v0
- Don't release a new Major version of Gemnasium in 19.0 (stick to v6)
See original proposal
Templates
In order to give users a smaller transition from gemnasium to the new analyzer allow default and latest templates to remain the same until 19.0 with the exception of latest going from dependency-scanning:0 to dependency-scanning:1.
Analyzers
The dependency-scanning analyzer can be bumped to version 1 across the board since there are not really any breaking changes and we bumped the version to be in line with the new template.
Because there were no breaking changes, it doesn't really make a lot of sense to have backwards compatibility version 0.
Template versioning
|
18.5 (release of tpl v2 and ds:1) |
[18.6, 19.0) |
19.0 |
[19.1,20.0) |
|
|---|---|---|---|---|
| template: default |
gemnasium:6 |
gemnasium:6 | gemnasium:6 || dependency-scanning:1 | gemnasium:6 || dependency-scanning:1 |
| template: latest | gemnasium:6 || dependency-scanning:0 | gemnasium:6 || dependency-scanning:1 | dependency-scanning:1 | dependency-scanning:1 |
| template: v2 | dependency-scanning:1 | dependency-scanning:1 | dependency-scanning:1 | dependency-scanning:1 |
| ci/cd component v0 | dependency-scanning:0 | dependency-scanning:1 | dependency-scanning:1 | dependency-scanning:1 |
Implementation plan
- Release CI/CD component v1 with analyzer v1
-
Update
latestCI template to use analyzer v1 - Update documentation