tomoyamachi
commented
1 year ago @erzz Thank you for your advice! Your insights are really informative! I've fixed some issues. I will update the action's version when I release a new version of dockle.
Open erzz opened 1 year ago
tomoyamachi
commented
1 year ago @erzz Thank you for your advice! Your insights are really informative! I've fixed some issues. I will update the action's version when I release a new version of dockle.
erzz
commented
1 year ago @tomoyamachi - no problem and as I said if you want help with anything let me know
Hi @tomoyamachi - I've provided an action for a long time https://github.com/erzz/dockle-action/ for this excellent tool
I would love to not need to maintain it and you do it for me :P. But looking through this action so far I don't feel like I could use it in the day job for a few reasons:
Otherwise it would be relatively simple migration for most!
On that last bullet - the reason it is important is that an engineer sees that their pipeline is broken, then they want to see why immediately in the stdout, yet we may also want the sarif pushed to GHAS or a JSON as an artifact. But if we choose a format for the report then there is no stdout and they need to start digging around other views to get the details.
For that reason you will see that in my action we run dockle twice - once for the report generation and then again for artifacts etc
Anyway - would happy to help and support in anyway, assuming the action will be maintained a little more often than it is today?