doc: Add documentation of release manifests implementation #2359
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,105 @@ | ||||||||||||||
| --- | ||||||||||||||
| layout: docs | ||||||||||||||
| title: Docs - Reference - Release Manifests | ||||||||||||||
| description: "Reference guide for AppMap release manifests used for version discovery and automated mirroring." | ||||||||||||||
| toc: true | ||||||||||||||
| reference: true | ||||||||||||||
| --- | ||||||||||||||
|
|
||||||||||||||
| # Release Manifests | ||||||||||||||
|
|
||||||||||||||
| AppMap uses a manifest-based system for distributing its core binaries (`appmap` and `scanner`). This system provides a stable, machine-readable way for clients to discover new versions, verify asset integrity, and support advanced scenarios like version pinning and enterprise mirroring. | ||||||||||||||
|
|
||||||||||||||
| ## Overview | ||||||||||||||
|
|
||||||||||||||
| The release manifests are JSON files hosted on a dedicated, orphan Git branch named `release-manifests` within the `appmap-js` repository. This branch serves as the single source of truth for all release metadata, independent of the `main` branch history. | ||||||||||||||
|
|
||||||||||||||
| ## Two-Tier Manifest System | ||||||||||||||
|
|
||||||||||||||
| For every release, two types of manifests are generated: | ||||||||||||||
|
|
||||||||||||||
| 1. **Versioned Manifest:** An immutable record of a specific release. | ||||||||||||||
| * Naming convention: `[tool]-v[version].json` (e.g., `appmap-v3.197.1.json`) | ||||||||||||||
| 2. **Latest Pointer Manifest:** A "floating" manifest that always points to the most recent stable release. | ||||||||||||||
| * Naming convention: `[tool]-latest.json` (e.g., `appmap-latest.json`) | ||||||||||||||
|
|
||||||||||||||
| ## Discovery URLs | ||||||||||||||
|
|
||||||||||||||
| Clients can discover releases by fetching manifests directly from GitHub's raw content service. | ||||||||||||||
|
|
||||||||||||||
| | Tool | Type | Discovery URL | | ||||||||||||||
| | :--- | :--- | :--- | | ||||||||||||||
| | **AppMap CLI** | Latest | `https://raw.githubusercontent.com/getappmap/appmap-js/release-manifests/appmap-latest.json` | | ||||||||||||||
| | **AppMap CLI** | Versioned | `https://raw.githubusercontent.com/getappmap/appmap-js/release-manifests/appmap-v<VERSION>.json` | | ||||||||||||||
| | **Scanner** | Latest | `https://raw.githubusercontent.com/getappmap/appmap-js/release-manifests/scanner-latest.json` | | ||||||||||||||
| | **Scanner** | Versioned | `https://raw.githubusercontent.com/getappmap/appmap-js/release-manifests/scanner-v<VERSION>.json` | | ||||||||||||||
|
|
||||||||||||||
| ## Manifest Format | ||||||||||||||
|
|
||||||||||||||
| The manifest is a JSON object containing the release tag and an array of assets. | ||||||||||||||
|
|
||||||||||||||
| ```json | ||||||||||||||
| { | ||||||||||||||
| "tag_name": "@appland/appmap-v3.197.1", | ||||||||||||||
| "assets": [ | ||||||||||||||
| { | ||||||||||||||
| "name": "appmap-linux-x64", | ||||||||||||||
| "url": "https://github.com/getappmap/appmap-js/releases/download/%40appland/appmap-v3.197.1/appmap-linux-x64", | ||||||||||||||
| "digest": "sha256:405dbec9eb9e1bece9bc8acac56c33c5f404f7023f6df2918a770451c8173d25" | ||||||||||||||
| }, | ||||||||||||||
| ... | ||||||||||||||
|
There was a problem hiding this comment. The JSON example is labeled as
Suggested change
Collaborator
Author
There was a problem hiding this comment. I'm pretty sure people can figure this one out. |
||||||||||||||
| ] | ||||||||||||||
| } | ||||||||||||||
| ``` | ||||||||||||||
|
|
||||||||||||||
| ### Fields | ||||||||||||||
|
|
||||||||||||||
| * **`tag_name`**: The exact GitHub release tag associated with this manifest. | ||||||||||||||
| * **`assets`**: An array of objects representing the available platform-specific binaries. | ||||||||||||||
| * **`name`**: The filename of the asset. | ||||||||||||||
| * **`url`**: The direct download URL for the asset. | ||||||||||||||
| * **`digest`**: The SHA256 checksum of the asset, prefixed with `sha256:`. | ||||||||||||||
