Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

📖 Add pkg.go.dev badge and update package versions #1680

Merged
merged 3 commits into from
Feb 27, 2022

Conversation

naveensrinivasan
Copy link
Member

What kind of change does this PR introduce?

Doc update

What is the current behavior?

What is the new behavior (if this is a feature change)?**

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

Does this PR introduce a user-facing change?

NONE

@naveensrinivasan naveensrinivasan temporarily deployed to integration-test February 26, 2022 19:53 Inactive
@codecov
Copy link

codecov bot commented Feb 26, 2022

Codecov Report

Merging #1680 (b694460) into main (7956ff4) will increase coverage by 3.13%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1680      +/-   ##
==========================================
+ Coverage   57.45%   60.58%   +3.13%     
==========================================
  Files          58       58              
  Lines        5907     5907              
==========================================
+ Hits         3394     3579     +185     
+ Misses       2276     2085     -191     
- Partials      237      243       +6     

@github-actions
Copy link

Integration tests success for
[0327195]
(https://github.com/ossf/scorecard/actions/runs/1904016129)

@naveensrinivasan naveensrinivasan enabled auto-merge (rebase) February 26, 2022 20:06
@naveensrinivasan naveensrinivasan temporarily deployed to integration-test February 27, 2022 02:32 Inactive
@github-actions
Copy link

Integration tests success for
[19374a9]
(https://github.com/ossf/scorecard/actions/runs/1904861495)

@azeemshaikh38
Copy link
Contributor

I'm concerned about directing users here while we don't officially yet support Scorecard as a library. Apart from the LGTM.

@naveensrinivasan
Copy link
Member Author

I'm concerned about directing users here while we don't officially yet support Scorecard as a library. Apart from the LGTM.

I think we should start supporting it. There are projects using it.

  • Scorecard-actions (this is WIP)
  • Witness
  • Allstar

We should document that we don't support Semver but scorecard/v4 similar to Go GitHub Libary.

Thoughts? @azeemshaikh38 @laurentsimon @justaugustus

Copy link
Member

@justaugustus justaugustus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding code suggestions on package version and pkg.go.dev URL.

README.md Outdated Show resolved Hide resolved
@justaugustus justaugustus temporarily deployed to integration-test February 27, 2022 14:51 Inactive
@justaugustus justaugustus changed the title 📖 Included reference to the GoDoc 📖 Add pkg.go.dev badge and update package versions Feb 27, 2022
@justaugustus justaugustus enabled auto-merge (squash) February 27, 2022 14:52
@github-actions
Copy link

Integration tests success for
[b694460]
(https://github.com/ossf/scorecard/actions/runs/1906416969)

@justaugustus
Copy link
Member

I'm concerned about directing users here while we don't officially yet support Scorecard as a library. Apart from the LGTM.

I think we should start supporting it. There are projects using it.

This presentation is worth a look: https://dave.cheney.net/practical-go/presentations/gophercon-israel.html#apidesign

Of note:

If it’s exported, its part of your public API.

That said, we have a responsibility to design APIs that are hard to misuse.

* Scorecard-actions (this is WIP)

ossf/scorecard-action#107 (cc: @rohankh532)

* Witness

#1673 / #1245 / #1682 (cc: @colek42)

* Allstar

#1645 / ossf/allstar#114

#1645 just merged, which makes some decent steps in the right direction and I'll open a separate tracking issue for this if one doesn't already exist.

We should document that we don't support Semver but scorecard/v4 similar to Go GitHub Libary.

Disagree here and I've expressed the opinion in a few places, including the most recent (2022-02-24) biweekly meeting.

We've adopted SemVer-compliant versioning, which means regardless if we've enforce SemVer or not, consumers will have at least a baseline expectation that we are compliant. Whether that is true or not is a different story.

I think we should instead declare that the next major release version (v5.0.0) is the first release in which we will be SemVer-compliant and direct our efforts into designing the module in a way that we can ensure that.

I think we'll all agree that scorecard is a high-value project in a space with lots of eyes on it today, so we have a responsibility to those who consume it to make it as easy and clear to do so as possible.

@justaugustus
Copy link
Member

I think we should instead declare that the next major release version (v5.0.0) is the first release in which we will be SemVer-compliant and direct our efforts into designing the module in a way that we can ensure that.

I've created a tracking issue for this and added it to the v5 milestone: #1683
Let's continue the discussion there!

@naveensrinivasan
Copy link
Member Author

I'm concerned about directing users here while we don't officially yet support Scorecard as a library. Apart from the LGTM.

I think we should start supporting it. There are projects using it.

This presentation is worth a look: https://dave.cheney.net/practical-go/presentations/gophercon-israel.html#apidesign

Of note:

If it’s exported, its part of your public API.

That said, we have a responsibility to design APIs that are hard to misuse.

* Scorecard-actions (this is WIP)

ossf/scorecard-action#107 (cc: @rohankh532)

* Witness

#1673 / #1245 / #1682 (cc: @colek42)

* Allstar

#1645 / ossf/allstar#114

#1645 just merged, which makes some decent steps in the right direction and I'll open a separate tracking issue for this if one doesn't already exist.

We should document that we don't support Semver but scorecard/v4 similar to Go GitHub Libary.

Disagree here and I've expressed the opinion in a few places, including the most recent (2022-02-24) biweekly meeting.

We've adopted SemVer-compliant versioning, which means regardless if we've enforce SemVer or not, consumers will have at least a baseline expectation that we are compliant. Whether that is true or not is a different story.

I think we should instead declare that the next major release version (v5.0.0) is the first release in which we will be SemVer-compliant and direct our efforts into designing the module in a way that we can ensure that.

I think we'll all agree that scorecard is a high-value project in a space with lots of eyes on it today, so we have a responsibility to those who consume it to make it as easy and clear to do so as possible.

I agree. Thanks for the details.

I will wait for @azeemshaikh38 before I merge.

@justaugustus
Copy link
Member

I will wait for @azeemshaikh38 before I merge.

I agree that the API is a longer discussion, but I don't think we need to block the badge updates on it.

@naveensrinivasan
Copy link
Member Author

I will wait for @azeemshaikh38 before I merge.

I agree that the API is a longer discussion, but I don't think we need to block the badge updates on it.

Sounds good. 👍

@naveensrinivasan naveensrinivasan merged commit d71866c into main Feb 27, 2022
@naveensrinivasan naveensrinivasan deleted the naveen/feat/go-doc branch February 27, 2022 15:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants