Fix golangci and update versions #76
Conversation
shibumi
force-pushed
the
fix-ci
branch
2 times, most recently
from
3bacf5c to
16884d7
Compare
|
package-url/purl-spec@c5681ae introduced breakage for our Go implementation or it's something we have to fix in this project to comply with the spec. |
shibumi
force-pushed
the
fix-ci
branch
3 times, most recently
from
f9a05eb to
fbad0e2
Compare
package-url/purl-spec@c5681ae broke our tests. Let's pin the test file for now to unblock incoming PRs. We definitely have to fix the drift to the upstream spec.
|
@sschuberth Can you approve this PR? It fixes the broken golangci and unblocks: #73 Also, I had to pin the test suite file. Looks like the upstream spec changed OR the packageurl-go version has a spec-drift. |
Sorry @shibumi, I was asked by @pombredanne to not do any "drive by" reviews anymore. As I'm unsure whether that only applies to the purl-spec project itself, or also to projects for implementations like this, I'll refrain from a review / approval until this is clarified. |
|
@sschuberth no problem :) @pombredanne do you know someone else who would be willing to maintain this project together with me? I need someone who can review PRs |
|
@sschuberth I am sure that @pombredanne only meant the specification repository, because that one is VERY important (lot's of projects are depending on it and it's our source of truth). I really see no problem in approving this PR, here :) Especially, because @pombredanne seems to be very inactive :/ @stevespringett, @johnmhoran, @iamwillbar, @jkowalleck, sorry for CC'ing you all. Can maybe one of you approve this PR here or can you appoint a second owner for this repository? Currently, all PRs are blocked and we should really fix these CI bugs ASAP. If you need a good candidate, I can maybe find someone from the open source software supply chain security community. |
| - name: Download test data | ||
| run: curl -L https://raw.githubusercontent.com/package-url/purl-spec/master/test-suite-data.json -o testdata/test-suite-data.json | ||
| run: curl -L https://raw.githubusercontent.com/package-url/purl-spec/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/test-suite-data.json -o testdata/test-suite-data.json |
There was a problem hiding this comment.
I've taken a look again, and this PR does too many unrelated things in a single commit, IMO. This line is the only one that matches the topic of the commit message AFAIU. It should probably also be annotated with a # TODO: ... statement to make the work-around visible without running git blame.
All other version updates from this commit should IMO go to another commit in the same PR to clearly separate the intentions.
Our Github actions are heavily outdated. Let's update them to newer versions.