Document upload API so other projects can implement it about uploader HOT 6 OPEN

@takluyver Thank you for the detailed issue!

Do the methods in https://github.com/codecov/uploader/blob/84df6d138c97db110d73345a74f97bca9a904d96/src/helpers/web.ts (the only part of the uploader that interacts with the upload endpoint in any way), meet your needs, or do you need something more detailed/formal?

from uploader.

Thanks! I can figure out roughly what it's doing; I guess I'm asking for documentation less for information, and more as a kind of indication of stability & availability. If I use something other than the official typescript uploader code, I'd like to have some expectation that it will keep working, and some channel for anyone maintaining alternate implementations to hear about changes.

In the first instance, do you know what's happening with the 'sunsetting' of other uploaders? The deprecation plan laid out that they would stop working in February, which didn't happen (at least for the Python uploader). Is that off, or just delayed? If it's still happening, will it be by checking the package= URL parameter, and will it block everything apart from the new uploader, or just specific old uploaders?

from uploader.

!!! The answer below is my personal thoughts and does not reflect the official or unofficial stance of Codecov !!!

In the first instance, do you know what's happening with the 'sunsetting' of other uploaders? The deprecation plan laid out that they would stop working in February, which didn't happen (at least for the Python uploader). Is that off, or just delayed? If it's still happening, will it be by checking the package= URL parameter, and will it block everything apart from the new uploader, or just specific old uploaders?

It is delayed, due to the new uploader not being quite in parity with the old ones yet. I'm not sure the exact mechanism being employed, but the goal is to have a single source of truth when it comes to uploading, rather than several different ones in the wild with expectations of security and maintenance around them.

indication of stability & availability. If I use something other than the official typescript uploader code, I'd like to have some expectation that it will keep working, and some channel for anyone maintaining alternate implementations to hear about changes.

I can't speak to if we want or plan to make the uploader endpoint a documented stable endpoint, for the reasons outlined above. What if a custom uploader starts uploading source code, or modifying files? Who would be considered responsible for that, from a legal and reasonable standpoint?

I'm neither legal nor product, so I think I should probably step away so as not to set possibly incorrect expectations. :)

!!! The answer above is my personal thoughts and does not reflect the official or unofficial stance of Codecov !!!

from uploader.

Officially,

Moved to a feature request (currently private)
https://codecov.canny.io/feedback/p/document-upload-api-so-other-projects-can-implement-it
@codecov/product

from uploader.

Thanks @drazisil-codecov

What if a custom uploader starts uploading source code, or modifying files? Who would be considered responsible for that, from a legal and reasonable standpoint?

I'm very much not a lawyer, but it's not unusual for a company to provide a REST API (e.g. Github's API) and other people entirely to provide tools that use that API (e.g. github3.py). I think it's pretty clear to everyone involved that you're trusting whoever wrote the wrapper or tool you're using, not just the company whose API it uses, and you can't blame the company if a third-party wrapper turns malicious.

I understand you'd want to be clear about the boundaries of what's maintained by codecov and what's not, and that's somewhat more challenging because you used to maintain lots of uploader tools. But I hope that's not an insurmountable obstacle. 🙂

from uploader.

+1 for getting the API published.

The canny.io website only allows Google accounts. For codecov I am using my github account.

I am still using a python uploaded (from a local mirror) and it works.

from uploader.