Comments (4)
I would suggest the vendor calls an API to register first. We can collect the basic information, such as vendor info, contact info, etc. A token will be sent to the vendor (i.e., JWT). The vendor should use this token when requesting certification. Only vendors with valid token can request certification. This process will help us verify the vendor, allow the vendor to update if needed, keep track of who requested the certification and avoid malicious access.
from adoptium.
While the template / workflow will actually live in the aqa-tests repository, the ultimate goal is to make this a very automated process (even if near-term is a somewhat manual process).
A high-level view of the automated process will be:
- vendor pushes a request to an API (likely to TRSS) for a certification request. This request contains at least one but possibly multiple sections, each containing:
- URL to the binary that the request is for
- platform for the binary under request (while we can autodetect this, knowing it upfront allows us to direct audit tests to the right machines without having to parse non-standard named files or loop through machines searching for where autodetect succeeds)
- URL to the source code repo(s) (and SHA/tag) or source.zip used to create the binary
- URL to CI server where tests run or URL to where test results artifacts are stored
- request triggers the creation of a certification request issue in the aqa-tests repository (or some repository specifically created for certification requests and auditing)
- link to certification request issue is returned to vendor
- certification request contents are parsed
- test result artifacts are downloaded from supplied URL
- test result artifacts are reviewed (these artifacts include the TAP summary of what test targets were executed, which passed, failed, were skipped and which were excluded)
- check: SHA.txt artifact matches expected AQAvit SHAs
- check: number of test targets executed matches expected number (100% of expected test targets to have been executed)
- check: 98% pass rate or higher expected (with failing targets passing on retry)
- check: test exclusions each are linked to known trackable non-blocking open issues
- depending on passed/failed/excluded report, (optional) audit/rerun of subset of test targets are run against the binary
- check audit/rerun results
- push result of checks listed above to comment in the certification request issue
- if all checks pass, certification is granted (cert request issue is updated with comment and closed)
- if some checks fail, manual intervention and checking occurs (AQAvit project team updates the cert request issue on next steps)
- automated certification request results can be overruled by manual intervention and verification of binaries by AQAvit project team (should there appear to be issues with automated results)
from adoptium.
re: #21 (comment) yes, was going to build off of the jwt PR and & prototype that you and Renfei worked on for TRSS.
from adoptium.
See: https://github.com/adoptium/website-v2/blob/main/src/asciidoc-pages/docs/aqavit-verification.adoc
from adoptium.
Related Issues (20)
- April 2023 Release Status per Platform, Version & Binary Type HOT 16
- General Retrospective for April 2023 Releases HOT 9
- Reorganize release status template to add the 2 additional primary platforms aarch64 Linux and aarch64 Mac
- Create New/Improve Checklists For Installers/Docker Containers/Post Release Tasks
- Please include RPMs for Fedora 38 in your RPM Repository HOT 1
- Marketplace: Request to rotate key for IBM Semeru Runtimes HOT 3
- Release Champion: Process and Role Revision HOT 4
- TEST checklist for bugs...
- Checklist for Temurin July 2023 releases HOT 6
- July 2023 Release Status per Platform, Version & Binary Type HOT 8
- General Retrospective for July 2023 Releases HOT 28
- Generate The Release Notes Per JDK Version for July 2023 CPU HOT 2
- Update release docs to cover precise scmReference format
- Update createJTI script with required fixes from July CPU HOT 2
- General Retrospective for September/October 2023 Releases HOT 4
- Can x86-simd-sort be backported to Temurin OpenJDK 21 LTS? HOT 2
- Update the "Eclipse Adoptium Interim Build Labeling Requirements" text on the governance page, website, and other documentation if needed. HOT 15
- Enhancement Proposal: Create an Adoptium Documentation Index that covers all projects HOT 1
- Create Pillars of Work lightning talk HOT 1
- Create a "Playing Golf at Adoptium" lightning talk HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adoptium.