Release 2021.03.01

With these updates, we have completed the release of 2021.03.01

• adviser

  • Strict index configuration
  • Selectively enabling pre-releases
  • Support older legacy release identifiers (thoth-station/adviser#1664)
  • Yield configuration for each pipeline unit that should be instantiated(thoth-station/adviser#1668)
  • Prepare inputs for adviser container run(thoth-station/adviser#1670)

• investigator

  • Add missing title to Kebechet template (thoth-station/investigator#442)
  • add handler for inspection complete messages (thoth-station/investigator#433)

• management-api

  • Adjust parameters supplied to Dependency Monkey scheduling (thoth-station/management-api#707)

• sefkhet-abwy

  • create tag only on merge of release pr, not on close(AICoE/sefkhet-abwy#155)
  • some cleanup, fix webhook payload used (AICoE/sefkhet-abwy#150)
  • auto allowed ok-to-test for auto pr's in thoth-station (AICoE/sefkhet-abwy#147)
  • auto approve for only requested github orgs(AICoE/sefkhet-abwy#153)
  • auto assign specific developer for ml-prague-workshop issues(AICoE/sefkhet-abwy#154)

• user-api

  • Limit maximum content length that can be submitted via POST request(thoth-station/user-api#1261)
  • Unify responses of endpoints (thoth-station/user-api#1255)
  • Fix platform response schema (thoth-station/user-api#1250)
  • Removed endpoint exposing number of Python packages(thoth-station/user-api#1251)
  • Make sure registry_user and registry_password get escaped (thoth-station/user-api#311)
  • Fix of the allow_prereleases attribute read (thoth-station/python#362)

Thanks for all the hard work 🤗
@goern @fridex @KPostOffice @pacospace @sub-mod @xtuchyna

Release 2021.02.15

This is the production release for sprint cycle 15.02.2021
With this release, we would be updating thoth-components with the following feature updates and fixes.

[x] Advise-reporter

• Add metrics database(thoth-station/reporter#158)

[x] Adviser

• Do not enable cut pre-releases step if selective pre-releases are allowed(thoth-station/adviser#1657)
• Thoth's additional features can be None(thoth-station/adviser#1660)
• Add a pipeline unit recommending Thoth's s2i as a base (thoth-station/adviser#1635)
• Implement a pipeline unit which checks GPU and CUDA supplied (thoth-station/adviser#1630)
• Add a sieve to filter out packages based on ABI provided by s2i Thoth(thoth-station/adviser#1632)
• Fix S2I multiple include pipeline unit(thoth-station/adviser#1639)
• Invert inclusion logic, include if Thoth s2i is not used(thoth-station/adviser#1640)
• Add a wrap that adds information about Thoth s2i used(thoth-station/adviser#1638)
• Implement a pipeline unit for selective pre-release filtering (thoth-station/adviser#1648)
• Link Experimental features section from docs index (thoth-station/adviser#1656)

[x] Investigator

• Standardize metrics for revision check (thoth-station/investigator#434)
• Add metric schema (thoth-station/investigator#428)
• retry on exceptions and other error handling(thoth-station/investigator#389)
• decs are applied inside-out (thoth-station/investigator#424)

[x] Messaging

• Confluent rework (thoth-station/messaging#300)
• pass ca location for ssl alg(thoth-station/messaging#317)
• upgrade to python3.8(thoth-station/messaging#321)

[x] Graph-refresh

• upgrade to python3.8(thoth-station/graph-refresh-job#543)
• Add schema metric (thoth-station/graph-refresh-job#550)

[x] Graph-sync

• Simplify sources, use just one module for component (thoth-station/graph-sync-job#544)
• Add metric to expose revision (thoth-station/graph-sync-job#536)

[x] kebechet

• write outputs of pipenv lock -r to output file (thoth-station/kebechet#686)
• Thoth Labelmanager (thoth-station/kebechet#656)

[x] Management-api

• Remove erase endpoint(thoth-station/management-api#684)
• Standardize metrics for database check(thoth-station/management-api#680)

[x] Metrics-exporter

• Fix query used in get_user_python_software_stack_count method (thoth-station/metrics-exporter#607)
• Introduce metric for number of solvers from database table (thoth-station/metrics-exporter#601)
• Adjust condition to keep metrics (thoth-station/metrics-exporter#593)
• add job to check for db corruption (thoth-station/metrics-exporter#547)
• Introduce database revision metric checks (thoth-station/metrics-exporter#577)

