search

tektoncd / chains

Supply Chain Security in Tekton Pipelines
Apache License 2.0
246 stars 129 forks source link

golangci-lint: only flag new issues #1105

Closed wlynch closed 5 months ago

wlynch commented 5 months ago

Changes

Intoto has deprecated the old Subject types in favor of a new library, and this is getting pulled in via recent cosign updates. This is going to be a significant refactor that we'll need to make to chains. This changes the behavior of the lint tool to only flag/block on new issues for now to give us time to work through this.

  Error: SA1019: intoto.Subject is deprecated: This implementation of Subject exists for historical compatibility and should not be used. This implementation has been superseded by a ResourceDescriptor struct generated from the Protobuf definition in https://github.com/in-toto/attestation/tree/main/protos/in_toto_attestation/v1. To generate an ITE-6 v1 Statement subject, use the ResourceDescriptor Go APIs provided in https://github.com/in-toto/attestation/tree/main/go/v1.  (staticcheck)

https://github.com/tektoncd/chains/actions/runs/8707835742/job/23883780247?pr=1104

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

Release Notes

NONE
tekton-robot commented 5 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lcarva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/tektoncd/chains/blob/main/OWNERS)~~ [lcarva] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
lcarva commented 5 months ago

/lgtm