Create Unique IDs for every activity in the model

[kjartab]

Because the model is changing over time we need to have IDs for each activity. By doing this we can track an activity despite the title, level, subdimension or dimension changes.

Proposal:

# yaml-language-server: $schema=../../schemas/dsomm-schema-build-and-deployment.json
---
Build and Deployment:
  Build:
    Building and testing of artifacts in virtual environments:
      uuid: 8a879985-dc9b-4318-a7cb-38b4be6be991
      description: |-
        While building and testing artifacts, third party systems, application frameworks
        and 3rd party libraries are used. These might be malicious as a result of
        vulnerable libraries or because they are altered during the delivery phase.
      risk: |-
        While building and testing artifacts, third party systems, application frameworks
        and 3rd party libraries are used. These might be malicious as a result of
        vulnerable libraries or because they are altered during the delivery phase.
      measure: Each step during within the build and testing phase is performed in
        a separate virtual environments, which is destroyed afterward.
      meta:
        implementationGuide: Depending on your environment, usage of virtual machines
          or container technology is a good way. After the build, the filesystem should
          not be used again in other builds.

uuid: 8a879985-dc9b-4318-a7cb-38b4be6be991 being the addition to the model.

The field must be required in the schema documention.

[wurstbrot]

Sounds great.

[Tamronimus]

I created a PR with the updated json schema

[wurstbrot]

Also, we should use the uuid in the URL so that name changes of activities are not effecting the URL anymore.

[ivareri]

Would probably be better if the yaml key was the UUID and not the name.

---
Build and Deployment:
  Build:
    8a879985-dc9b-4318-a7cb-38b4be6be991:
      name: Building and testing of artifacts in virtual environments
      description: |-

vs

---
Build and Deployment:
  Build:
    Building and testing of artifacts in virtual environments:
      uuid: 8a879985-dc9b-4318-a7cb-38b4be6be991
      description: |-

And maybe have all actions on top level, and just reference UUID of the action where is should be included?

---
Dimensions:
  Build and Deployment:
    Build:
      - 8a879985-dc9b-4318-a7cb-38b4be6be991
      - activity2_uuid

Activities:
  8a879985-dc9b-4318-a7cb-38b4be6be991:
    name: Building and testing of artifacts in virtual environments
    description: |-

[Tamronimus]

If you were to follow your second approach, I would even make the dimension and subdimension an attribute of the activity. Here is an example:

Activities:
  8a879985-dc9b-4318-a7cb-38b4be6be991:
    name: Building and testing of artifacts in virtual environments
    dimension: Build and Deployment
    subdimension: Build
    description: |-
    ...
  8a879985-dc9b-4318-a7cb-38b4be6be99X:
    ...

I like the simplicity of yaml files very much, but I believe more and more that in the long run there is no way around building a relational database. Building a relational database would also help for #244

[ivareri]

Getting off issue, but in you're example I would only stick subdimension in the Activity. With both in the activity you might end up accidentally mismatching dimension and subdimension. Relation between dimension and subdimension should be mapped only once.

+1 for a relational database. That would fix all these issues, in addition to providing storage for assessment data :)

[kjartab]

Now that this is in the model - could a new release be greated - maybe a little patch bump? :)

[kjartab]

Solved in #243

[wurstbrot]

Now that this is in the model - could a new release be greated - maybe a little patch bump? :)

Added also GSoC parts, new release created.