probot-security-alerts icon indicating copy to clipboard operation
probot-security-alerts copied to clipboard
verified publisher icon advanced-security

Create ADRs to record decisions for vNext

Open kenmuse opened this issue 1 year ago • 1 comments

  1. Move away from directly supporting development outside of a dev container. Given the dependencies in v2, it doesn't make sense and adds overhead
  2. Move to using the Client ID instead of the Application ID (assuming Probot support), consistent with https://github.blog/changelog/2024-08-23-client-ids-are-now-included-in-app-api-responses/. If support is missing today, still require Client ID in the IaC for deployment to support that transition once it is supported.
  3. Validation, builds, and dev container should all use the same version of NodeJS. At the present time, builds/validation can use a newer version than what was used for development.
  4. Naming convention for images/packages will broadly be probot-security-alerts-$HOST-$TYPE, with fields removed if not appropriate:
    • probot-security-alerts-azure-functions
    • probot-security-alerts-aws-lambda
    • probot-security-alerts-server Tags will have our version number and, as appropriate, node$MAJOR:
    • :2.0.0-node20
    • :2.0.0-node22
  5. Running in development mode will not be supported with Azure Functions or Lambda. Only with standalone server code/image.

kenmuse avatar Aug 26 '24 17:08 kenmuse