TSC Meeting (12 Dec 2023) - v3.8.1 patch release progress, v3.9.0 release plans, ST2-K8s security

[arm4b]

December 2023 @StackStorm/tsc 1 hour meeting:

• Tuesday, 12 December 2023, 09:30 AM US Pacific / 06:30 PM EU CET
• See https://github.com/StackStorm/community/issues/33 for the schedule and how to join
• TLDR; Jitsi link: https://meet.jit.si/StackStormTSC

Meeting Agenda

v3.8.1 Release Progress (finalizing)

• Project - https://github.com/orgs/StackStorm/projects/34
• Release Manager: @armab
• Release Assistant: @nzlosh
• Current state: finishing pre-release testing https://github.com/StackStorm/community/issues/128
• To be cut on a week of 11-14 Dec

StackStorm Contributors and Maintainers

StackStorm v3.8.1 patch release wouldn't be possible without our opensource community who listened when we asked for help and stepped in to assist: fixing broken builds, updating dependencies, security, testing. Let's highlight volunteers, contributors and maintainers who were active recently or helped with the v3.8.1 patch release and upcoming v3.9.0.

Starting strong with the community-driven v3.8.1, there's much more work that needs to be done for the upcoming bigger v3.9!

v3.9.0 Release Planning

• Project: https://github.com/orgs/StackStorm/projects/31
• Target: ???
  • +1m, +2m, +3m after the patch release?
• Release Manager: TSC volunteer Needed!
• Release Assistant: TSC volunteer Needed!
• Major changes:
  • Drop py3.6
  • Drop U18
  • Migrate py3.6 -> py?? for EL7
  • Update all the dependencies
  • Add U22
  • Upgrade MongoDB to v6.0
  • SSO/SAML support (PRs by community)
  • pants builds?
  • anything else?

Adding automated security scan for stackstorm-k8s

Requested by @ZoeLeah to add security scan like like Snyk to raise awareness around StackStorm K8s/Docker security, its components and builds.

[ZoeLeah]

We use Snyk not only for scanning stackstorm-k8s, but for all repositories of StackStorm that we use. Here is some information about Snyk and how you can register open source software for free: https://snyk.io/de/open-source-projects/

[ZoeLeah]

If it's not too late, I would like to add another item to the agenda. SonarCloud: https://www.sonarsource.com/products/sonarcloud/

[arm4b]

Meeting Minutes

Attendees

@ZoeLeah, @winem, @rush-skills, @dalesmith, Ravi, Scott, Wilson, @amanda11, @armab

v3.8.1 patch release progress

• https://github.com/orgs/StackStorm/projects/34
• the packages are in staging-stable
• pre-release testing finished
• blog post drafted/in review
• planning to cut v3.8.1 this week

Contributors, Maintainers and Adopters

• TSC to vote on recognizing new Contributors:
  • https://github.com/StackStorm/st2/pull/6085
  • https://github.com/StackStorm/st2/pull/6091
  • https://github.com/StackStorm/st2/pull/6090
  • https://github.com/StackStorm/st2/pull/6089
  • https://github.com/StackStorm/st2/pull/6088
  • https://github.com/StackStorm/st2/pull/6087
  • https://github.com/StackStorm/st2/pull/6086
  • https://github.com/StackStorm/st2/pull/6084
  • https://github.com/StackStorm/st2/pull/6096

New Adopters:

• https://github.com/StackStorm/st2/pull/6067
• https://github.com/StackStorm/st2/pull/6092

v3.9.0 Plans

Project - https://github.com/orgs/StackStorm/projects/31/views/1 TSC decided to ship the following in the upcoming v3.9.0:

• pants?
  • @cognifloyd to clarify the plans
  • not a blocker for a release
• Drop U18
  • drop py3.6
• Drop EL7
  • drop py3.6
• Add Ubuntu22
  • add py3.10
• Add EL9
  • add py3.9
• Upgrade MongoDB v6.0
  • https://github.com/StackStorm/st2/pull/6079
• st2chatops
  • npm dependencies
  • update to Nodejs 20
• SAML/SSO support
  • needs community testing
• update pip dependencies

Snyk (security checks) and SonarCloud (linting, static analysis) integrations

• @ZoeLeah will share screenshots/UI from these tools to give an idea of actionable reports
• Security project backlog: https://github.com/orgs/StackStorm/projects/25 👀