add definitions.md #53
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds the foundation for definitions to give a common semantics across the various concepts within the SDLC. This commit explicitly starts with 'build'. Signed-off-by: xibz <[email protected]>
✅ Deploy Preview for cdevents ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
In reference to cdevents/spec#253 |
lukepatrick
reviewed
Oct 7, 2025
| | Docker Registry | Stores and manages Docker container images | | ||
| | Git/GitHub/GitLab| Version Control Systems that store source code and its history | | ||
| | Amazon S3/Azure Blob Storage/GCS | Object storage services used for archiving logs, backups, or raw data | | ||
| | Kubernetes | Can store configuration via ConfigMaps/Secrets, but not typically "artifacts" | |
There was a problem hiding this comment.
I would push against the idea of Kube as a store. It is an anti-pattern to rely on Kube ConfigMaps/Secrets for durable storage. Typically "ConfigMaps/Secrets" are simply the add-on data to assist Kube to accomplish its scheduling / declarative-state tasks.
| run a system. These include: | ||
|
|
||
| - **Static assets**: images, fonts, CSS, markdown | ||
| - **Configuration files**: YAML, JSON, XML, `.env` |
|
|
||
| This document defines common concepts and ideas used across the SDLC (software | ||
| development lifecycle). By establishing a shared vocabulary, it ensures that | ||
| tools leveraging CDEvents use a consistent language and adhere to common |
There was a problem hiding this comment.
Do you want to link back to the cdevents spec?
- CD ..
- CI ...
- Testing ..
- Operations ...
|
|
||
| ## 🏗️ Build | ||
|
|
||
| A **build** is the automated process of transforming **source code** and |
There was a problem hiding this comment.
Reference cdevents spec of build ?
Related CDEvents for Builds
| - 🏷️ **Versioning**: tagging or stamping artifacts | ||
| - 🧪 **Static analysis** *(pre-build or during build)* | ||
| - 🧬 **Configuration templating**: injecting environment-specific variables | ||
|
|
There was a problem hiding this comment.
Manifest rendering
Artifact signing
xibz
commented
Oct 7, 2025
| @@ -0,0 +1,208 @@ | |||
| # CDEvents Concepts and Definitions | |||
|
|
|||
| This document defines common concepts and ideas used across the SDLC (software | |||
There was a problem hiding this comment.
In the introduction, highlight that this is meant to be used as a dictionary
lukepatrick
reviewed
Oct 19, 2025
| | Helm template to Kubernetes | ✅ Yes | `helm template` to render manifests | Generates deployable infra config | | ||
| | Helm chart packaging | ✅ Yes | `helm package` to create `.tgz` chart | Versioned artifact used in CI/CD pipelines | | ||
| | Helm deployment | ❌ No | `helm install` or `upgrade` | Deployment, not artifact creation | | ||
|
|
There was a problem hiding this comment.
More Build Example possibilities:
- Terraform plan generation
- CloudFormation packaging
- Lambda function packaging
- Buildpack container creation
- Kustomize overlay build
- SBOM generation
- Sealed Secret encryption
lukepatrick
reviewed
Oct 19, 2025
| | GitHub Actions | No strict definition — "build" is defined by your workflow steps | | ||
| | GitLab CI/CD | Often treated as a named stage (e.g., `build`, `test`, `deploy`) | | ||
| | Spinnaker | Uses "bake" or "artifact" stages, and may trigger builds externally | | ||
|
|
There was a problem hiding this comment.
Other Tool Possibilities:
- AWS CodeBuild
- Azure Pipelines
- Google Cloud Build
- CircleCI / Tekton
- BuildKit/Kaniko
- Skaffold
lukepatrick
reviewed
Oct 19, 2025
| - **Test Cases**: Specific inputs, execution steps, and expected outputs or behaviors. | ||
| - **Test Suites**: Collections of related test cases, often grouped by functionality or type. | ||
| - **Test Data**: Data used as input for test cases (e.g., mock data, sanitized production data). | ||
| - **Test Environments**: Specific configurations of hardware, software, and network settings where tests are executed. |
There was a problem hiding this comment.
Ephemeral / Declarative / etc.. as other Environment possibilities?
lukepatrick
reviewed
Oct 19, 2025
| - 📝 **Reporting**: Generating logs, metrics, and reports of test results. | ||
| - ⚙️ **Setup/Teardown**: Preparing the test environment before execution and cleaning up resources afterward. | ||
| - 📈 **Coverage Analysis**: Measuring the extent to which the code or system has been exercised by tests. | ||
|
|
There was a problem hiding this comment.
Possibly add metric collection and analysis for canary/blue-green/progressive delivery?
lukepatrick
reviewed
Oct 19, 2025
| | Manual Exploratory Testing | ❌ No | Human tester exploring application functionality | Not an automated process, thus outside CDEvents scope | | ||
| | Code Linting/Formatting | ❌ No | `prettier --check`, `gofmt` | Focuses on code style and consistency, not functional correctness | | ||
| | Dependency Vulnerability Scan| ❌ No | `npm audit`, Snyk scan | Scans for known vulnerabilities in dependencies, not functional test of *your* code | | ||
|
|
There was a problem hiding this comment.
Other Test possibilities:
- Policy validation (OPA/Kyverno)
- chaos engineering?
- canary analysis?
- conformance testing
lukepatrick
reviewed
Oct 19, 2025
| | SonarQube | Primarily for static analysis and code quality, but often integrated with test results for coverage | | ||
| | Jest/JUnit/Pytest| Frameworks for writing and executing tests within codebases | | ||
| | Selenium/Cypress | Frameworks for automated browser-based functional testing | | ||
|
|
There was a problem hiding this comment.
other tool possibilities:
- Litmus/Chaos Mesh
- Flagger / Argo Rollouts
- Sonobuoy
- k6/Locust
- Testcontainers
lukepatrick
reviewed
Oct 19, 2025
Comment on lines
+144
to
+147
| **Storing** is the automated process of persistently saving, managing, and | ||
| making accessible any **artifact, data, or metadata** generated or consumed | ||
| during the SDLC. It ensures that necessary components and information are | ||
| retrievable for future use, auditing, or deployment. |
There was a problem hiding this comment.
Alternative:
Storing is the automated process of persisting, versioning, and managing access to artifacts and metadata in durable, addressable repositories. This includes initial publication, cross-region replication, artifact promotion between environments, and lifecycle management, but excludes deployment or execution of stored artifacts.
lukepatrick
reviewed
Oct 19, 2025
| - **Metrics**: Performance, usage, or health data collected over time. | ||
| - **Documentation**: Generated or manually created documentation. | ||
| - **Snapshots/Backups**: Point-in-time copies of databases or systems. | ||
|
|
There was a problem hiding this comment.
Other assets?:
- SBOMs, signatures, attestations
- charts, OCI artifacts, policy bundles
- GitOps State? could be the same as VCS/Source-code?
lukepatrick
reviewed
Oct 19, 2025
| - 🧹 **Retention/Cleanup**: Managing the lifecycle of stored assets, including deletion policies. | ||
| - 🔄 **Replication**: Copying assets to multiple locations for redundancy or distribution. | ||
| - 🔗 **Linking**: Establishing relationships between stored assets and other SDLC events (e.g., linking an artifact to the build that produced it). | ||
|
|
There was a problem hiding this comment.
additional ideas:
- Promotion: Moving artifacts between environment-specific repositories (dev→staging→prod)
- Signing/Attestation: Adding cryptographic signatures or metadata to stored artifacts
- Scanning: Automated security/vulnerability scanning upon storage
lukepatrick
reviewed
Oct 19, 2025
| | Caching Build Dependencies | ❌ No | Local Maven `.m2` repository cache | Temporary storage for performance, not persistent distribution | | ||
| | Downloading a Dependency | ❌ No | `npm install` | Retrieval from storage, not the act of storing | | ||
| | Writing a Log File to Local Disk | ❌ No | `logger.info("message")` to a local file | Local/temporary persistence; "storing" implies a managed, accessible repository | | ||
|
|
There was a problem hiding this comment.
other example ideas:
- Push Helm Chart as OCI
- Cosign Image Signing
- Artifact Promotion
- GitOps Manifest Commit
- SBOM Attachment
- Multi-region Replication
- Harbor Vulnerability Scan Results
- BuildKit Cache Export
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds the foundation for definitions to give a common semantics across the various concepts within the SDLC.
This commit explicitly starts with 'build'.
I wanted to first create the page, and once we agree we can figure out where to best link it from