search

open-services-group / scrum

SCRUM issues and user stories
GNU General Public License v3.0
0 stars 2 forks source link

Provide Maintenance related scoring as a informational comment to Pull Requests #28

Closed goern closed 1 year ago

goern commented 2 years ago

As a Python Developer, I would like to have concise information about the quality of my software stack and all its transitive dependencies, so that I get some absolute metrics such as:

"95% of my dependencies are maintained with a dependency update tool (i.e. dependabot, etc)" "45% of my dependencies have 3 or more maintainers" ...

/kind feature /priority critical-urgent

User Story Points?

High-level Acceptance Criteria and Goals

References

https://github.com/thoth-station/core/issues/434

schwesig commented 2 years ago

/triage accepted

mayaCostantini commented 2 years ago

/sig stack-guidance /priority important-soon

sesheta commented 2 years ago

@mayaCostantini: The label(s) sig/stack-guidance cannot be applied, because the repository doesn't have them.

In response to [this](https://github.com/open-services-group/scrum/issues/28#issuecomment-1202144903): >/sig stack-guidance >/priority important-soon Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
mayaCostantini commented 2 years ago

/remove priority-important-soon /priority critical-urgent

mayaCostantini commented 2 years ago

/kind feature

mayaCostantini commented 2 years ago

@goern what about providing Scorecard metrics in the GitHub Summary section where other information about the action workflow is already present?

goern commented 2 years ago

I'm open for all ;)

what is the simplest and easiest to understand way to provide the info to the PR creator? Shall we have it configurable on one of the next iterations?

MVP: a comment v1.0: configurable via .thoth.yaml? v2.0: as a badge image service taking a commit sha as a parameter?

wdyt?

mayaCostantini commented 2 years ago

I'm open for all ;)

what is the simplest and easiest to understand way to provide the info to the PR creator? Shall we have it configurable on one of the next iterations?

MVP: a comment v1.0: configurable via .thoth.yaml? v2.0: as a badge image service taking a commit sha as a parameter?

wdyt?

A comment would work for any integration providing an advise via GitHub. However, the GitHub Action does not use a .thoth.yaml for configuration, all parameters are provided through the workflow YAML file in the .github folder. As for the last option, this could be implemented via another GitHub Action workflow and seems like a good option to display a global software stack score.

schwesig commented 1 year ago

/close changes of orga

sesheta commented 1 year ago

@schwesig: Closing this issue.

In response to [this](https://github.com/open-services-group/scrum/issues/28#issuecomment-1283735603): >/close >changes of orga Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.