Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce policy for new images/packages #2016

Merged
merged 4 commits into from
Oct 27, 2023
Merged

Introduce policy for new images/packages #2016

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
50f0c53
Introduce policy for new images/packages
mathbunnyru Oct 24, 2023
88e6820
Fix GitHub links
mathbunnyru Oct 24, 2023
3c7d5f6
Upadte list
mathbunnyru Oct 26, 2023
a7879db
Merge branch 'main' into images_policy
mathbunnyru Oct 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ Table of Contents
:maxdepth: 2
:caption: Maintainer Guide

maintaining/new-images-and-packages-policy
maintaining/tasks
maintaining/aarch64-runner

Expand Down
35 changes: 35 additions & 0 deletions docs/maintaining/new-images-and-packages-policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Policy on adding new images and packages

There are many things we consider, while adding new images and packages.

Here is a non exhaustive list of things we do care about:

1. **Software health**, details, and maintenance status
- reasonable versioning is adopted, and the version is considered to be stable
- has been around for several years
- the package maintains documentation
- a changelog is actively maintained
- a release procedure with helpful automation is established
- multiple people are involved in the maintenance of the project
- provides a `conda-forge` package besides a `pypi` package, where both are kept up to date
- supports both `x86_64` and `aarch64` architectures
2. **Installation consequences**
- GitHub Actions build time
- Image sizes
- All requirements should be installed as well
3. Jupyter Docker Stacks _**image fit**_
- new package or stack is changing (or inherits from) the most suitable stack
4. **Software impact** for users of docker-stacks images
- How this image can help existing users, or maybe reduce the need to build new images
5. Why it shouldn't just be a documented **recipe**
6. Impact on **security**
- Does the package open additional ports, or add new web endpoints, that could be exploited?

With all this in mind, we have a voting group, which consists of
[mathbunnyru](https://github.com/mathbunnyru),
[consideRatio](https://github.com/consideRatio),
[yuvipanda](https://github.com/yuvipanda) and
[manics](https://github.com/manics).

This voting group is responsible for accepting or declining new packages and stacks.
The change is accepted, if there are **at least 2 positive votes**.
1 change: 1 addition & 0 deletions docs/maintaining/tasks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ Pushing the `Run Workflow` button will trigger this process.
```{note}
In general, we do not add new core images and ask contributors to either
create a [recipe](../using/recipes.md) or [community stack](../contributing/stacks.md).
We have a [policy](./new-images-and-packages-policy.md), which we consider when adding new images or new packages to existing images.
```

You can see an example of adding a new image [here](https://github.com/jupyter/docker-stacks/pull/1936/files).
Expand Down