brunoborges
commented
2 months ago @agoncal let me know if you have found a customer scenario that validates this need.
I'll keep it closed for now.
Closed agoncal closed 2 months ago
brunoborges
commented
2 months ago @agoncal let me know if you have found a customer scenario that validates this need.
I'll keep it closed for now.
Our customers can use GitHub Actions but also things like Jenkins, etc. When there's no CI/CD, or if the CI/CD configuration is stored outside the code, there is not much we can do.
But what about having a GitHub Action target when the customers already have GitHub Actions or are willing to move to GitHub Actions?
We could then check the files under github and do all sorts of recommendations. We could recommend using Code QL or DependendaBot workflows, for example, check the modules versions, making sure they are compatible, and so on.
These new rules would check the existing GitHub Actions YAML files. Today AppCAT has rules that check the Java code and config files (XML, properties...). With a new target we could make recommendations on improving the existing GitHub workflows, or even recommend moving from Jenkins to GitHub Actions..