Do not use latest staticcheck version (or/and support specifying staticcheck version)
haya14busa opened this issue · 0 comments
haya14busa commented
This is a follow-up to #16.
It's safer to use a fixed staticcheck version and automate updating it with depup instead of installing the latest version.
Optionally, we can also support specifying the staticcheck version as an action input.
Personally, I don't like this option so much because ...
- Generally it's good to use the latest version so that users can enjoy the latest improved version of staticcheck.
- Most users won't notice and could forget the new version of staticcheck if we put this as an action input. Users can use action-depup to update the staticcheck version input, but probably it's too much work.
- It would be hard to maintain the script in this action. Suppose a new staticcheck introduced new flags or breaking changes, it's difficult to update the script if users pass an old version as the input.
Users can still pin the action-staticcheck version to pin staticcheck version or they can manually install staticcheck and reviewdog if they want to stick with an old version.
@kstiehl, I'd appreciate it if you want to work on this issue but I'll leave it to you :)