Closed goern closed 1 year ago
/triage accepted
/sig stack-guidance /priority important-soon
@mayaCostantini: The label(s) sig/stack-guidance
cannot be applied, because the repository doesn't have them.
/remove priority-important-soon /priority critical-urgent
/kind feature
@goern what about providing Scorecard metrics in the GitHub Summary section where other information about the action workflow is already present?
I'm open for all ;)
what is the simplest and easiest to understand way to provide the info to the PR creator? Shall we have it configurable on one of the next iterations?
MVP: a comment v1.0: configurable via .thoth.yaml? v2.0: as a badge image service taking a commit sha as a parameter?
wdyt?
I'm open for all ;)
what is the simplest and easiest to understand way to provide the info to the PR creator? Shall we have it configurable on one of the next iterations?
MVP: a comment v1.0: configurable via .thoth.yaml? v2.0: as a badge image service taking a commit sha as a parameter?
wdyt?
A comment would work for any integration providing an advise via GitHub. However, the GitHub Action does not use a .thoth.yaml
for configuration, all parameters are provided through the workflow YAML file in the .github
folder. As for the last option, this could be implemented via another GitHub Action workflow and seems like a good option to display a global software stack score.
/close changes of orga
@schwesig: Closing this issue.
As a Python Developer, I would like to have concise information about the quality of my software stack and all its transitive dependencies, so that I get some absolute metrics such as:
"95% of my dependencies are maintained with a dependency update tool (i.e. dependabot, etc)" "45% of my dependencies have 3 or more maintainers" ...
/kind feature /priority critical-urgent
User Story Points?
High-level Acceptance Criteria and Goals
References
https://github.com/thoth-station/core/issues/434