Closed x448 closed 4 years ago
:+1: looks nice! I'd be happy to try it out
Using golangci-lint + GitHub Actions Workflow doesn't require signup with 3rd-party vendor. :smile:
3rd party actions are currently disabled for this github org, so I think we'd need to review then fork the actions repo into this org then see if @hwine or another GH org admin can enable it.
In the meantime, we could run the CLI version in CI.
cc @jvehent re: usage in autograph-* projects to recommend to golang devs at Mozilla for https://github.com/mozilla-services/websec-check/issues/19
3rd party actions are currently disabled for this github org, so I think we'd need to review then fork the actions repo into this org ...
I like the way you think! :+1:
... In the meantime, we could run the CLI version in CI.
Although I don't have a CircleCI account, someone who does can cherry-pick from these configs to save time:
.golangci.yml specifying 18 linters:
https://github.com/fxamacker/cbor/blob/master/.golangci.yml
GitHub Actions Workflow running 18 required linters and then 5 optional linters: https://github.com/fxamacker/cbor/blob/master/.github/workflows/linters.yml
Inside Rust Blog - Evaluating GitHub Actions https://blog.rust-lang.org/inside-rust/2019/11/14/evaluating-github-actions.html
3rd party actions are currently disabled for this github org,
Actually, they are not available for mozilla-services, as it is billed as a "legacy" account.
@hwine, if we fork 3rd-party actions into this repo, would it remain disabled as a 3rd-party action or would the forked functionality become enabled?
Also, given recent changes to GitHub free accounts and price reductions, does remaining on a legacy account still have advantages that outweigh the disadvantages?
@hwine, if we fork 3rd-party actions into this repo, would it remain disabled as a 3rd-party action or would the forked functionality become enabled?
We think we may have the ability to enable actions now, but no security review has yet been requested for GitHub Actions.
Also, given recent changes to GitHub free accounts and price reductions, does remaining on a legacy account still have advantages that outweigh the disadvantages?
Yes. paid team is more expensive and free team doesn't have any support (plus other removed features)
There are 20+ linters available ranging from format checks to security checks.
golangci-lint makes it easy to configure and run dozens of linters.
It was easy to use GitHub Actions Workflow (free feature from GitHub, Inc.) with golangci-lint.
Here's how it looks at fxamacker/cbor configured to run 18 required linters + 5 optional linters.
Auto-updated "linters" badge.svg on README.md indicates if any linter failed:
Screenshot of workflow results shown in pull request provided by @fxamacker
(click to expand) Screenshot with 4 workflow results
![image](https://user-images.githubusercontent.com/57072051/78592327-8f746f00-780a-11ea-8529-312f45534e35.png)
Using golangci-lint + GitHub Actions Workflow doesn't require signup with 3rd-party vendor. :smile: