-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release Notation HashiCorp Vault plugin 0.1.0 #14
Comments
From what I recall of the license changes, it shouldn't impact our ability to release or test, assuming we stick to code in the SDK/API, which IIRC we did as a best practice. (At least, based on my past reading of that CNCF issue, nobody has had issues getting exceptions for retaining SDK/API dependencies against Vault). Has the CNCF taken a stance on automated integration testing against Vault? The issue with the current API and SDK packages was the OpenAPI repo was still immature, so I wouldn't have relied it for release software... The in-repo API package lacked any typing associated with it and so I'd feel a lot less comfortable releasing that without integration tests than I would one built on OpenAPI. It looks like it remains beta but MPL, so we could use it once it matures, if we cannot add automated tests now: https://github.com/hashicorp/vault-client-go/blob/main/LICENSE |
Ah, it looks like my question on integration tests was asked here: cncf/foundation#617 (comment) AFAICT they're still present though I am not familiar enough with the CI infra to tell if its actually used. So I think we're good. |
@FeynmanZhou Do you know if there's standard build tooling for Notation project we can use? Now that OpenBao has completed its first GA release, I can take a stab at a test suite here and we can vet this prior to releasing it. |
Hi maintainers,
As the majority development and test of Notation HashiCorp Vault plugin has been completed, it's time to start the v0.1.0 release process for the next step.
Before we start release process, we will need to revisit the HashiCorp OSS license change tracked in cncf/foundation#617. notation-hashicorp-vault uses vault API as a direct dependency.
Looking at the HashiCorp statement and Vault API license file, HashiCorp APIs, SDKs, and almost all other libraries will remain MPL 2.0, as well as Vault API. I assume it is compliant to use Vault API as a dependency in notation-hashicorp-vault.
To make sure we are following an compliant practice before releasing notation-hashicorp-vault project, I suggest holding on the release process before Dec 1, 2023 and gather feedback from the community and CNCF during this period.
If there is no concern from the community and CNCF, we could start the release process on Dec 1, 2023
The text was updated successfully, but these errors were encountered: