Mega-Linter -> Let's be a team of maintainers for V5 :)

[nvuillam]

I created Mega-Linter during COVID, when I had a lot of available time :)

Since that, Mega-Linter became more and more used, meaning more and more Issues and PR submitted by the great Mega-Linter users community !

As I took a new job as CTO in Hardis Group, my available time have obviously been reduced a lot, and I think that to continue to provide a quality tool to open source community, Mega-Linter has to evolve from a "one single guy responsibility" to a more efficient "Team of Mega-Linter maintainers" , to avoid having issues with 2 weeks response time like it's happening more and more these days :)

The principles would be the following:

• To be a member of the team
  • You must be an active contributor to Mega-Linter project
  • I must be in contact wiht you via LinkedIn & Twitter to try to make sure that you're not some hacker trying to hide backdoors ^^
  • Watch the repository to receive Issues & PR notifications
• Every member of the team can validate PRs
• In case of any doubt, he/she must highlight in comments to other members of the team to reach an agreement
• For the moment, I remain the only one generating official releases

Who would be interested ?

maybe @llaville @tpansino @Kurt-von-Laven ? :)

[Kurt-von-Laven]

I'm definitely interested. I am, as you already know, a big fan of the project, and our team relies on it. Main question is how much time I will have available to dedicate, so I wonder how you would feel about a trial period for everyone's sake? I don't know whether it would be of interest or whether we would be able to get any traction with this, regardless, but the notion of joining forces in some way with Super-Linter's and/or Unibeautify's maintainers has been bouncing around in the back of my head.

[nvuillam]

@Kurt-von-Laven sometimes I spend 4 hours in the evening or the week-end, sometimes it's 10 minutes every 3 days, depending of my available time... and also sometimes of my mood :D

The only commitement I ask for is ... to be committed, there is no minimum amount of time to invest, the goal is to share the workload, so even if you accept 2 PR by week, it's 2 PR that I won't have to manage so it's a win ! ;)

ps: Accept me on LinkedIn plz ;)

[nvuillam]

@Kurt-von-Laven @llaville @tpansino Sorry if you see an invitation not working, it's because I cancelled it after seing that on a single repo we can not manage different rights,and i don't want to share with you my docker and npm token that i lso use for other projects :)

The solution is to convert the repo into an organization... that will also change the url of Mega-Linter and docker images, so I think this is the breaking change that will justify Mega-Linter V5 :)

Do you have other ideas for this v5 ? :)

[Kurt-von-Laven]

Sounds good to me! I accepted your LinkedIn invitation. I don't want to have access to your personal tokens either ha ha. If you don't really want to bump the major version number, you may have several options.

• Transfer the repository to an organization. This may entail some additional work to keep the Docker images at their original URLs?

  All links to the previous repository location are automatically redirected to the new location. When you use git clone, git fetch, or git push on a transferred repository, these commands will redirect to the new repository location or URL. ~ https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository

• Mirror this repository to the new destination. Keep the old repository around, which will continue to publish Docker images to the old URLs. Either:
  • replace the old repository with a fork of the new repository, and keep it in sync via the GitHub UI,
  • or use a tool like repo-sync to automatically synchronize the two repositories.

I haven't investigated, but I assume this is much too ambitious for v5. In any case, my personal long-term dream version of Mega-Linter would basically amount to a mini-package manager and runner for linters. It would replace flavors and Docker images with centralized caching of each linter, version pair so they could be shared between projects, and calculate which linters are needed dynamically based on the file extensions present and Mega-Linter configuration.

[bittner]

With Mega-Linter v5 we should try include the latest stable versions of the included linters, and stay up-to-date. A task we may want to automate (e.g. through automatic PRs, renovate-style).

I would also like trying to understand whether it makes sense to consolidate the code base, now mixed Python + NodeJS, to reduce complexity. What do you think? – Doing that is likely too big of a task for an immediate switch, but maybe a target for v6 or so?

[nvuillam]

@Kurt-von-Laven I think the repo transfer to an organization is a good idea :) This will also require redirections on the online documentation

Don't be afraid to have ambitions , they deserve at least a discussion ;)

@bittner the auto-update of linters is already here :) It creates a PR if there is a new version of a linter, with auto-merge ;) About core code... NodeJs is used only for the installer and the local runner,mostly because more people have NPM installed than pip, but the real code that matters is in python ^^

[Kurt-von-Laven]

@nvuillam, https://github.com/mega-linter 404s for me, but I see https://github.com/megalinter/megalinter!

Another option would be to prevent anyone but yourself from modifying any file in the .github directory using a CODEOWNERS file. This way nobody could modify a workflow to expose your credentials.

[nvuillam]

@Kurt-von-Laven I renamed the org (and the repo) into megalinter, because this hyphen is useless and boring ^^ (and docker hub usernames can not contain hyphens)

I know CODEOWNERS stuff, but even in settings you can see secrets, and anyway, individual repo is not made for team maintenance, I was thinking about such migration for a long time now, it had to be done at some point :)

I still have some work to perform, so V4 will continue to live until v5 is ready, at at that time , I'll merge dev_v5 into master here, then transfer the repo from nvuillam account to megalinter org

Does it sound like a realistic plan ? :)

[Kurt-von-Laven]

This is not materially relevant to our discussion, but when I look at secrets in settings, even as an admin there is no way to actually see their present value, only to overwrite or delete them. Certainly an organizational repository is preferable in the long run.

That sounds good to me! When you say message v4 users to invite them to use v5, what medium(s) do you have in mind for issuing the message?

[nvuillam]

You're probably right about secrets, but I also think that organization is preferable in the long run :)

About message to v4 users, I think about a visual message in console logs and Github PR messages, something like :

MegaLinter v5 has been released, to upgrade please run mega-linter-runner --upgrade

And that would run some search/replace in all repo sources to replace nvuillam/mega-linter by megalinter/megalinter, with all flavors there are some regexes to build :p

[Kurt-von-Laven]

That sounds great to me. Should we switch from using the old repo's issues and pull requests at the time that dev_v5 is merged to master? I wonder if v5 might also be a good opportunity to rename master to main?

[nvuillam]

That's totally something we could do, let's be more inclusive :)

https://github.com/orgs/megalinter/projects/1#card-71471368

[tpansino]

@nvuillam thank you very much for the invitation to be a Maintainer. I have thought about your offer, but I just don't have the time to donate right now.

I will continue to be supportive, report bugs, and make contributions when my schedule allows. And hopefully someday, I'll have time to join the team 👍

[nvuillam]

@tpansino I totally understand what is it to lack of time ;) Glad to have you on Mega-Linter adventure even if it's just as contributor from time to time :)

[llaville]

@nvuillam As @tpansino I'll thank you for the invitation, but I must decline offer. I've put my own projects in standby, just to suggest some contributions (to give a booster), because I believe in mega-linter project. Now, it's time for me to back on my projects and finish what I've in minds. Perharps in future I'll come back and propose new contributions, but I can't promise, and tell you when. Hope you understand ?

[nvuillam]

@llaville your contributions greatly improved PHP flavor, a million thanks for that :) And paid job must come first, no problem i understand :)

[nvuillam]

Migration (almost) complete :)

• Mainteners team: https://github.com/orgs/megalinter/teams/megalinter-maintainers (@Kurt-von-Laven )
• I also created a contributor team (you can directly create your sub-branches in the main repo , so have better CI, and access to "Quick build" option) (@llaville @tpansino :) )

[llaville]

Migration (almost) complete :)

What a fast run ;-) And celebrate this new major version ! Hope CI will be more stable than previous and avoid to raise false positive like trivy timeout, tsqllint errors (just to notice some of them). Don't be hurt @nvuillam its just my own feeling about this great project, what I still belive in.

I also created a contributor team (you can directly create your sub-branches in the main repo , so have better CI, and access to "Quick build" option) (@llaville @tpansino :) )

Thanks

[nvuillam]

I'm not hurt by reality, timeouts in trivy are boring, especially at the end of a 45 mn CI job :D And same as tsqllint (that I still saw today >< >< )

Probably than succeeding to upgrade to latest trivy may help... and about tsqllint I think i'll just add a hack

[Kurt-von-Laven]

I am excited to report that incremental mode works locally at v5.0.1! Really neat to experience all the optimizations you introduced running at maximum velocity on my laptop. It is indeed an order of magnitude faster provided that you skip jscpd, which inherently must run on all files in order to detect code duplication.

[nvuillam]

@Kurt-von-Laven that's great news dear co maintainer, i'll probably never use mega Linter locally but i'm glad your updates allows our users and your team to do so 😎📸 Next step: pre-commit hook ? :)

[Kurt-von-Laven]

You guessed it! I have been experimenting with one locally, and I feel that it's worth sharing soon.