Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lock adaptor versions by default #815

Open
josephjclark opened this issue Nov 5, 2024 · 0 comments
Open

Lock adaptor versions by default #815

josephjclark opened this issue Nov 5, 2024 · 0 comments
Assignees
@stuartc

Comments

@josephjclark
Copy link
Collaborator

Priority issue!!

The Problem

Right now, by default, Lightning will save the adaptor version on each step as @latest. This is presented to users like this:

Image

The @latest flag is resolved at runtime - so new work orders from the same workflow, by default, may use different adaptor versions.

This is terrifying. I didn't realise we did this! Stu and I clearly miscommunicatid over this a long time ago.

The problem is that we release breaking adaptor versions, with major version bumps, all the time. We have to. But this puts workflows with @latest at risk because one day, maybe in 5 years time, they'll break overnight without warning.

The Solution

Here is what we're going to do:

  • New steps, by default, should select the latest adaptor version - but not @latest
  • @latest should appear at the top of the picklist, but not selected by default.
  • We must ensure that when an step is selected in the diagram, the UI shows the actual version number, and not just the latest one as a default (I think this is fine but we need to double check).
  • We display a warning to users who select @latest to notify them that future breaking changes to the adaptor may cause their workflow to break.

Basically, by default, I want all steps to have version locked adaptors and not use a rolling @latest tag. But we are going to allow users to opt-in to @latest if they really want to (your funeral, pal).

This is much safer from a workflow stability point of view. But I will not that there's a bit of a security hit. When we release security patches, users will not automatically receive them.

Other steps

  • Should we migrate all @latest in the database right now to a concrete version number?
  • Who do we need to tell about this change? I think we need to make noise here
  • We should think about how we encourage users to manually migrate adaptors to include new security releases. Usually this is trivial, but when there are breaking changes we need to make real noise about them. I think this is a call for a future feature to email lightning users when a workflow they created/modified has a related adaptor release.
@github-project-automation github-project-automation bot moved this to New Issues in v2 Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stuartc stuartc

Labels
None yet
Projects
v2
Status: New Issues
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stuartc @josephjclark