-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
📖 Add pkg.go.dev badge and update package versions #1680
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1680 +/- ##
==========================================
+ Coverage 57.45% 60.58% +3.13%
==========================================
Files 58 58
Lines 5907 5907
==========================================
+ Hits 3394 3579 +185
+ Misses 2276 2085 -191
- Partials 237 243 +6 |
Integration tests success for |
Integration tests success for |
I'm concerned about directing users here while we don't officially yet support Scorecard as a library. Apart from the LGTM. |
I think we should start supporting it. There are projects using it.
We should document that we don't support Semver but Thoughts? @azeemshaikh38 @laurentsimon @justaugustus |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding code suggestions on package version and pkg.go.dev URL.
Integration tests success for |
This presentation is worth a look: https://dave.cheney.net/practical-go/presentations/gophercon-israel.html#apidesign Of note:
That said, we have a responsibility to design APIs that are hard to misuse.
ossf/scorecard-action#107 (cc: @rohankh532)
#1673 / #1245 / #1682 (cc: @colek42)
#1645 just merged, which makes some decent steps in the right direction and I'll open a separate tracking issue for this if one doesn't already exist.
Disagree here and I've expressed the opinion in a few places, including the most recent (2022-02-24) biweekly meeting. We've adopted SemVer-compliant versioning, which means regardless if we've enforce SemVer or not, consumers will have at least a baseline expectation that we are compliant. Whether that is true or not is a different story. I think we should instead declare that the next major release version (v5.0.0) is the first release in which we will be SemVer-compliant and direct our efforts into designing the module in a way that we can ensure that. I think we'll all agree that scorecard is a high-value project in a space with lots of eyes on it today, so we have a responsibility to those who consume it to make it as easy and clear to do so as possible. |
I've created a tracking issue for this and added it to the v5 milestone: #1683 |
I agree. Thanks for the details. I will wait for @azeemshaikh38 before I merge. |
I agree that the API is a longer discussion, but I don't think we need to block the badge updates on it. |
Sounds good. 👍 |
What kind of change does this PR introduce?
Doc update
What is the current behavior?
What is the new behavior (if this is a feature change)?**
Which issue(s) this PR fixes
NONE
Special notes for your reviewer
Does this PR introduce a user-facing change?