[x] Package-extract

• Bump skopeo version to support new features (thoth-station/package-extract#430)
• Gather image metadata during package-extract runs (thoth-station/package-extract#431)
• upgrade to python3.8 (thoth-station/package-extract#425)

[x] Package-update

• Messaging v0.8 (thoth-station/package-update-job#185)
• upgrade to python3.8 (thoth-station/package-update-job#176)

[x] User-api

• Allow nullable entries in the hardware section (thoth-station/user-api#1240)
• Move hardware endoint under Hardware section and adjust nullables (thoth-station/user-api#1239)
• Unify endpoint response with the remaining endpoints (thoth-station/user-api#1233)
• Remove obsolete endpoints (thoth-station/user-api#1230)
• Report an error if the given S2I container image analysis was not done (thoth-station/user-api#1229)
• Introduce endpoints for listing available Thoth s2i base container images (thoth-station/user-api#1224)
• Standardize metric for schema check (thoth-station/user-api#1218)
• Extend configuration to capture versions of other libraries (thoth-station/user-api#1212)
• Expose schema metric (thoth-station/user-api#1206)

Release 2021.02.01

Release 2021.02.01

With this release, we are happy to announce that our service has moved to a publicly accessible location! We have
invested a lot of work to migrate all our services to an OpenShift platform that is maintained by our friends of
Operate First: Bots and Cyborgs, Pipelines and CI, Prow and all our GitHub applications
have been migrated to run on the MOC! Thanks to all our supporters in these two great
projects!

See Thoth Application Kustomize manifests for a
definitive list of all the versions used in this release.

Build Watcher 0.8.0

We added another tool to aggregate more information and learn from them: a bot that watches for builds done in an
OpenShift cluster and automatically submits container images and build logs to Thoth Service. This bot helps Thoth
to aggregate new knowledge about build failures and possible package issues.

This is something that could even be deployed on you on-premise cluster and help with extending the Thoth
knowledge graph.

Update: Developer Chat

As we can not open up the chat in general, we would like to ask you to open an issue on GitHub, and we will invite you
to our channel. Please include the Google ID you would like us to send the invite to.

Toolbox: Container Images Update

As always, we have released new container images via our OpenShift Pipelines based release toolchain, please find
all the current container images on our organization on quay.io.

Source-to-Image (S2I) Builds

Since version 0.21 the Thoth S2I builder images are label to include security-related knowledge into account while
generating a software stack recommendation (or advise as we call it). As a result of a large knowledge generation
activity during December and January, we are now able to provide security (specifically CVE and bandit based)
information advise! The effect of this large gain in knowledge will be more secure software stacks! You can get
these recommendations by selecting the appropriate recommendation_type (latest or security) via thamos'
configuration, see thamos documentation on recommendation types
for more details.

Investigator 0.9.1

Features

• Remove use-before-declared linter warning (#390)
• Buildlog analysis trigger (#393)
• Manual update of dependencies (#405)
• analsysis->analysis (#410)
• remove message contents (link instead) (#409)
• decs are applied inside-out (#424)
• Add metric schema (#428)
• Standardize metrics for revision check (#434)

Improvements

• Do not use mutable arguments in functions (#391)
• removed bissenbay, thanks for your contributions!
• Update dependencies to have more recent thoth-common (#418)
• retry on exceptions and other error handling (#389)

Advirer 0.22.0

Features

• State python_requires in the compatibility section of docs (#1619)
• Implement a sieve that filters out TensorFlow==2.4.0 on non-AVX2 CPU (#1617)
• Add justification to stack info if a package with CVE is avoided (#1611)
• Recommend TensorFlow 2.4 based on CUDA support (#1605)
• Relock so that typing extensions have the right environment marker (#1607)
• Fix testsuite for Python 3.8 (#1603)
• Introduce THOTH_CONFIG_CHECK environment variable (#1592)
• Update TensorFlow symbols database (#1587)
• port to python 38

