Info about sending YAML content to remote server in order to validate it

[kamil-cf]

Is your feature request related to a problem? Please describe. I'm not an expert when it comes to VS extensions, but it looks, that this one is actually sending the content of YAML file from the editor to the remote server in order to validate the file: https://github.com/tomaustin700/YAML-Pipeline-Validator-VS-Code-Extension/blob/main/src/extension.ts#L48 It's not necessarily a bad thing on its own, but I guess it would be really nice if you could add this information somewhere in the Readme file.

The issue is - if you export your pipelines from Azure Devops and start editing them, it may happen, that you had some secrets used as a task configuration in the portal (for example Slack notification task requires a secret token, which can be directly provided in the task configuration and will be exported as a plain text).

While you might be ok with that when it comes to Devops portal (which is sort of protected, not every dev can log in and get those secrets), I'm pretty sure those shouldn't be in the repo. And for sure, you shouldn't send it to any remote server. Now you can unknowingly do so.

Describe the solution you'd like A statement in the Readme file, about how the extension works.

[tomaustin700]

Hi @kamil-cf Yep that's a valid concern, I will add something to the readme.

Thanks for raising this.