[DRIVERS-1383] Automate Driver Releases Created: 31/Aug/20  Updated: 04/Apr/22

Status: Implementing
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Epic Priority: Major - P3
Reporter: Alexander Golin (Inactive) Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on PHPLIB-583 Automate PHPLIB Release Process Backlog
depends on CDRIVER-2845 Improve C driver release process Closed
depends on CXX-1676 Automate C++ driver release process Closed
depends on NODE-2792 Automate Driver Releases Backlog
depends on RUBY-2390 Automate Driver Releases Backlog
depends on MOTOR-616 Automate Driver Releases Blocked
depends on CSHARP-3200 Release on Evergreen Closed
depends on CXX-2100 Automate Driver Releases Closed
depends on GODRIVER-1737 Automate Driver Releases Closed
depends on JAVA-3793 Support publishing release builds on ... Closed
depends on JAVA-3827 Automate Driver Releases Closed
depends on PHPC-1674 Automate Driver Releases Closed
depends on RUST-546 Automate Driver Releases Closed
Related
Driver Changes: Needed
Quarter: FY21Q1
Start date:
Cost Threshold %: 100
Driver Compliance:
Key Status/Resolution FixVersion
CXX-2100 Duplicate
CSHARP-3200 Fixed 2.23.0
GODRIVER-1737 Won't Do
JAVA-3827 Duplicate
NODE-2792 Backlog
MOTOR-616 Blocked
PHPC-1674 Won't Do
RUBY-2390 Backlog
RUST-546 Fixed 1.2.0
SWIFT-997 Won't Do
PYTHON-1631 Done 3.11.1
JAVA-3793 Fixed 4.1.0
CXX-1676 Won't Do
CDRIVER-2845 Won't Do
PHPLIB-583 Backlog

 Description   
Epic Summary

Summary
Outline a roadmap to move all drivers to evergreen-based-releases.

Motivation
Drivers releases are often downloaded from package index (pip, maven, cpan) or from github directly. Currently only some of the driver releases are signed and the process of signing them is not standardized. Releasing drivers via Evergreen will allow us to better audit the release process (including signing packages). For many of our customers there is a requirement to adhere to an SDLC process that ensures the packages we provide are not tampered with by any internal participant in the process of producing and releasing those packages. Often these requirements are stated by our customers in security and compliance questionnaires. Currently, we list exceptions on these questionnaires related to drivers SDLC and signed packages. This effort should reduce the friction during sales cycles due to the number of exceptions we list.

Cast of Characters

Document Author: Rathi Gnanasekaran
Product Owner: Rachelle Palmer
Program Manager: Alexander Golin & Esha Bhargava
Stakeholders: Drivers

Documentation

Scope Document
Evergreen Documentation



 Comments   
Comment by Alexander Golin (Inactive) [ 31/Aug/20 ]

This epic has been split off of DRIVERS-714, which was originally "Automate and Sign Driver Releases," now just "Sign Driver Releases." In the Drivers Leads meeting on 8/31/20 we decided it would be best to split these into two distinct efforts because teams should be unblocked on automating releases even if they are blocked on signing releases.

Generated at Thu Feb 08 08:23:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.