jauderho
commented
2 years ago Add Goreleaser - PR #821 #822
I'll have to do this somewhat sequentially since PRs that deal with GHA do not behave the same way as normal PRs.
Open johnkerl opened 2 years ago
jauderho
commented
2 years ago Add Goreleaser - PR #821 #822
I'll have to do this somewhat sequentially since PRs that deal with GHA do not behave the same way as normal PRs.
jauderho
commented
2 years ago @johnkerl Now that you have merged release.yml, you might want to disable the artifact upload in go.yml
jauderho
commented
2 years ago Add Codespell - PR #824
johnkerl
commented
2 years ago @johnkerl Now that you have merged release.yml, you might want to disable the artifact upload in go.yml
@jauderho good call! I think I'll leave that upload in place until there is a 6.0.0 release. Thank you! :)
jauderho
commented
2 years ago Add CodeQL - PR #838
On a related note, I also tried adding Snyk integration into my fork and it identified a number of other issues. Snyk is a little different in that there is no GH action. You have to go to the snyk.io website and add your repo to it.
Snyk identified 3 potential Path Traversal issues.
skitt
commented
2 years ago In Submariner we’ve been using golangci-lint for a while and are quite happy with it, with a tweaked configuration as might be expected. The only inconvenience is that it can be slow when lots of linters are enabled, unsurprisingly; but it’s quick enough to run unobtrusively when integrated in a development environment (VSCodium in my case).
@johnkerl There is https://github.com/praetorian-inc/gokart if you have not looked into it before.
Other tooling that might be a consideration for implementing (I can submit pull requests):
Also, with 1.18beta/gotip, you can set up fuzzing although I have not tried this myself yet.
[Also https://staticcheck.io]
Originally posted by @jauderho in https://github.com/johnkerl/miller/issues/802#issuecomment-1002355606