Question for CI as github action project
SamYuan1990 opened this issue · 4 comments
Hi team,
happy new year!
Take https://www.bestpractices.dev/en/projects/7387 for example, this is just a github action project.
My I know any guidance for github action kind of project's badge suggestion?
We don't have any special guidance for GitHub actions. No one has ever asked before, to my knowledge.
So since we don't have any special guidance, I can try to think it through with you. I guess I'd focus on "what are your intentions?"
If the GitHub action will only ever be just a few lines of .yml, and it's not a widely-used or important GitHub Action, I'm not sure I see a lot of value in this exercise. But it's up to you - you should be able to meet the criteria (it should be easy for many of them!). If this GitHub action is really critical, then I guess I can see the argument for applying the criteria even for something quite small because it's important to get it right.
However, anything can start small and grow. If you plan to grow this into something more substantive eventually, then working on the badge requirements could be a helpful starting point.
You're welcome to raise this in the mailing list for possibly broader discussion.
If you do it, I'd love to hear your feedback. Normally we have more substantive projects, not something the typical size of GitHub Actions. But we need to support JavaScript projects, and many of them are also small, so I suspect similar concepts apply.
I hope that helps.
so what's the mail thread? and why a github action need some best practices? for an example, for checkout action which just check out code there.... why it should follow up with best practices. Honestly, for github actions, I didn't get the point as why it's harmful if it doesn't follow up with the best practices.
@david-a-wheeler
https://github.com/actions/checkout here is the link for checkout action.
also add other discussion here
ossf/scorecard#3145 (reply in thread)
ossf/wg-best-practices-os-developers#239