search

status-im / status-software-legal-documents

The single source of truth for all Status Software privacy policy references. If it isn't in this repo it probably isn't legitimate, unless Legal say different.
0 stars 0 forks source link

Feature Request: Use Git Submodule for Legal Documents Comparison #5

Open Samyoul opened 3 days ago

Samyoul commented 3 days ago

Feature Request: Use Git Submodule for Legal Documents Comparison

Summary:

We should introduce a CI step that compares local legal documents in the status-mobile and status-desktop repositories with the source legal documents in the status-software-legal-documents repository. This can be achieved by adding status-software-legal-documents as a Git submodule and using it as the basis for comparison.

Motivation:

To ensure that platform-specific legal documents (such as privacy policies) are always in sync with the canonical versions from the status-software-legal-documents repository, we can automate the comparison process using Git submodules and git diff. This ensures there are no discrepancies and minimises the risk of legal document inconsistencies.

Proposed Solution:

  1. Add the status-software-legal-documents repository as a Git submodule: To ensure the legal documents are up-to-date across platforms, we can add the status-software-legal-documents repository as a submodule to the platform-specific repositories.
# Navigate to the target repository (e.g., status-mobile)
cd status-mobile

# Add the legal documents repository as a submodule
git submodule add https://github.com/status-im/status-software-legal-documents.git path/to/legal-docs

# Initialise and update the submodule
git submodule update --init
  1. Compare Local Files with the Submodule: Once the submodule is added, we can compare the local legal documents with the submodule files using git diff --no-index. This allows us to verify if any differences exist between the two versions.

Example:

git diff --no-index path/to/local-file.md path/to/legal-docs/privacy-policy.md
  1. Automate Comparison in CI: To automate this process, we can create a script that performs the following:

Example CI Script:

#!/bin/bash

# Ensure the submodule is updated to the latest version
git submodule update --remote

# Compare the local file with the submodule file
if ! git diff --no-index path/to/local-file.md path/to/legal-docs/privacy-policy.md; then
  echo "Differences found between the local file and the submodule file."
  exit 1
else
  echo "No differences found. Files are in sync."
fi

This script could be added to the CI pipeline to ensure that PRs involving legal documents are automatically checked for consistency.

Why Do This?:

Next Steps:

Old issue proposal ## Summary: We should introduce some kind of CI process to ensure that the platform documents (across `status-mobile`, `status-desktop`, etc.) have no differences from the official legal documents hosted in `status-software-legal-documents`. This would help maintain consistency and avoid potential legal discrepancies across platforms. ## Motivation: As the legal documents (e.g., privacy policy, terms of use) may be duplicated across different repositories and projects (`status-mobile`, `status-desktop`, etc), it's crucial to ensure that no accidental changes or discrepancies are introduced in those platform-specific versions. A CI check will automatically verify that the copies of the legal documents used in these repositories are always up-to-date with the canonical versions from the `status-software-legal-documents` repository. ## Proposed Solution: 1. Download the raw versions of the files from GitHub and compare them: We can use a CI tool to download the raw files from the relevant repositories, and then compare them using git diff (or another diff tool). Here's an example of how it could be done: ```bash wget -O legal-original.md https://raw.githubusercontent.com/status-im/status-software-legal-documents/master/privacy-policy.md wget -O mobile-copy.md https://raw.githubusercontent.com/status-im/status-mobile/develop/path/to/privacy-policy.md wget -O desktop-copy.md https://raw.githubusercontent.com/status-im/status-desktop/develop/path/to/privacy-policy.md ``` 2. Use git diff to compare the downloaded files: Once the files are downloaded, we can use git diff to compare the legal document against the platform-specific copies: ```bash git diff legal-original.md mobile-copy.md git diff legal-original.md desktop-copy.md ``` 3. Automating in CI: This can be integrated into the CI pipeline by writing a small script that performs the following steps: - Fetch the legal document from the `status-software-legal-documents` repository. - Fetch the corresponding documents from the platform repositories (e.g., `status-mobile`, `status-desktop`). - Compare the documents using a diff tool. - Fail the CI job if any differences are found. We can add this CI step to repositories like `status-mobile` and `status-desktop` so that every PR that modifies these documents will automatically check for discrepancies. Example CI Script: ```bash #!/bin/bash # Fetch legal document wget -O legal-original.md https://raw.githubusercontent.com/status-im/status-software-legal-documents/master/privacy-policy.md # Fetch platform-specific copies wget -O mobile-copy.md https://raw.githubusercontent.com/status-im/status-mobile/develop/path/to/privacy-policy.md wget -O desktop-copy.md https://raw.githubusercontent.com/status-im/status-desktop/develop/path/to/privacy-policy.md # Perform diff checks if ! git diff --quiet legal-original.md mobile-copy.md; then echo "Diff found between legal document and mobile version" exit 1 fi if ! git diff --quiet legal-original.md desktop-copy.md; then echo "Diff found between legal document and desktop version" exit 1 fi echo "No diff found, all platform documents are up to date" ``` ## Next Steps: - Integrate this script (or a variation of it) into the CI for relevant repositories. - Ensure that any PRs affecting legal documents trigger this check. ## Benefits: - Prevents accidental modification or out-of-sync issues with legal documents across platforms. - Ensures users of all platforms are presented with the same legal information. - Adds an extra layer of compliance and peace of mind for the team.
Samyoul commented 3 days ago

@siddarthkay Do you know if what I've proposed in this issue is possible? 🙏 Thank you.

siddarthkay commented 3 days ago

I think using git submodules would be a cleaner solution which would also eliminate the need for these checks.

A git submodule would ensure that this repository is cloned into status-mobile / status-desktop and the markdown files for respective privacy policies.

This ensures a single source of truth and further reduces the chance that we deviate from what is approved by legal in https://github.com/status-im/status-software-legal-documents ref -> https://github.blog/open-source/git/working-with-submodules/

see how status-desktop uses status-go via git submodules -> https://github.com/status-im/status-desktop/tree/master/vendor

jakubgs commented 3 days ago

I agree, submodules are way simpler way of tracking other Git repos than writing some kind of custom monstrocity that calls wget.

The only caveat is that you still have to check the diff of local submodules master against origin remote master, but that's it. That can be just a simple check that's part of same job that does shit like code linting.

Samyoul commented 3 days ago

:( But I like custom monstrosities bloating the code base and Infra's overheads.

Thank you @siddarthkay and @jakubgs , I'll update this Issue to use submodules and a tiny bit of CI to check the code is identical.

EDIT: Ok I've edited the title and description of this issue.