Source the server and OpenVoxDB component tables from SBOMs#377
Open
miharp wants to merge 1 commit into
Open
Conversation
bastelfreak
reviewed
Jun 29, 2026
|
|
||
| | OpenVoxDB release | Jetty | Java | PostgreSQL | | ||
| | --- | --- | --- | --- | | ||
| {% for r in site.data.openvoxdb_release_contents[nav_key] %}| {{ r.release }} | {{ r.jetty }} | 17, 21 | 11+ (14+ recommended) | |
Contributor
There was a problem hiding this comment.
Todo for future us: we don't know the oldest working version. We currently only test postgresql 16 to 18 because the rest is ancient. https://github.com/OpenVoxProject/openvoxdb/blob/8.x/.github/workflows/main.yml#L51. Maybe it makes sense to refactor the version list into a json file in shared-actions.
Contributor
Author
There was a problem hiding this comment.
Good call — tracked in #378 (both the PostgreSQL-range verification and the idea of sourcing these ranges from a shared-actions JSON, like the supported-platforms page does). Left this PR as-is since it's non-blocking.
48aeff6 to
59bba02
Compare
2 tasks
Migrate the last two component-versions tables to the SbomReleaseTable base, completing the openvox-sbom-tools adoption (the agent and OpenBolt tables moved in OpenVoxProject#366). Both packages now publish SBOMs covering the 8.12.0 table floor. - openvox-server: read the bundled JRuby from the SBOM's `jruby-base` component instead of resolving it through the pinned jruby-utils -> jruby-deps in project.clj. `jruby-base` is already the clean resolved version, dropping the "-N" packaging-suffix strip the old path needed. Values are unchanged for the existing rows (all JRuby 9.4.12.1); the regen also picks up the 8.14.1 release. - openvoxdb: it is a Clojure/JVM service with no bundled JRuby, so the table gains a Jetty column (the embedded HTTP server) sourced from the SBOM's `jetty-server` component, which shows a real 10.0.26 -> 12.1.10 bump at 8.14.0. Java is added as a hand-maintained supported-version requirement to match the server table; PostgreSQL stays a hand-maintained requirement. No puppet-runtime / project.clj scraping remains; every component-versions table is now SBOM-sourced. Page prose describing the server and OpenVoxDB columns is updated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Michael Harp <mike@mikeharp.com>
59bba02 to
f6e4d1e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Migrates the server and OpenVoxDB component-versions tables to the
SbomReleaseTablebase, completing the openvox-sbom-toolsadoption started in #366 (which moved the agent and OpenBolt tables). Both packages
now publish SBOMs covering the tables' 8.12.0 floor, so the old pin scraping can go.
Closes #363.
Changes
openvox-server
Reads the bundled JRuby from the SBOM's
jruby-basecomponent instead of resolvingit through the server's pinned
jruby-utils→jruby-depsinproject.clj.jruby-baseis already the clean resolved version, so this also drops the-Npackaging-suffix strip the old path needed. Values are unchanged for the
existing rows (all JRuby
9.4.12.1); the regen additionally picks up the8.14.1release the stale data was missing.
openvoxdb
OpenVoxDB is a Clojure/JVM service with no bundled JRuby, so rather than leave it
as the one tag-only table, it gains a Jetty column (the embedded HTTP server)
sourced from the SBOM's
jetty-servercomponent — which shows a real10.0.26→12.1.10bump at 8.14.0. A Java column is added as ahand-maintained supported-version requirement to match the server table, and
PostgreSQL stays a hand-maintained requirement.
Result
No
puppet-runtime/project.cljscraping remains anywhere — everycomponent-versions table is now sourced from the per-release SBOMs. Page prose
describing the server and OpenVoxDB columns is updated to match.
Validation
rake rubocopclean;jekyll buildsucceeds._datafor both tables; server values verified identical to the priorcommitted data, OpenVoxDB Jetty values spot-checked against each release's SBOM.
Screenshots
Server table — JRuby unchanged, now picks up the 8.14.1 release:
OpenVoxDB table — new Jetty (SBOM) / Java / PostgreSQL columns, with the real
Jetty 10.0.26 → 12.1.10 bump at 8.14.0: