CI/CD details (#29)

* CI/CD details Adds more features to the CI/CD automations to ensure quality in our releases * Update README.md * Update README.md * Add secured runners details
TBD54566975 · Nov 9, 2023 · ee7e81a · ee7e81a
1 parent 7dfeebf
commit ee7e81a
Showing 1 changed file with 20 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -159,26 +159,40 @@ An individual SDK will consider a feature implemented once the following require
 * For the forseeable future, each SDK is free to publish releases at a frequency that the SDK's respective DRI sees fit
 
 ## CI / CD
-Each SDK will use Github Actions for CI/CD
+Each SDK will use Github Actions for CI/CD and other automations
 
 | Feature                       | Typescript | Kotlin | Rust | Swift |
 | ----------------------------- | ---------- | ------ | ---- | ----- |
 | OSS License Check             | ❌          | ❌      | ❌    | ❌     |
+| Security Scanning             | ❌          | ❌      | ❌    | ❌     |
+| Static Analysis Linting/Style | ❌          | ❌      | ❌    | ❌     |
 | Running Unit Tests            | ✅          | ✅      | ❌    | ❌     |
+| Publishing Tests Reports      | ❌          | ❌      | ❌    | ❌     |
+| Code Coverage (CodeCov)       | ❌          | ❌      | ❌    | ❌     |
 | Publishing Artifacts          | ❓          | ❌      | ❌    | ❌     |
+| Release Template Checklist    | ❌          | ❌      | ❌    | ❌     |
+| Automated GH Release Tag      | ❌          | ❌      | ❌    | ❌     |
 | Publishing API Reference Docs | ❌          | ✅      | ❌    | ❌     |
 | Publish Example Feature Usage | ❌          | ✅      | ❌    | ❌     |
 
+* GitHub Actions should run in secured runners
+  * A secure, authoritative build environment ensures software is compiled and packaged in a controlled, tamper-resistant setting.
+  * This mitigates the risk of introducing vulnerabilities or malicious code during the build process, whether through external attacks or compromised internal components.
+  * These runners are going to be TBD-owned and self hosted
+* Ideally the above table should be represented by a "Software Catalog" with all of our SDK statuses in real time.
+  * The dashboard would be consuming the data sources (GitHub, CodeCov, Snyk, Npm and other registries etc.)
+  * Tools like Grafana, Backstage, or even Jenkins (weather flag) could aggregate them
+
 ## Publishing Artifacts
 Each SDK will be published to the most widely adopted registry/repository for the respective language
 
 
 | SDK        | Repository    |
 | ---------- | ------------- |
-| Typescript | npm           |
-| Kotlin     | maven central |
-| Rust       | ?             |
-| Swift      | ?             |
+| Typescript | npm                 |
+| Kotlin     | maven central       |
+| Rust       | crates              |
+| Swift      | swift package index |
 
 
 ## Publishing API Reference Documentation
@@ -397,4 +411,4 @@ Further, the key manager interface **must** be passed as an argument to _all_ pu
 | Validation   | ✅          | ✅      | ❌    | ❌     |
 | Signing      | ✅          | ✅      | ❌    | ❌     |
 | Verification | ✅          | ✅      | ❌    | ❌     |
-| Parsing      | ✅          | ✅      | ❌    | ❌     |
+| Parsing      | ✅          | ✅      | ❌    | ❌     |