when doing an update - also have the ability to generate a git short log for each ci component

sethvargo / ratchet

A tool for securing CI/CD workflows with version pinning.

Apache License 2.0

772 stars 32 forks source link

when doing an update - also have the ability to generate a git short log for each ci component #18

Closed kapilt closed 2 years ago

kapilt commented 2 years ago

TL;DR

when pinning stuff we always have to update eventually, for bug fixes, features, security. but auditing those updates is also a key aspect, one simple facility that would make that nicer is for ratchet to generate a changelog.md on the updates (via git checkout and short log on the delta between the two revisions), which can then be used in a pull request description/comment to help reviewers on the updates.

Detailed design

No response

Additional information

No response

sethvargo commented 2 years ago

Hi @kapilt

Unfortunately we can't easily do that for two reasons:

If a ref is pinned to a floating tag (like main), the delta isn't meaningful.
No such "diff" exists for containers.

I think we could print out a summary at the end of the original -> updated values, but I don't think it'd be useful to construct diffs, since that will be highly platform dependent (and Ratchet will likely expand to support multiple CI/CD workflow systems).

kapilt commented 2 years ago

I think I that's fair and in practice, using ratchet, with dependbot updates on actions does generate the needed context on accepting updates re changelogs as well automating the cron/update aspect.