On Fri, Jul 26, 2013 at 12:46 AM, James Westby <[email protected]>wrote:
> Hi, > > Now that the skeleton of the server side is in place, Martin has asked > me to start looking at one of the next topics, scanning click packages > on upload for automated checks (and probably extracting information so > the developer doesn't have to enter it). > > Already in SCA we have a system to pass off uploaded tarballs for > automated packaging (pkgme). I think that this could largely be re-used, > just changing the task that is being run to do click-related tasks. > > It works by making an API call to another service on each upload. This > service retrieves the file, scans it, and then makes a callback request > with the output. I think it would be pretty straightforward to adapt > this to work for click packages too. > > The main question in my mind is how the scanning would fit in to the > workflow. For example should the developer upload the file, and then > wait for the scanning before entering the rest of the information? > Should the scanning come after and the results be presented to the > reviewers? Perhaps both for different checks. > > Martin has suggested that the first check be that the package name in > the manifest matches the package name the developer entered in SCA. > Even if it's not something we want to do straight away, won't we be aiming for the developer not needing to enter details that are already included in the package? If so, I'd assume we'd want the results of the scan before asking for those details. We may even be able to structure the workflow so they don't need to wait. A few questions/thoughts: * Could we eventually move the upload step to the beginning of the workflow? * Can we initiate the scan directly after the async upload finishes - ie while the dev is still possibly entering other info... if there is other info? * I'm assuming the scan won't take more than 0.5 second, but downloading the package to the pkgme service will be biggest contributor to latency - would it be worth using pkgme locally on the updown service you guys created so that there's no latency there - possibly the results could be returned with the completion of the upload. A subordinate charm maybe? * Not for now, but eventually, could we create a cmd-line interface to the updown service that uses your login creds to upload your package and then redirect your browser to the rest of the workflow (ie. the scan data would already be there). -Michael
-- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
