Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/thoth-station/prescriptions
βοΈπ Prescriptions to heal your applications and application dependencies πβοΈ
https://github.com/thoth-station/prescriptions
dependency-analysis dependency-management hacktoberfest odbl python thoth
Last synced: about 2 months ago
JSON representation
βοΈπ Prescriptions to heal your applications and application dependencies πβοΈ
- Host: GitHub
- URL: https://github.com/thoth-station/prescriptions
- Owner: thoth-station
- License: agpl-3.0
- Created: 2021-03-16T10:34:43.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2023-05-29T21:53:56.000Z (over 1 year ago)
- Last Synced: 2024-07-30T18:03:54.092Z (6 months ago)
- Topics: dependency-analysis, dependency-management, hacktoberfest, odbl, python, thoth
- Language: Python
- Homepage: https://thoth-station.ninja/docs/developers/adviser/prescription.html
- Size: 55.8 MB
- Stars: 17
- Watchers: 3
- Forks: 10
- Open Issues: 6
-
Metadata Files:
- Readme: README.rst
- License: LICENSE
Awesome Lists containing this project
README
Prescriptions for Thoth's adviser
---------------------------------
βοΈπβοΈ
----
Prescriptions to heal your applications and application dependencies.
Why we created prescriptions?
=============================
We wanted to create a repository that keeps a database of known issues in
Python open-source eco-system, as well as suggestions for Python libraries
and runtime environments they can run in. The database is used in
`Thoth `__ to resolve high quality Python
software stacks. The `linked blog post describes prescriptions more in-depth
`_.
When using OpenShift or Kubernetes, one provides manifest files that state
how the desired state of a cluster should look like. Prescriptions might
be seen analogous to this - prescriptions provide a way to declaratively
state how the desired dependency resolution should look like considering
the prescribed rules. Then, itβs up to the reinforcement learning algorithm
implemented in `Thoth's adviser `__
to find a solution in the form of a lockfile respecting the prescribed rules,
requirements for the application and other inputs to the Thoth's cloud
resolver.
See `the linked presentation
`__
or `YouTube video `__ for more info.
How to write a prescription?
============================
If you would like to write a prescription for resolver, check the `following
docs
`__.
Need help with a prescription?
==============================
If you spotted an issue in Python dependencies or Python ecosystem, just let us
know by openning an issue and we will help you with writing a prescription.
Data sources used for automatically generated prescriptions
===========================================================
Currently implemented `handlers
`_
in Thoth's weekly cronjob allow to auto-generate prescriptions for the given data:
- CVE present in a package, from the `PyPA advisory-database `_
- Project maintenance and development practices as evaluated by the `OSSF Security Scorecards `_
- Information on package maintainance obtained via the GitHub API: if the given project is marked as archived, is forked from another project, hosts release notes, its number of maintainers, stars, contributors.
- The package size, number of downloads, maintainers and last release date from `PyPI `_.
Release Details
==============================
Prescriptions are released as a blob.
During the tag release session of `thoth-adviser `_,
the `s2i process `_ clones the prescriptions repo with the latest tag information.
Licensing
=========
The prescription database is released under the terms of `GNU Affero General
Public License v3.0 or later
`__. See the LICENSE file for
more info.
Copyright Β© 2021 AICoE Project `Thoth
`__; Red Hat Inc.