Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Use checks.yaml to store which repo types are supported by each check #1195

Merged
merged 8 commits into from
Nov 2, 2021

Conversation

laurentsimon
Copy link
Contributor

@laurentsimon laurentsimon commented Oct 29, 2021

  • Please check if the PR fulfills these requirements

This is a feature with no breaking changes.

close #1184

The general behavior for check selection is as follows:

  1. --repo=X => uses all checks supported by the repo interface
  2. --repo=X --check=Y => uses check Y and verifies it's supported by repo interface
  3. --repo=X --policy=Z => uses all checks defined in the policy file AND supported by repo interface
  4. --repo=X --policy=Z --checks=Y => uses Y AND verifies Y is defined in the policy and verifies Y checks are supported by the repo interface

The one thing I don't like is that, if a user passes a policy, we're silently discarding checks not supported by the interface. I wonder if this may be confusing for users.

@laurentsimon laurentsimon marked this pull request as draft October 29, 2021 17:57
@laurentsimon laurentsimon changed the title ✨ [DRAFT] Use checks.yaml to store which repo types are supported by each check ✨ Use checks.yaml to store which repo types are supported by each check Oct 29, 2021
@laurentsimon laurentsimon marked this pull request as ready for review October 29, 2021 18:11
@@ -18,6 +18,7 @@ checks:
Maintained:
risk: High
tags: supply-chain, security
repos: GitHub
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe simpler to add a boolean like run-on-local-files? That way checks.yaml doesn't have to be updated with newer repo implementations.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you don't mind, I'll keep it as-is because it lends itself well to supporting other interfaces: gitlab, local-git, etc. I don't think we'll be able to support all of them with a binary "run on local file or not".

Copy link
Contributor

@azeemshaikh38 azeemshaikh38 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Feature: Add supported repo interface in checks.yaml
2 participants