Open Samyoul opened 3 days ago
@siddarthkay Do you know if what I've proposed in this issue is possible? 🙏 Thank you.
I think using git submodules would be a cleaner solution which would also eliminate the need for these checks.
A git submodule
would ensure that this repository is cloned into status-mobile
/ status-desktop
and the markdown files for respective privacy policies.
This ensures a single source of truth and further reduces the chance that we deviate from what is approved by legal in https://github.com/status-im/status-software-legal-documents ref -> https://github.blog/open-source/git/working-with-submodules/
see how status-desktop uses status-go via git submodules
-> https://github.com/status-im/status-desktop/tree/master/vendor
I agree, submodules are way simpler way of tracking other Git repos than writing some kind of custom monstrocity that calls wget
.
The only caveat is that you still have to check the diff of local submodules master against origin remote master, but that's it. That can be just a simple check that's part of same job that does shit like code linting.
:( But I like custom monstrosities bloating the code base and Infra's overheads.
Thank you @siddarthkay and @jakubgs , I'll update this Issue to use submodules and a tiny bit of CI to check the code is identical.
EDIT: Ok I've edited the title and description of this issue.
Feature Request: Use Git Submodule for Legal Documents Comparison
Summary:
We should introduce a CI step that compares local legal documents in the
status-mobile
andstatus-desktop
repositories with the source legal documents in thestatus-software-legal-documents
repository. This can be achieved by addingstatus-software-legal-documents
as a Git submodule and using it as the basis for comparison.Motivation:
To ensure that platform-specific legal documents (such as privacy policies) are always in sync with the canonical versions from the
status-software-legal-documents
repository, we can automate the comparison process using Git submodules and git diff. This ensures there are no discrepancies and minimises the risk of legal document inconsistencies.Proposed Solution:
status-software-legal-documents
repository as a Git submodule: To ensure the legal documents are up-to-date across platforms, we can add thestatus-software-legal-documents
repository as a submodule to the platform-specific repositories.git diff --no-index
. This allows us to verify if any differences exist between the two versions.Example:
git diff --no-index
to compare the local and submodule files.Example CI Script:
This script could be added to the CI pipeline to ensure that PRs involving legal documents are automatically checked for consistency.
Why Do This?:
status-software-legal-documents
.Next Steps:
status-software-legal-documents
repository as a submodule to the relevant repositoriesstatus-mobile
status-desktop
status-web
status-mobile
status-desktop
status-web
Old issue proposal
## Summary: We should introduce some kind of CI process to ensure that the platform documents (across `status-mobile`, `status-desktop`, etc.) have no differences from the official legal documents hosted in `status-software-legal-documents`. This would help maintain consistency and avoid potential legal discrepancies across platforms. ## Motivation: As the legal documents (e.g., privacy policy, terms of use) may be duplicated across different repositories and projects (`status-mobile`, `status-desktop`, etc), it's crucial to ensure that no accidental changes or discrepancies are introduced in those platform-specific versions. A CI check will automatically verify that the copies of the legal documents used in these repositories are always up-to-date with the canonical versions from the `status-software-legal-documents` repository. ## Proposed Solution: 1. Download the raw versions of the files from GitHub and compare them: We can use a CI tool to download the raw files from the relevant repositories, and then compare them using git diff (or another diff tool). Here's an example of how it could be done: ```bash wget -O legal-original.md https://raw.githubusercontent.com/status-im/status-software-legal-documents/master/privacy-policy.md wget -O mobile-copy.md https://raw.githubusercontent.com/status-im/status-mobile/develop/path/to/privacy-policy.md wget -O desktop-copy.md https://raw.githubusercontent.com/status-im/status-desktop/develop/path/to/privacy-policy.md ``` 2. Use git diff to compare the downloaded files: Once the files are downloaded, we can use git diff to compare the legal document against the platform-specific copies: ```bash git diff legal-original.md mobile-copy.md git diff legal-original.md desktop-copy.md ``` 3. Automating in CI: This can be integrated into the CI pipeline by writing a small script that performs the following steps: - Fetch the legal document from the `status-software-legal-documents` repository. - Fetch the corresponding documents from the platform repositories (e.g., `status-mobile`, `status-desktop`). - Compare the documents using a diff tool. - Fail the CI job if any differences are found. We can add this CI step to repositories like `status-mobile` and `status-desktop` so that every PR that modifies these documents will automatically check for discrepancies. Example CI Script: ```bash #!/bin/bash # Fetch legal document wget -O legal-original.md https://raw.githubusercontent.com/status-im/status-software-legal-documents/master/privacy-policy.md # Fetch platform-specific copies wget -O mobile-copy.md https://raw.githubusercontent.com/status-im/status-mobile/develop/path/to/privacy-policy.md wget -O desktop-copy.md https://raw.githubusercontent.com/status-im/status-desktop/develop/path/to/privacy-policy.md # Perform diff checks if ! git diff --quiet legal-original.md mobile-copy.md; then echo "Diff found between legal document and mobile version" exit 1 fi if ! git diff --quiet legal-original.md desktop-copy.md; then echo "Diff found between legal document and desktop version" exit 1 fi echo "No diff found, all platform documents are up to date" ``` ## Next Steps: - Integrate this script (or a variation of it) into the CI for relevant repositories. - Ensure that any PRs affecting legal documents trigger this check. ## Benefits: - Prevents accidental modification or out-of-sync issues with legal documents across platforms. - Ensures users of all platforms are presented with the same legal information. - Adds an extra layer of compliance and peace of mind for the team.