search

rojopolis / spellcheck-github-actions

Spell check action
MIT License
138 stars 38 forks source link

Using tags for release management #150

Closed andy5995 closed 1 year ago

andy5995 commented 1 year ago

You may want to use this approach to releases so users won't have to update their action as often:

Using tags for release management

Actions-R-Us/actions-tagger

jonasbn commented 1 year ago

Hi @andy5995

I have actually tagged a v0 for quite some time in DockerHub. I have been somewhat reluctant to documenting it properly and recommending it since, it somehow felt wrong, in that sense I want the users to be made aware of the code that is changed in their repository with the releases.

From a security standpoint there, the problem is the same since a tag could just as easily be moved, so unless a release of a GitHub Action be signed, the challenge is the same.

I will evaluate the resources you provided and will I will document the option of using canonical versions like v0 (and v1 when we get there), so updates/releases will be less of work.

andy5995 commented 1 year ago

I will evaluate the resources you provided and will I will document the option of using canonical versions like v0 (and v1 when we get there), so updates/releases will be less of work.

Sounds good!

I'll just add this example of where this is used:

https://github.com/actions/checkout/tags

You see there have been a few 3.x releases of actions/checkout. The v3 tag points to the latest.

I want the users to be made aware of the code that is changed in their repository with the releases.

That makes sense; though for users who are concerned about code changes between point releases, I'd say it's their responsibility to subscribe to release notifications from your repo. They have the choice of checking the changelog or reviewing the code before continuing to use the action.

jonasbn commented 1 year ago

Hi @andy5995

I have updated the documentation and added a v0 release. You are welcome to try it out. I am evaluating the various options for automating the process

jonasbn commented 1 year ago

I think the automation will have to wait, since I do not have access to setting GitHub tokens etc. only being contributor and not owner of the rojopolis/spellcheck-github-actions repository.

As an alternative to:

I am evaluating:

The v0 releases will be created as part of the regular release process, pointing to the latest major release in the 0.X.X series as documented in the wiki

Thanks @andy5995 for pushing to a decision on supporting this.

andy5995 commented 1 year ago

Thanks @jonasbn ! I'm trying it out at https://github.com/theimpossibleastronaut/rmw/pull/388 but got some errors. Any ideas?

Using pyspelling on configuration outlined in >spellcheck.yaml<
Checking files matching specified outlined in >spellcheck.yaml<
----------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/local/bin/pyspelling", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.11/site-packages/pyspelling/__main__.py", line 30, in main
    return run(
           ^^^^
  File "/usr/local/lib/python3.11/site-packages/pyspelling/__main__.py", line 55, in run
    for results in spellcheck(
  File "/usr/local/lib/python3.11/site-packages/pyspelling/__init__.py", line 616, in spellcheck
    config = util.read_config(config_file)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/pyspelling/util/__init__.py", line 186, in read_config
    raise ValueError(
ValueError: Unable to find or load pyspelling configuration from spellcheck.yaml, for more details on configuration please read https://facelessuser.github.io/pyspelling/configuration/
andy5995 commented 1 year ago

Disregard, I got it figured out. :)

jonasbn commented 1 year ago

Hi @andy5995

Good to hear, else let me know and I will do me best to assist you.

Have a nice day