hazza/docker-stacks
1
0
Fork 0
mirror of https://github.com/jupyter/docker-stacks.git synced 2025-10-17 15:02:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce policy for new images/packages (#2016)

Browse Source 
* Introduce policy for new images/packages

* Fix GitHub links

* Upadte list
This commit is contained in:
Ayaz Salikhov
2023-10-27 13:00:22 +03:00
committed by GitHub
parent df0464cf4e
commit 2e35c52f83
3 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/index.rst
View File

@@ -32,6 +32,7 @@ Table of Contents
:maxdepth: 2 :maxdepth: 2
:caption: Maintainer Guide :caption: Maintainer Guide
maintaining/new-images-and-packages-policy
maintaining/tasks maintaining/tasks
maintaining/aarch64-runner maintaining/aarch64-runner

35
docs/maintaining/new-images-and-packages-policy.md Normal file
View File

@@ -0,0 +1,35 @@
# Policy on adding new images and packages
There are many things we consider, while adding new images and packages.
Here is a non exhaustive list of things we do care about:
1. **Software health**, details, and maintenance status
- reasonable versioning is adopted, and the version is considered to be stable
- has been around for several years
- the package maintains documentation
- a changelog is actively maintained
- a release procedure with helpful automation is established
- multiple people are involved in the maintenance of the project
- provides a `conda-forge` package besides a `pypi` package, where both are kept up to date
- supports both `x86_64` and `aarch64` architectures
2. **Installation consequences**
- GitHub Actions build time
- Image sizes
- All requirements should be installed as well
3. Jupyter Docker Stacks _**image fit**_
- new package or stack is changing (or inherits from) the most suitable stack
4. **Software impact** for users of docker-stacks images
- How this image can help existing users, or maybe reduce the need to build new images
5. Why it shouldn't just be a documented **recipe**
6. Impact on **security**
- Does the package open additional ports, or add new web endpoints, that could be exploited?
With all this in mind, we have a voting group, which consists of
[mathbunnyru](https://github.com/mathbunnyru),
[consideRatio](https://github.com/consideRatio),
[yuvipanda](https://github.com/yuvipanda) and
[manics](https://github.com/manics).
This voting group is responsible for accepting or declining new packages and stacks.
The change is accepted, if there are **at least 2 positive votes**.

1
docs/maintaining/tasks.md
View File

@@ -42,6 +42,7 @@ Pushing the `Run Workflow` button will trigger this process.
```{note} ```{note}
In general, we do not add new core images and ask contributors to either In general, we do not add new core images and ask contributors to either
create a [recipe](../using/recipes.md) or [community stack](../contributing/stacks.md). create a [recipe](../using/recipes.md) or [community stack](../contributing/stacks.md).
We have a [policy](./new-images-and-packages-policy.md), which we consider when adding new images or new packages to existing images.
``` ```
You can see an example of adding a new image [here](https://github.com/jupyter/docker-stacks/pull/1936/files). You can see an example of adding a new image [here](https://github.com/jupyter/docker-stacks/pull/1936/files).