🎁 zoe installed as a chocolatey package 🎁 #44
Conversation
Badge Documentation
|
Hi @adriens! This sounds awesome, thanks for the suggestion and the contribution. Really appreciate it. How is the package made available in chocolatey? Did you upload it manually? I'm trying to understand how this works because I think we should automate the whole process including the upload to chocolatey repositories. What do you think? |
|
Hi wlezzar, yep, the whole process is CI driven and automated so it does not require me much effort to keep the package up-to-date. Here is the CI status : In fact, the only thing to do is to update 💡 What would be amazing would to make a cross repos GH worflow that makes a PR to my repo once you have released by your side. What you think about that ? 💡 Here are the Guidelines. Also, it's very important to notice that each time someone install the |
|
Sorry for the delay @adriens . This triggered some discussions within Adevinta security wise. |
|
No worry for delay. For security, it's guaranteed by jar sha in fact, that act as a proof noone did corrupt them. Also choco moderation process includes an antivirus scan. So the package is totally transparent with the fact that it really installs the target software, that is downloaded from official GH Software repo... and nothing more. In fact, it's a very common pattern on chocolatey community and open source software, for example most apache spftware choco packages are not maintained by apache but by contributors : https://community.chocolatey.org/packages/maven So, sorry, but I don't really understand what's about the security issue, could you please be more specific ? |
|
The security issue that I mentioned concerns the fact that the chocolatey package / CI in its current version is maintained in a third party repository for which the maintainers of this repo has no control of. I understand that the package is protected by SHA checks but if the repo / source of the package is not minimally controlled by the Adevinta, it's not possible to provide guarantees. Does that make sense? What I suggest is that I can create a new repository Once we create that repo and the CI is there, we can add the info on the documentation and merge this PR. |
|
Hmm, yes, I understand.
Yes, that looks pretty interesting. I even have a better (in my sense) proposal : what would you say if I was transfering you the ownership of the actaul repo ? SO, No lost of code history. Next, you 'll be able to add me as a contributor if you're ok with that. In a second step, we'll have to check the AppVeyor par as well as the maintainer privileges on choco website. What do you think about that plan ? 😸 |
|
Sounds like a very good plan : ) . Let's do that 👍. As soon as I have the ownership of the repo, i will transfer it under the name of Adevinta and I will add you as a contributor |
👉 Context
Hi, I'm a Kafka user and was looking for a good tool. I first found Conduktor. But licence was too restructive. Si I started to find a another tool. Then I discovered
zoe.Most of my collaborators are running under windows and I needed them to optimize
zoeadoption. Therefore I needed a more straightforward install path for windows users.Finally I created a Chocolatey pakage so install process would be as simple as :
🎁Contribution
Hopefully you'll appreciated this modest contribution to your great software that really fits our needs. I also may create feature requests or produce code base contribution if you may interested with that.
I 've dropped :
READMEBest Regards,
Adrien