Origin task: phab:T373072

Date of the decision: 2024-09-26

No decision meeting was needed, agreement reached in the task.

Option 2 was chosen, to manually enforce semantic versioning.

• It is the least labor-intensive option.
• There is little ROI in going with the more labor-intensive options.
• It forces us to think about the impact of our code changes, and to discuss it during code review.

Given a version number MAJOR.MINOR.PATCH, increment the:

• MAJOR version when you make incompatible API changes
• MINOR version when you add functionality in a backward compatible manner
• PATCH version when you make backward compatible bug fixes

Now that the consolidated Toolforge services API is being exposed to the public, users will expect the API version information to be consistent and have proper semantic meaning. Though we never really had a decision request for it (can't remember if we did), we made the tacit decision to use semantic versioning or what appears to be it (at least to our users) for the individual services' APIs and consolidate the versions of the individual services into a single version following rules that still obey semantic versioning principles, before showing this information to our users. The problem is that right now we only have very basic validation rules for the individual APIs, rules that are not true to semantic versioning principles, so what appears to be semantic versioning to the API users may not really be that.

For example right now if you make a breaking change to `jobs-api` openapi schema and only bump the patch version i.e `1.0.0` ----> `1.0.1`, the current validation rules we have will not complain.

• Decide on how to ensure that the version number of our APIs reflect the changes made to the API schemas, according to semantic versioning rules.

• The consolidated API is currently public which means we have limited time to make up our minds on this.

Option 2 choosen. https://wikitech.wikimedia.org/wiki/Wikimedia_Cloud_Services_team/EnhancementProposals/Decision_record_T373072_to_strictly_enforce_semantic_versioning_rules_for_toolforge_services_APIs_or_not

Do nothing

• we won't have to do the work

• the problem is still there

manually enforcing semantic versioning. this means we official have it on record that we are doing semantic versioning but leave it at the discretion of the person submitting the patch and the reviewer to decide what that means.

• Better than Option 1
• We can start this now

• Pron to error

automatically enforce semantic versioning using our own custom algorithm

• semantic versioning automatically enforced

• Might take longer to setup compared to other alternatives
• unanticipated edge cases?

automatically enforce semantic versioning using third-party solutions

• https://github.com/Tufin/oasdiff (Apache License 2.0) . This can detect breaking and non-breaking changes

• semantic versioning automatically enforced
• potentially faster than Option 3 (at the very least most edge cases should be handled)

• more limited compared to Option 3. So far I only know of oasdiff which only has command-line and go packages (maybe those are enough, maybe not)
• dependency?