Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Release Process #203

Open
msymons opened this issue May 28, 2022 · 0 comments
Open

Improve Release Process #203

msymons opened this issue May 28, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@msymons
Copy link
Contributor

msymons commented May 28, 2022

I would like to see an improved release process...

  • Releases populated with release notes. This will help repo watchers who configure customise events for "Releases" only.

  • CHANGELOG.md updated for every release (or replaced by the usage of release notes?)

  • Improved uses of semantic versioning. Should not the additions to license mapping in 7.1.4 have warranted a minor release (7.2.0) instead of a patch release?

All of the above are used by dependabot PRs that update cyclonedx-core-java in downstream projects. Thus, addressing release notes (and/or changelog) should make a dependabot PR easier to review and approve. A difference in patch vs minor version can change the way that dependabot itself works.

As an additional justification, a wee story....

The release of cyclonedx-core-java-7.1.4 caused problems for me when it was included in cyclonedx-maven-plugin 2.7.0 and then BOMs generated using that release of the plugin resulted in displayed "License" in Dependency-Track to change for some components

Affected components were ones that use dual licensing and where one of the licenses now started to succesfully map to an SPDX license ID. Dependency-Track 4.5.0 does not support dual licences in the UI and prefers the ID over name. Hence the change of what license gets displayed. This caused me to spend a couple of hours investigating why things had changed. Bear in mind that the changes might have resulted in a policy violation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants