Releases: clearlydefined/service
v1.3.1
Patch release to update prod deploy workflow to use [email protected]. See operations v1.1.0 release notes for more information.
Changes: v1.3.0...v1.3.1
v1.3.0
Release Highlights
Release tag: v1.3.0
There is one change of interest:
- Conda was added as a package manager source. Details on usage are provided below under the Add Conda support section.
Upgrade Notes
No Action Required. Optionally, you can start requesting harvests for Conda packages. See details below.
What’s changed
Changes: v1.2.0...v1.3.0
Minor Changes
Add Conda support
There is one significant change in this release to add support for Conda package manager. It is classified as minor because it is additive. It does not impact the functioning of previously supported package managers.
Coordinates syntax:
- type (required) - identifies to use the Conda provider (values: conda | condasource)
- provider (required) - channel on which the package will be crawled. (values: conda-forge | anaconda-main | anaconda-r)
- namespace (optional) - architecture and OS of the package to be crawled (e.g. win64, linux-aarch64). If no architecture is specified, any architecture is chosen.
- package name (required): name of the package
- revision (optional): package version and optional build version (format:
(${version} | )-(${buildversion} | )
) (e.g.0.3.0
,0.3.0-py36hffe2fc
). If it is a conda coordinate type, the build version of the package is usually a conda-specific representation of the build tools and environment configuration, and build iteration of the package (e.g. for a Python 3.9 environment, buildversion ispy39H443E
). If none is specified, the latest one will be selected using the package's timestamp.
Examples:
- conda/conda-forge/linux-aarch64/numpy/1.13.0
- condasource/conda-forge/linux-aarch64/numpy/1.13.0
- conda/conda-forge/-/numpy/1.13.0/
- conda/conda-forge/linux-aarch64/numpy/-py36
You can find additional information in the crawler v1.1.0 release notes.
Bug Fixes and Patches
Development related
- Update license mapping with latest ScanCode LicenseDB data (#1049) (@lumaxis)
- Add source location in definitions for sourcearchive packages (#1108) (@qtomlinson)
- Fix originConda route (#1113) (@qtomlinson)
- [conda] fixed service component bug (#1112) (@lamarrr, @lumaxis)
DevOps
- Update test workflow (#1114) (@lumaxis)
- use shared dev deploy workflow in operations (#1092) (@elrayle)
- Add now-required env vars to docs and minimal.env.json (#1083) (@lumaxis)
- Improve formatting and linting setup (#1058) (@lumaxis)
Dependencies
- Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#1110) (@dependabot[bot])
- Bump the docker-actions group with 2 updates (#1105) (@dependabot[bot])
- Bump the azure-actions group with 2 updates (#1104) (@dependabot[bot])
- Bump peter-evans/create-pull-request from 6.0.1 to 6.0.4 (#1102) (@dependabot[bot])
- Bump azure/login from 1.6.1 to 2.0.0 (#1071) (@dependabot[bot])
- Bump docker/build-push-action from 5.1.0 to 5.2.0 (#1070) (@dependabot[bot])
- Add groups to Dependabot config (#1086) (@lumaxis, @github-actions[bot])
v1.2.0
Release Highlights
Release tag: v1.2.0
There are two changes of interest:
- improved coordinate checking for PyPI
- addition of an action that automatically updates the LicenseDB data
The remaining changes impact the development and deploy processes.
Upgrade Notes
There are no required actions for this upgrade.
What’s changed
Changes: v1.1.0...v1.2.0
Minor Changes
Improve coordinate checking for PyPI
- Use dependency injection in PypiCoordinatesMapper (#1072) (@qtomlinson)
- Restrict PyPI coordinates name in PypiCoordinatesMapper (#1065) (@qtomlinson)
Action to automatically update the LicenseDB data
- Delete azure-pipelines.yml (#1057) (@lumaxis)
- Update Actions workflow to pull in LicenseDB data (#1050) (@lumaxis)
Display information related to the deploy in the default endpoint
The sha of the deployed code is displayed at the default endpoint. This is useful for debugging.
Example:
{ "status": "OK", "sha": "89555eb2a172d4c804d1f4541377e300de77ca63" }
- get latest release version from GitHub API for prod deploy (#1055) (@elrayle)
- get version from package.json instead of release (#1053) (@elrayle)
Bug Fixes and Patches
Development related
- Improve formatting and linting setup (#1058) (@lumaxis)
- Add integration tests (#1042) (@qtomlinson)
- Use URL object to generate request URL (#1066) (@lumaxis)
Move deploy process to GitHub Actions
- update prod deploy action to use prod azure credentials (#1052) (@elrayle)
- add GitHub action for deploy of production service (#1051) (@elrayle)
- remove docker secrets from deploy action (#1048, #1073, #1074) (@elrayle, @lumaxis)
Dependency updates
- Bump github/codeql-action from 3.24.5 to 3.24.6 (#1068) (@dependabot[bot])
- Bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#1067) (@dependabot[bot])
- Bump github/codeql-action from 3.24.0 to 3.24.5 (#1062) (@dependabot[bot])
- Bump ip from 2.0.0 to 2.0.1 (#1061) (@dependabot[bot])
v1.1.0
Release v1.1.0 is a minor release.
Release Highlights
- updates to Mongo indexing
- deprecate TRIMMED_DEFINITION_MONGO_COLLECTION_NAME
Upgrade Notes
There are no required changes to move to this version. There is a recommended change related to a deprecation. See Deprecations section for more information.
updates to Mongo indexing
API affected: get definitions with sort fields set to descending.
For example:
Sorting order is determined by:
sortDesc=false – sort ascending (default)
sortDesc=true – sort descending
Behavior in v1.0.0
In this version, the sort honored sortDesc for any field identified as a sort field. Within multiple matches of those sort fields that share the same value, the results were being sorted ascending by coordinates regardless of the value of sortDesc. This is incorrect behavior.
New Behavior in v1.1.0
The new behavior sorts the identified sort fields and the coordinates in the same direction as identified by the sortDesc parameter.
It is recommended, but not required, that you delete the indices that are NOT documented in the _createIndexes method in clearlydefined/docker_dev_env_experiment/service/providers/stores/abstractMongoDefinitionStore.js
If you accidentally delete too many indices, they will be regenerated the next time you restart the service. NOTE: This can take a long time.
Deprecations
Deprecating TRIMMED_DEFINITION_MONGO_COLLECTION_NAME
. If you are using this configuration, you should update the configs to use the name DEFINITION_MONGO_TRIMMED_COLLECTION_NAME
instead.
- Rename trimmed definition variable (@qtomlinson)
- deprecate config TRIMMED_DEFINITION_MONGO_COLLECTION_NAME (@elrayle)
What’s Changed
Bug Fixes and Patches
- Fix azure pipeline error (@qtomlinson)
- Minor fixes (@qtomlinson)
- Expose revision in definition.find as a sort option (@qtomlinson)
- Target Node.js v18 (@JamieMagee)
- Regenerate lockfile from v1 to v3 (@JamieMagee)
- Formatting change (@qtomlinson)
- Update Environment Variables (@qtomlinson)
- Update SPDX related versions (@qtomlinson)
- Fix curation review url to point to the corresponding server (@qtomlinson)
Documentation
- Update documentation (@qtomlinson)
v1.0.0
Release v1.0.0 is a re-release of the current production service which was last released Feb 28, 2023. The purpose of this release is to establish a known baseline as the starting point for the transition to using Semantic Versioning for the released versions. Future releases will have a Docker image stored in GitHub Packages.
Release Highlights
Release tag: v1.0.0
NOTE: The version in package.json differs from the release tag because it was previously set and could not be changed.
Breaking Changes
none
Upgrade Notes
No Action Required
What’s changed
This release is identical to the code that has been the production release since Feb 28, 2023.
previous-release:
- sha: 98f3f4745abf26d48a846aa2ea990402f782bd80
- date: 12-5-2022
Changes: previous-release...v1.0.0