Repository infrastructure setup - Githubissues

microsoft / sarif-js-sdk

JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs/sarif-spec)

MIT License

26 stars 13 forks source link

Repository infrastructure setup #1

Closed scalvert closed 3 years ago

scalvert commented 3 years ago

This PR adds initial repository setup, including

A workspaces architecture for multi-package support
A workspaces typescript configuration
Basic top-level setup
- npm scripts
- repo-wide devDependencies
- root-level eslint/prettier setup to keep packages consistent
- volta to manage tool dependencies
A skeleton of the sarif-builder package

All infrastructure choices and naming conventions are open to feedback and changes.

scalvert commented 3 years ago

cc/ @jeffersonking - you don't seem to be added as a contributor to the repo yet.

jeffersonking commented 3 years ago

@scalvert Re yarn vs npm, it sounds like release-it will be the deciding factor. Will try to test it out sometime.

scalvert commented 3 years ago

@jeffersonking correct. The current plugin operates on yarn workspaces, and hasn't been tested with npm. That said, we own that plugin and can update/adjust it to work with both.

jeffersonking commented 3 years ago

@scalvert If all else is equal, the path with one less installation wins? So npm?

scalvert commented 3 years ago

Yep, we can certainly explore either making that plugin work for npm, or make a similar plugin for npm.

scalvert commented 3 years ago

Looking at our plugin, I think it will work out-of-the-box, as it's not doing anything yarn specific. It likely could use a rename though...

scalvert commented 3 years ago

OK I've updated to use npm vs. yarn. I also pinned tool dependencies with volta. If you aren't familiar with it, it's a tool that manages your project's tool dependencies.

jeffersonking commented 3 years ago

@scalvert Thanks! Not familiar with volta, interested in trying it out.

I think the there's still the big question of if the sarif-builder goes in it's own repo (and if anything ends up in this repo). But, signing off on this PR nevertheless.

scalvert commented 3 years ago

Ya I think the question of 'what else goes here' is for sure up for debate, but I can imagine the following:

Moving the types from @types/sarif to this repository, effectively making them first-party types vs. third-party
A SARIF log validator utility
A partial fingerprint utility to enable SARIF log authors to generate consistent fingerprints
Any additional documentation or reference material related specifically to using SARIF in JavaScript.

Happy to defer these discussions until they present themselves later.

scalvert commented 3 years ago

@jeffersonking volta is pretty great. It was developed at LinkedIn by folks from my team. It is gaining a lot of traction as a replacement to nvm, mainly due to speed since it's written in Rust.

michaelcfanning commented 3 years ago

Wahoo! Every GitHub open source journey starts with a single merge!