Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLOUDP-212059: Add note about linters #1573

Merged
merged 1 commit into from May 21, 2024
Merged

CLOUDP-212059: Add note about linters #1573

merged 1 commit into from May 21, 2024

Conversation

roothorp
Copy link
Collaborator

@roothorp roothorp commented May 9, 2024

All Submissions:

  • Have you signed our CLA?
  • Put closes #XXXX in your comment to auto-close the issue that your PR fixes (if there is one).
  • Update docs/release-notes/release-notes-template.md if your changes should be included in the release notes for the next release.

@roothorp roothorp requested review from josvazg and slaskawi May 9, 2024 09:44
josvazg
josvazg reviewed May 9, 2024
View reviewed changes
docs/dev/ci.md

`shellcheck` lints shell scripts in the repo. This is performed with default settings, using [`shellcheck-action`](https://github.com/bewuethr/shellcheck-action). This tool makes use of a regex to find all files within the codebase that have shell scripts that should be assessed.

`govulncheck` checks the Go packages used in the codebase, and flags any that have known vulnerabilities. [`vuln-ignore`](../../vuln-ignore) contains a list of vulnerabilities that we are explicitly ignoring; for use when there is not an available fix, and `govulncheck` is blocking.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
`govulncheck` checks the Go packages used in the codebase, and flags any that have known vulnerabilities. [`vuln-ignore`](../../vuln-ignore) contains a list of vulnerabilities that we are explicitly ignoring; for use when there is not an available fix, and `govulncheck` is blocking.
`govulncheck` checks the Go packages used in the codebase, and flags any that have known vulnerabilities. [`vuln-ignore`](../../vuln-ignore) contains a list of vulnerabilities that we are explicitly ignoring; for use when there is not an available fix, and `govulncheck` is blocking. Explicitly ignored vulnerabilities will appear listed in the [release SDLC report](../releases).

josvazg
josvazg approved these changes May 9, 2024
View reviewed changes
Copy link
Collaborator

@josvazg josvazg left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with that small suggestion.

I was going to also ask you to link this docs from the SDLC checklist template, but instead I think I better rebase #1571 once this merges and will update the reference there.

Still do seek also @slaskawi's approval.

@josvazg
Copy link
Collaborator

josvazg commented May 20, 2024

@roothorp with @slaskawi approval I say we can merge. I would suggest to apply the wording link fix above though.

@roothorp roothorp merged commit 4328225 into main May 21, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josvazg josvazg josvazg approved these changes

@slaskawi slaskawi slaskawi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@roothorp @josvazg @slaskawi