Uploaded image for project: 'Ruby Driver'
  1. Ruby Driver
  2. RUBY-3420

Questionnaire: Releases to public distribution channels - Ruby

XMLWordPrintableJSON

    • Type: Icon: Question Question
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None

      We're working on collecting information about MongoDB Products' publishes to public distribution channels (DEVPROD-4940) to understand if we're compliant with the "Authorized publication on third party distribution channels" requirement of the SSDLC Policy

      Please answer the following questions about releases/publishes for your product. There are 2 sections - one for 3rd party channels (like dockerhub, pypi, crates.io) and one for MongoDB-managed channels (like repo.mongodb.com, fastdl.mongodb.org). The compliance requirement currently specifies 3rd party channels, so it's a higher priority. But we'd also like to assess releases/publishes to our own distribution channels for security reasons.

      I'll try to pre-populate some answers based on what we know today. Feel free to change that information if it's incorrect.

      Feel free to re-assign this ticket or move to another project if needed. You can close the ticket after you answer the questions. Thank you!

       

      For 3rd party distribution channels:

      1. What distribution channels do you publish to? E.g. PyPi, npmjs, dockerhub, etc
        > RubyGems
      2. Are there any publishing tasks that happen manually and/or outside of the CI/CD platforms? E.g. someone's workstation
        >
      3. Is publishing automated via CI/CD (evergreen, github actions, etc)? If yes, what platforms?
        >
      4. If automated via CI/CD, does publishing happen in the same project/repo as mainline commits/builds/tests or in a separate project/repo?
        >
      5. If automated via CI/CD, who can trigger a release or publish to public distribution channels? Only release managers, anyone on the team, anyone with write access to the git repo, etc?
        >
      6. If automated via CI/CD, does the release project have patch builds enabled? E.g. certain tasks can be triggered from CLI or PR without commits to the main git repo? 
        >

       

      For MongoDB-managed distribution channels

      1. What distribution channels do you publish to? E.g. repo.mongodb.com/org, downloads.mongodb.com/org, etc
        >
      2. Are there any publishing tasks that happen manually and/or outside of the CI/CD platforms? E.g. someone's workstation
        >
      3. Is publishing automated via CI/CD (evergreen, github actions, etc)? If yes, what platforms?
        >
      4. If automated via CI/CD, does publishing happen in the same project/repo as mainline commits/builds/tests or in a separate project/repo?
        >
      5. If automated via CI/CD, who can trigger a release or publish to public distribution channels? Only release managers, anyone on the team, anyone with write access to the git repo, etc?
        >
      6. If automated via CI/CD, does the release project have patch builds enabled? E.g. certain tasks can be triggered from CLI or PR without commits to the main git repo? 
        >

            Assignee:
            andreas.braun@mongodb.com Andreas Braun
            Reporter:
            zakhar.kleyman@mongodb.com Zakhar Kleyman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: