bubbly

command module
v0.0.0-...-aca7f8d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2021 License: MPL-2.0 Imports: 4 Imported by: 0

README

bubbly-logo

Release Readiness in a Bubble.

Go Report Card Mozilla Public License Version 2.0 Bubbly on Twitter

Bubbly is a release readiness platform helping software teams release compliant software with confidence. Gain visibility into your release process with reports and analytics to lower risk, increase quality, reduce cycle time and drive continuous improvement.

Release Readiness is a term that we use to define the state of being ready to release software. This project aims at helping teams help teams define their Release Readiness policies (using the Rego Policy Language), collect the data to enforce those policies, and measure their performance getting to their Release Readiness goals (whether it be speed or stability).

How it works

Bubbly's main entity is the Release entity. A Release has a one-to-one relationship with a version of your software (i.e. commit) and the purpose of the release is to collect all the data we want to inform our Release Readiness decision.

Getting data in to Bubbly was one of the core challenges faced, and the Adapters are the solution here. After much work with different config languages, we landed on the Rego Policy Language for the adapter implementation and it works really well. Check the documentation on adapters for more.

For each type of result that is "adapted" into Bubbly and added to a release, a release entry is created which forms the release log. Also, every time a new piece of data is added to a release, the policies that apply to that release are re-evaluated and any violations created. Policies use the Rego Policy Language which is great for defining rules such as require (stating that some event needs to happen) and deny (defining something that cannot happen in a release). Also violations have a severity, so you can create suggestions, warnings and blockers.

Subscriptions can be created to inform about new events in Bubbly (such as a failed release, or a new vulnerability). Also a GraphQL interface exists to help extract data from Bubbly. One of our design goals is to have the right data in the right place at the right time, and therefore getting data out of Bubbly to integrate into your existing process (dashboards, PRs) is something we want to make possible.

bubbly-in-a-bubble

Motivation

Problem Statement

The problem around Release Readiness is one of data. All the tools used in the software process produce data, and that data should be used to drive the Release Readiness decision.

The real problem is that this data gets scattered all over the place which results in:

  1. Broken relationships across the data
  2. Non-standard interfaces which make accessing the data hard (sometimes impossible)
  3. Overhead maintaining multiple data stores and data bases, ensuring that the data is up to date and accurate
  4. Lack of understanding of the data's hierarchy

Proposed Solution

Bubbly has been built to address the core problems mentioned above. This has been achieved by implementing a simple engine built over the Rego Policy Language with a versatile database schema, built using entgo.

A GraphQL and standard REST API are provided to help get data out, as one design goal of bubbly is putting the right data in the right place.

The data in Bubbly can now be used to make automated decisions in pipelines (e.g. check that results are good) and can be used to power dashboards. Any dashboard that supports GraphQL (like Grafana) can be used to visualize the data. Bubbly also ships with its own UI, and this was born out of the need to understand the data hierarchy (something that ordinary dashboards do not do too well with).

Check out the Core Concepts for more information on things like the adapters, policies and more.

Goals

The goal of Bubbly was to be a "bridge" between data, and make connecting and accessing data related to release readiness as simple, reliable and fun as possible!

We are not aiming to replace every tool you are already using, in fact, without other tools Bubbly itself is useless. The goal is to complement every other tool by making their data more accessible.

Some ways in which Bubbly could be used are:

  • Collect all relevant release readiness data from your release process (artifacts, test results, Software Bill of Material, etc.).
  • Create a decision protocol to formally define your Release Readiness Policy, and automatically apply that to all projects/repositories.
  • Catalogue of OSS components, licenses, Vulnerabilities and approvals/rejections for those.
  • Help teams develop their continuous practices by profiling the current process to identify bottlenecks and possible performance gains.

If you have some ideas or questions for things you want to solve, please raise an issue in the Discussion and we'll check it out :)

Non-Goals

The things that Bubbly is not aiming to be:

  • A testing tool/framework.
  • A traditional monitoring tool (think Ops metrics, like Prometheus).
  • Another dashboard (like Grafana).

Project Status

This project is currently in Alpha

In terms of stability, the existing features should work and if they do not please raise an issue. Also we do not guarantee backwards compatability with the APIs and schema.

In terms of feature completeness, we are working on implementing the core features of Bubbly, and hence there are missing features, such as Subscriptions and Monitoring of vulnerabilities.

Feature Completeness

  • Adapters
    • Structured input (JSON, XML, YAML)
    • CSV
    • Regex
  • Policies
    • Deny rules
    • Require rules
    • Release Log
    • Code Scans
    • Test Runs
    • Components
    • Vulnerabilities
    • Licenses
  • Subscriptions
    • Basic subscription to events
    • Filtering with query
  • Notifications
    • Email
    • Slack
    • Teams
  • PR Integration
    • GitHub
    • GitLab
    • BitBucket
  • Importers
  • Analytics
    • Commit to Release Ready
    • Release Stability
    • Bottleneck identification
  • Authentication
    • Backend OpenID Connect configuration
    • UI login
  • Authorization
    • RBAC using Casbin

If you are interested in getting involved in the project, or want some help getting started, please reach out to us though our website: https://bubbly.dev

Architecture

See the ARCHITECTURE.md file for the structure of this repository.

Why Open Source?

Bubbly is open source, licensed under the Mozilla Public License v2.

We have a few reasons for being open source:

  1. The team and company behind Bubbly are all big fans of open source, so it was never really considered not making it open source.
  2. We want to focus on building the best product, and we firmly believe making the project OSS will help us achieve this.

Install

See our Installation Guide.

Getting Started

See our Getting Started Guide.

Contributing

See our Contributing Guide.

License

Mozilla Public License Version 2.0

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
cmd
adapter
adapter/run
adapter/save
adapter/test
adapter/view
demo
events
policy
policy/list
policy/save
policy/set
policy/view
query
release
release/create
release/view
server
util
version
vulnerabilityreview
vulnerabilityreview/list
vulnerabilityreview/save
vulnerabilityreview/set
ent
adapter
artifact
codeissue
codescan
component
enttest
event
extensions/entfilter
extensions/entmodel
extensions/entts
gitcommit
hook
license
migrate
organization
predicate
project
release
releasecomponent
releaseentry
releaselicense
releasepolicy
releasepolicyviolation
releasevulnerability
repo
runtime
schema
schema/types
spdxlicense
testcase
testrun
vulnerability
vulnerabilityreview
api

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.