Consider moving to hadolint org

[josegonzalez]

This action is great, but would be excellent for confidence in the security of the code if it was under the hadolint org.

@lorenzo is this something you could help facilitate?

[lorenzo]

I can help with that if the owner of this repo agrees

[brpaz]

Hello.

I would be glad to have this as an official hadolint project, if there is interest in that ;)

[josegonzalez]

@lorenzo ping :)

[lorenzo]

How should we proceed? Should I create a new repo in the org and grant you access to it?

[josegonzalez]

@lorenzo I think if you get admin access to this repo, you can transfer it to the hadolint org (assuming you have admin there) and then grant @brpaz access to it as normal, which should keep all links and such working. I believe @brpaz will need to fix up any references to it, but it should be fine (I tested this with a github action in the past and it appeared to work across user => org transfer).

[lgmorand]

don't want to be rude but 5 months to move a repo ?! :)

clone it, archive this one for people still referencing it and @brpaz can inject a warning annotation in this action if people are still referencing it. It will warn them about the move. can be done in few minutes :)

[brpaz]

The transfer would be the best option to preserve history, issues, etc but I am thinking that if we do that, users that currently reference this action as brpaz/hadolint-action will probably break their pipelines unless GitHub also does the forwarding of actions like they do for Pages for example.

The alternative way to avoid breaking people pipelines would be to copy this repo into the hadolint organization and then I would archive and put a notice on the README, pointing to the new repo. With this users, can still keep using the old version, but we could loose history, stars and the open issues.

[lorenzo]

@brpaz Can we start the process? I think you need to make me admin of this repo.

In order to not break CI for current users, you can create a fork of the transferred repo under the same name. I think.

[lgmorand]

Got an idea (edit: oops Lorenzo got it before :D)

1- you migrate the repo 2- you fork the repo here back 3- inject a warning inside the action (only here)

- name: Generate Warning about deprecation
  run: |
    text="This is a Warning"
    echo "::warning::This action is deprecated, please use hadolint/hadolint-action"

this way, people will be warn in their pipeline to migrate to the new one when they are ready to

4- recreate the different releases 5- archive the repo and put a big warning in the readme

[brpaz]

Yep. Sounds good ;)

But maybe GitHub does that redirect automatically: According to this: https://github.community/t/transferring-github-action-to-another-owner/16581 it will. Let´s see.

@lorenzo I have added you to this repo as admin. I think you can then proceed with the transfer.

[lorenzo]

@brpaz Seems like the permissions are not enough, can you make me an owner instead? I currently cannot see the settings tab

[lorenzo]

@brpaz Actually, it seems like it is easier if I just grant you membership to the hadolint organization and you do the transfer yourself.

I just did that

[brpaz]

@lorenzo, just look at the url. it´s Done ;)

Tested that the old URL works on the pipeline, so I think I won´t need to fork the repo. Maybe just add a notice to README or in the action itself to inform the users of the change.

I will also have to update the reference in the README file

EDIT: Started this PR: https://github.com/hadolint/hadolint-action/pull/29

I have some information on README and also on Funding.yml about my GitHub Sponsorship, maybe I can display it in another way, like having some information about Hadolint and then a link to the contributors of the repo?

Feel free to give some suggestions.

[lorenzo]

awesome @brpaz

like having some information about Hadolint and then a link to the contributors of the repo?

Yeah, that sounds like a good plan