-
Type: Task
-
Resolution: Unresolved
-
Priority: Unknown
-
None
-
Affects Version/s: None
-
Component/s: None
Use Case
As a... (who is this for)
I want... (what is the desired change)
So that... (why is the change desired)
User Experience
- What is the desired/expected outcome for the user once this ticket is implemented?
- If bug: What is the number of impacted customers? How severe is the impact? Is anyone blocked or broken?
Dependencies
- upstream and/or downstream requirements and timelines to bear in mind
Risks/Unknowns
- What could go wrong while implementing this change? (e.g., performance, inadvertent behavioral changes in adjacent functionality, existing tech debt, etc)
- Is there an opportunity for better cross-driver alignment or testing in this area?
- Is there an opportunity to improve existing documentation on this subject?
Acceptance Criteria
Implementation Requirements
Copy release tooling from mongodb-client-encryption into zstd and configure it to satisfy SSDLC:
- static code analysis
- Configure codeql for static analysis scanning
- 3rd party dependencies
- Set up a silk asset group to track Zstd's 3rd party dependencies (zstd)
- Adjust the SBOMLite information in the repo to specify we use ZSTD@1.5.6
- artifact signing
- Use the shared GH action to sign all prebuilds
- compliance attestation
- Use the shared compliance report tooling to generate and upload a compliance report
- Authorized Publisher
- Use the shared authorized publisher report tooling to generate and upload an authorized publisher report
Set up release-please for zstd
Testing Requirements
- unit test, spec test sync, etc
Documentation Requirements
- DOCSP ticket, API docs, etc
Follow Up Requirements
- additional tickets to file, required releases, etc
- if node behavior differs/will differ from other drivers, confirm with dbx devs what standard to aim for and what plan, if any, exists to reconcile the diverging behavior moving forward