Implement Semantic Versioning
rgnote opened this issue · comments
Notary V2 uses SemVer for plugin versioning. See spec here
At the time of writing this issue, Golang has no standard library support for parsing or comparing SemVer strings. This issue is to track implementing SemVer in Notation if no alternative is available. This issue is blocking using verification plugin minimum version
critical attribute in signature verification workflow.
code:
notation-go/verifier/verifier.go
Lines 127 to 128 in 7e391f7
@rgnote Golang has standard library support for parsing and comparing SemVer strings. Those libraries are live in the go mod
repo (see github.com/golang/mod) where the semver package is available here.
@shizhMSFT Couple of issues with x/mod
- It requires versions to be prefixed with
v
- Allows partial strings such as
1
,1.0
, etc.
We may need to write a wrapper around it to make it work with Notation.
PR #237