Meta-Information Indicator 2.3.1

Features

• Add specific labels to issues (#286)
• Fix/dependency update author (#290)
• PullRequestDiscussion entity (#302)
• add dominik to approvers (#305)
• Add explicitly thoth-pytest38 (#303)
• Multiple entities now passed as comma sep. string (#296)
• Check if readme exists (#319)
• Check that patch can be None (#320)

Improvements

• Add title and body attributes for inspection (#298)
• Add requirements for PyPI, remove unnecessary dependencies (#310)

Build Watcher 0.8.0

Features

• Adjustments to use new build analysis endpoint (#183)
• port to python 38 (#176)
• ⛄ support pre-commit (#174)
• Remove latest versions limitation (#171)
• added a 'tekton trigger tag_release pipeline issue'
• Catch the manifest exception as warning
• Fixing traceback raise issue with warning
• Remove redundant if statement
• Fixing @ issue in image push to quay
• Flexibility to push images to quay
• Happy new year!
• Use RHEL instead of UBI
• Update Thoth configuration file and Thoth's s2i configuration
• updated templates with annotations and param thoth-advise-value
• Propagate deployment name for sentry environment
• openshift deployment templates changed
• Distinguish TLS verification flag
• update few fixes and also prometheus metrics set operation
• 🎶 build-watcher is updated to send prometheus metrics
• 🎉 update to watch the entire build(images, base_image & buildlog)
• Update zuul pipeline to use the new version trigger build job
• Added a required field for deployment of dc and imagestream in different namespace
• Use versions of libraries from PyPI
• Report environment type of images submitted for analysis
• Propagate environment type on provisioning
• Create service account in deployment
• Provide Ansible playbooks
• State service account configuration in README
• State presence of s2i container
• Implement process pool of workers
• Add skopeo binary
• Add ability to push containers to an external registry
• Do not share OpenShift instance across namespaces
• Introduce event producer following workqueue pattern
• Do not clash with env var used by thoth-common
• State Thamos env var to disable TLS warnings
• Do not propagate credentials if user did not request analysis (#219)
• Extend README file with links (#218)
• No submit parameters (#217)
• Adjust deployment templates and README
• Provide parameters to avoid submitting specific inputs (#215)
• Fix typing in the application (#212)
• Use s2i-thoth-ubi-8-py38 as a base image (#195)
• Fix logged entries which might be None (#202)
• Add pull-request template (#196)
• Tweak environment variables supplied (#203)
• Fix pre-commit issues and bump black version (#197)
• Fix API version in sources (#199)

Bug Fixes

• Relock to fix typing extensions issue caused by Pipenv resolver (#191)
• 🐛 fixed the webhook url of the build trigger job
• Push to registry only if the push registry was provided (#204)
• Improve error message reported to the user (#1588)

Improvements

• Provide version identifier for Kebechet and expose it in logs (#190)
• sa and rolebinding creation separated
• Do not run adviser from bc in debug mode
• Distinguish between runtime and buildtime images monitored
• Fixes and improvements during dh-jupyterhub deployment
• Fixes needed for correct pushing
• Add missing parameter, make TLS disabling of warnings parametrizable
• Minor improvements in template

Breaking Changes

None, please file an issue if you hit any, our join our
Thoth Station Developer Chat

Release 2020.10.28

With this release we have focused on knowledge generation: a) by better connecting the backend components and b) by
broadening the security related indicators.

All backend features feed directly into the quality of Thoth's services,
more specifically Kebechet and Thamos.

See Thoth Application Kustomize manifests for a
definitive list of all the versions used in this release.

Breaking Changes

None, please file an issue if you hit any!

Notes

All our end-user tools (like thamos or glyph) are available as part of the
Thoth Toolbox container image.

Investigator v0.7

Thoth's investigator is a Kafka based component that consumes all messages produced by Thoth components and reacts to
them by scheduling Argo Workflows.

It has a monitoring system in places that allow Thoth's DevOps team to observe what is happening within Thoth in
terms of Kafka, OpenShift, and Argo for all the different components.

