Closed aead closed 10 months ago
Why kill CodeQL?
Based on all the reports it generated it only should false positives. Usually things like filepath.Join
issues for "untrusted input" but args were always verified by the API handlers. On the other side, regular go linters (static-lint a.o.) catched actual issues that codeql did not spot... From running it IIRC ~2y it has not been proven useful in this case. @klauspost
This commit simplifies and optimizes the release process:
If users really want linux/s390x or linux/ppc64le we can add these targets again. However, orgs running such infra most probably run their own registry and users can still build images for these os/arch from the docker file using
docker build -f Dockerfile .