Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add initial guide for maintaining Software Bill-of-Materials #1251

Merged
merged 6 commits into from
Dec 19, 2023
Merged

Add initial guide for maintaining Software Bill-of-Materials #1251

merged 6 commits into from
Dec 19, 2023

Conversation

sethmlarson
Copy link
Contributor

@sethmlarson sethmlarson commented Dec 18, 2023
edited by github-actions bot
Loading

Part of python/cpython#112302
Closes #1241

This adds an initial guide for maintaining CPython's SBOM document for core developers and adds a future location for the docs for later additions to CPython's SBOM tooling (e.g. when I implement external/optional dependencies from cpython-source-deps).

📚 Documentation preview 📚: https://cpython-devguide--1251.org.readthedocs.build/

@sethmlarson sethmlarson mentioned this pull request Dec 18, 2023
Merged
hugovk
hugovk reviewed Dec 18, 2023
View reviewed changes
Copy link
Member

@hugovk hugovk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this!

developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
@sethmlarson
Copy link
Contributor Author

Thanks for the review @hugovk, I believe I've incorporated all of your suggestions :)

@sethmlarson sethmlarson requested a review from hugovk December 18, 2023 20:15
hugovk
hugovk reviewed Dec 18, 2023
View reviewed changes
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
@sethmlarson
Copy link
Contributor Author

Thanks for the review @hugovk, I've done the following:

  • Flattened the embedded lists as you recommended.
  • Switched the numbered list of items back to unnumbered
  • Split the "Remove" section to be separate
  • Added a lot more detail into describing which SPDX SBOM fields to use for information.

@sethmlarson sethmlarson requested a review from hugovk December 19, 2023 17:07
hugovk
hugovk reviewed Dec 19, 2023
View reviewed changes
Copy link
Member

@hugovk hugovk left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good! Just some little nits!

(You can click "Add suggestion to batch" and then commit them all at the same time.)

developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
@sethmlarson @hugovk
Apply suggestions from code review
3361cb2 
Co-authored-by: Hugo van Kemenade <[email protected]>
@sethmlarson
Copy link
Contributor Author

@hugovk Done! Thanks for teaching me about that GitHub feature btw, I hadn't used it before since it always seemed to be greyed out :)

hugovk
hugovk reviewed Dec 19, 2023
View reviewed changes
developer-workflow/sbom.rst Outdated Show resolved Hide resolved
@sethmlarson @hugovk
Fix inline code example
af05a5a 
Co-authored-by: Hugo van Kemenade <[email protected]>
@ezio-melotti ezio-melotti self-requested a review December 19, 2023 17:32
hugovk
hugovk approved these changes Dec 19, 2023
View reviewed changes
Copy link
Member

@hugovk hugovk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

We can link to this page on the CI when make regen-sbom fails.

@sethmlarson
Copy link
Contributor Author

I'm happy to merge this whenever, I'll take it as an action to link to the new page once available in the regen-sbom CI job too.

@hugovk
Copy link
Member

hugovk commented Dec 19, 2023

Let's merge now, we can make adjustments whenever we need to. Thanks again!

@hugovk hugovk merged commit 4cbaee5 into python:main Dec 19, 2023
4 checks passed
@sethmlarson sethmlarson deleted the sbom branch December 19, 2023 18:32
@sethmlarson sethmlarson mentioned this pull request Dec 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ezio-melotti ezio-melotti ezio-melotti approved these changes

@hugovk hugovk hugovk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create instructions for how to upgrade dependencies and keep SBOM up-to-date
3 participants
@sethmlarson @hugovk @ezio-melotti