Depending on the type of message received by Investigator, a workflow is scheduled to increase or update the knowledge
stored by Thoth. As always, the readme
is a great source of detailed information.

thoth-glyph for this release:

0   correct link (#345)                                       features
1   confluent rework (#344)* use wip: messaging ch...       perfective
2   add kebechet run url (#342)* added kebechet ru...         features
3   :pushpin: automatic update of dependency hypot...         features
4   :pushpin: automatic update of dependency thoth...         features
5   :pushpin: automatic update of dependency thoth...         features
6   add docs for thoth investigator (#330)* add do...         features
7   :pushpin: automatic update of dependency hypot...         features
8   :pushpin: automatic update of dependency thoth...         features
9   remove producer from investigator (#329)* remo...          unknown
10  :pushpin: automatic update of dependency mypy ...         features
11  :pushpin: automatic update of dependency thoth...         features

Security Indicators v0.1

We have introduced Security Indicators: all package releases
observed by Thoth are augmented with bandit related information. These information
is used during advise generation to add or remove packages from candidate stacks. Security Indicators are taken into
consideration when using the 'security' recommendation type
with thamos advise.

Adviser v0.19

Adviser is Thoth's recommendation system, depending on the
recommendation type, it takes a set of observations into account when resolving a software stack and generating a
recommendation to the user.

This release features the technical requirements to include Security Indicators into a software stack resolution.

If you would like to interact with Thoth from a user's perspective, check Thamos.

Thoth Toolbox v0.5.4

Adding thoth-glyph to our toolbox container image enables a developer to get
a quick view of what changes in which categories. The Glyph readme is a great source of information, please go ahead
and pull the container image from https://quay.io/repository/thoth-station/thoth-toolbox?tab=info

Release 2020.10.01

We have done a lot of 'internal' updates and maintenance, focusing on renewing the way Thoth handles learning
about new releases of packages.

See Thoth Application Kustomize manifests for a
definitive list of all the versions used in this release.

Investigator v0.5

Thoth Investigator is an agent sent out by Thoth to seek new
information on packages, that will yield observations and knowledge to Thoth.

It is called by Thoth components to gather new messages after investigations about possible observations on packages.

Thoth Investigator centre of investigation receives those messages and after further investigation decides what
actions need to be taken depending on the messages received, so that Thoth can increase its knowledge.

This release of investigator is migrating more components of Thoth to a Kafka-based messaging.
In addition to that, we re-schedule adviser's Argo Workflows that have not created results before. The re-scheduled
workflow will create more meaningful advise as Thoth might have learned about packages being used (which might have
been unknown on the first run) and help Thoth keeping its knowledge up to date.

Thoth Service Level Objective (SLO) reporter v0.7

Thoth's Service Level Objectiv (SLO) Reporter purpose is to share
Thoth's achievements and behaviour with the outside world.

We have extended it's README and developers guide, so that understand it's concepts and components get easier. A lot
of Thoth internal observability has been added to a large set of components, all metrics are surfacing via SLO reporter
into Grafana dashboards.

Breaking Changes

None are known, please file issues if you hit any!

Notes

These enhancements have been deployed and are available to Qeb-Hwt immediately.

2020.09.17

Release 2020.09.17

First of all, why do we use CalVer for the core repository? Because the Thoth Services and
Tools consist of a large set of GitHub-hosted repositories,
Python modules, container images and
even RPMs.
Any of these components might yield to a release at any time. This release note file covers the aggregation of important
releases in the contexts of

• Thoth Service - our back end services, the knowledge generation
• the toolbox - command line tools and their packages

Index of Justifications

Starting with this release, we publish a human-readable list of justifications. This list is referenced from any thamos advise output on the terminal, or any pipeline integration. Its purpose is
to show the knowledge contained in Thoth's services and to act as a jump-page to more detailed and background information.
Especially the jump-page character is important to users, as we don't want to clutter the terminal/pipeline output, but
want to reveal to results of our reinforcement learning process in a transparent way.

Breaking Changes

None are known, please file issues if you hit any!

Adviser

Adviser is Thoth's recommendation engine and software stack generator.

• a review of CPU types, and the way we create recommendation for AVX2 and Tensorflow has been done
• some new TensorFlow related observations/justfications have been created
• a recommendation to configure MKL correctly was added
• general stabilization of Argo-Workflows based backend services
• adviser now supports advises specific for manifest changes (e.g. adjusting environment variables of OpenShift
  DeploymentConfigs)

Notes

These enhancements have been deployed and are available to Qeb-Hwt immediately.