ubuntu-appstore-developers team mailing list archive

[James Westby <james.westby@xxxxxxxxxxxxx>]

Hi,

Now that the skeleton of the server side is in place, Martin has asked
me to start looking at one of the next topics, scanning click packages
on upload for automated checks (and probably extracting information so
the developer doesn't have to enter it).

Already in SCA we have a system to pass off uploaded tarballs for
automated packaging (pkgme). I think that this could largely be re-used,
just changing the task that is being run to do click-related tasks.

It works by making an API call to another service on each upload. This
service retrieves the file, scans it, and then makes a callback request
with the output. I think it would be pretty straightforward to adapt
this to work for click packages too.

The main question in my mind is how the scanning would fit in to the
workflow. For example should the developer upload the file, and then
wait for the scanning before entering the rest of the information?
Should the scanning come after and the results be presented to the
reviewers? Perhaps both for different checks.

Martin has suggested that the first check be that the package name in
the manifest matches the package name the developer entered in SCA.

Thanks,

James