|
|
||||||||||||||
| ## Asset Naming Convention | ||||||||||||||
|
|
||||||||||||||
| The `assets` array contains the platform-specific binaries for the release. The `name` of each asset is strictly constructed using the following convention: | ||||||||||||||
|
|
||||||||||||||
| `[tool]-[os]-[arch][extension]` | ||||||||||||||
|
|
||||||||||||||
| * **`tool`**: The name of the distributed tool (`appmap` or `scanner`). | ||||||||||||||
| * **`os`**: The target operating system (`linux`, `macos`, or `win`). | ||||||||||||||
| * **`arch`**: The target architecture (`x64` or `arm64`). | ||||||||||||||
| * **`extension`**: Executable file extension, present only for Windows (`.exe`). | ||||||||||||||
|
|
||||||||||||||
| ### Available Assets | ||||||||||||||
|
|
||||||||||||||
| For each release of a tool, the following standard set of binaries is generated and included in the manifest: | ||||||||||||||
|
|
||||||||||||||
| * `[tool]-linux-x64` | ||||||||||||||
| * `[tool]-linux-arm64` | ||||||||||||||
| * `[tool]-macos-x64` | ||||||||||||||
| * `[tool]-macos-arm64` | ||||||||||||||
| * `[tool]-win-x64.exe` | ||||||||||||||
|
|
||||||||||||||
| ## Security & Integrity | ||||||||||||||
|
|
||||||||||||||
| The manifest system enhances security by providing a built-in mechanism for integrity verification. | ||||||||||||||
|
There was a problem hiding this comment. There’s trailing whitespace at the end of this line. It’s minor, but it can create noisy diffs and some markdown linters will flag it; please trim it.
Suggested change
Collaborator
Author
There was a problem hiding this comment. Ok, now you're just scratching the bottom of the barrel. |
||||||||||||||
|
|
||||||||||||||
| 1. **Chain of Trust:** The manifest itself is generated and published by a trusted CI/CD process (GitHub Actions) within the official repository. | ||||||||||||||
| 2. **Integrity Verification:** Clients MUST verify the downloaded binary against the `digest` provided in the manifest before execution. | ||||||||||||||
|
|
||||||||||||||
| ## Enterprise Mirroring | ||||||||||||||
|
|
||||||||||||||
| This architecture is designed to simplify the process of mirroring AppMap assets within secure or air-gapped enterprise environments. | ||||||||||||||
|
|
||||||||||||||
| ### Mirroring Workflow | ||||||||||||||
|
|
||||||||||||||
| 1. **Fetch Manifest:** Download the official manifest from the `latest` discovery URL. | ||||||||||||||
| 2. **Download & Verify:** For each asset listed in the manifest: | ||||||||||||||
| * Download the file from the provided `url`. | ||||||||||||||
| * Verify its integrity using the `digest`. | ||||||||||||||
| 3. **Upload to Internal Host:** Upload the verified assets to your internal artifact repository or web server. | ||||||||||||||
| 4. **Publish Internal Manifest:** Generate a modified version of the manifest where the `url` fields point to your internal locations, while **preserving the original `digest`** values. | ||||||||||||||
| 5. **Configure Clients:** Point your AppMap extensions or CLI tools to use your internal manifest URL. | ||||||||||||||
|
|
||||||||||||||
| By preserving the original `digest`, you maintain the chain of trust even when the assets are hosted on internal infrastructure. | ||||||||||||||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This page uses the docs-site frontmatter (
layout: docs,reference: true), but it lives underarchitecture/. All otherlayout: docscontent appears to live underdocs/(and reference pages underdocs/reference/), so as-is this may not be routed/indexed with the rest of the docs/reference section. Consider moving the file underdocs/reference/and aligning its frontmatter (e.g.,title: Docs - Reference+name/stepif needed) so it’s included consistently in the docs build/navigation.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, but docs/reference comes from appmap.io. I kept the front matter since it doesn't hurt and we might want to merge later, but for now I didn't want it to get mixed with imported content.