|
1 | 1 | # 5-Spot Machine Scheduler - Project Roadmap |
2 | 2 |
|
3 | 3 | **Date:** 2026-03-21 |
4 | | -**Last Updated:** 2026-04-09 |
5 | | -**Status:** Active — Phase 1 complete, Phase 2 hardening in progress |
| 4 | +**Last Updated:** 2026-04-10 |
| 5 | +**Status:** Active — Phase 1 & 2 complete, Phase 3 hardening next |
6 | 6 | **Author:** Erick Bourgeois |
7 | 7 |
|
8 | 8 | --- |
|
38 | 38 | | Admission validation | ✅ Complete | `ValidatingAdmissionPolicy` — `deploy/admission/` | |
39 | 39 | | NetworkPolicy | ✅ Complete | Egress: DNS + k8s API; ingress: monitoring namespace only | |
40 | 40 | | Deployment manifests | ✅ Complete | `deploy/deployment/` — RBAC, ServiceAccount, NetworkPolicy | |
41 | | -| CI/CD pipeline | ✅ Complete | GitHub Actions — native cargo builds, amd64 + arm64 | |
42 | | -| SBOM generation in CI | ✅ Complete | `cargo-cyclonedx` in PR, main, and release workflows | |
43 | | -| Container image signing | ✅ Complete | Cosign keyless + SLSA L3 provenance on release | |
| 41 | +| CI/CD pipeline | ✅ Complete | Single `build.yaml` — native cargo, amd64 + arm64, all triggers (PR/main/release) — consolidated 2026-04-10 | |
| 42 | +| SBOM generation in CI | ✅ Complete | `cargo-cyclonedx` in every build job | |
| 43 | +| Container image signing | ✅ Complete | Cosign keyless on main + release; GitHub artifact attestation (`gh attestation verify`) on every build — 2026-04-10 | |
| 44 | +| Documentation site | ✅ Complete | MkDocs + GitHub Pages, auto-deployed on every main push (`docs.yaml`) — added 2026-04-10 | |
44 | 45 | | SPDX license headers | ✅ Complete | Apache-2.0 on all `src/**/*.rs` files | |
45 | 46 | | Unit tests | ✅ Complete | 161 tests across 6 test files | |
46 | 47 |
|
|
114 | 115 |
|
115 | 116 | ### 1.5 CI/CD Pipeline ✅ |
116 | 117 |
|
117 | | -- [x] GitHub Actions (pr.yaml, main.yaml, release.yaml): |
| 118 | +- [x] GitHub Actions — consolidated into single `build.yaml` (2026-04-10; replaces pr.yaml + main.yaml + release.yaml): |
118 | 119 | - fmt + clippy + test on every PR |
119 | | - - Native `cargo build --release` — amd64 on `ubuntu-latest`, arm64 on `ubuntu-24.04-arm` (fixed 2026-04-09) |
| 120 | + - Native `cargo build --release` — amd64 on `ubuntu-latest`, arm64 on `ubuntu-24.04-arm`; `CARGO_TARGET_*_LINKER=cc` prevents `.cargo/config.toml` cross-compiler override on Linux CI |
120 | 121 | - Docker multi-arch build (amd64/arm64) |
121 | 122 | - Security scanning (`cargo audit` + Trivy) |
122 | | - - SBOM generation (`cargo-cyclonedx` — fixed 2026-04-09) |
123 | | - - Apache-2.0 license header check (fixed 2026-04-09) |
124 | | -- [x] Release automation: Cosign signing + SLSA L3 provenance + release asset upload |
| 123 | + - SBOM generation (`cargo-cyclonedx` in every build job) |
| 124 | + - Apache-2.0 license header check |
| 125 | + - GitHub artifact attestation (`actions/attest-build-provenance@v2`) on every docker build — `gh attestation verify` queryable (2026-04-10) |
| 126 | +- [x] Release automation: Cosign signing extended to main branch (staging images now signed); SLSA L3 provenance; release asset upload (2026-04-10) |
| 127 | +- [x] Documentation site: MkDocs built and published to GitHub Pages on every main push via `docs.yaml` (2026-04-10) |
125 | 128 |
|
126 | 129 | --- |
127 | 130 |
|
|
0 commit comments