Re: [DISCUSS] Adding LTGM as gating PR checks
I support making LGTM a gating job on every PR. On Thu, Dec 16, 2021 at 2:46 PM Alexander Murmann wrote: > +1 to adding this. Given it has a low false-positive rate, only checks on > code actually changed in the PR and runs quickly compared to some of our > other steps that already happen for every PR, this seems like an easy > decision. > > > From: Robert Houghton > Sent: Thursday, December 16, 2021 14:20 > To: dev@geode.apache.org > Subject: Re: [DISCUSS] Adding LTGM as gating PR checks > > Short answer would be to work with the rest of the community to get the > check to pass, fix the LGTM configuration, something like that. Otherwise, > the Concourse CI has the ability to set PR context messages. > > -Robert > > From: Owen Nichols > Date: Thursday, December 16, 2021 at 10:40 AM > To: dev@geode.apache.org > Subject: Re: [DISCUSS] Adding LTGM as gating PR checks > Requiring LGTM looks good to me. It does not seem to have a high rate of > false-positives like some other linters, but if we are making it gating, > what would the process look like to override a false-positive? > > On 12/16/21, 10:37 AM, "Anthony Baker" wrote: > > Thanks Robert, I think this is important. I think this is a good first > step. > > In future I think we should consider adding a CI job to ensure that > pre-existing security errors are addressed. Perhaps GitHub code scanning is > worth investigating since they have acquired the LGTM product. > > Anthony > > > > On Dec 16, 2021, at 10:08 AM, Robert Houghton > wrote: > > > > We have had LGTM tests enabled on Apache Geode PRs for quite some > time, and have done a great job of trending those warnings and errors to in > the right direction. I would like to make the change to our GitHub to make > those changes blocking for all new PRs, given their reliability and > lack-of-flakiness. > > > > Does anyone have strong feelings against that? > > > > -Robert Houghton > >
Re: [DISCUSS] Adding LTGM as gating PR checks
+1 to adding this. Given it has a low false-positive rate, only checks on code actually changed in the PR and runs quickly compared to some of our other steps that already happen for every PR, this seems like an easy decision. From: Robert Houghton Sent: Thursday, December 16, 2021 14:20 To: dev@geode.apache.org Subject: Re: [DISCUSS] Adding LTGM as gating PR checks Short answer would be to work with the rest of the community to get the check to pass, fix the LGTM configuration, something like that. Otherwise, the Concourse CI has the ability to set PR context messages. -Robert From: Owen Nichols Date: Thursday, December 16, 2021 at 10:40 AM To: dev@geode.apache.org Subject: Re: [DISCUSS] Adding LTGM as gating PR checks Requiring LGTM looks good to me. It does not seem to have a high rate of false-positives like some other linters, but if we are making it gating, what would the process look like to override a false-positive? On 12/16/21, 10:37 AM, "Anthony Baker" wrote: Thanks Robert, I think this is important. I think this is a good first step. In future I think we should consider adding a CI job to ensure that pre-existing security errors are addressed. Perhaps GitHub code scanning is worth investigating since they have acquired the LGTM product. Anthony > On Dec 16, 2021, at 10:08 AM, Robert Houghton wrote: > > We have had LGTM tests enabled on Apache Geode PRs for quite some time, and have done a great job of trending those warnings and errors to in the right direction. I would like to make the change to our GitHub to make those changes blocking for all new PRs, given their reliability and lack-of-flakiness. > > Does anyone have strong feelings against that? > > -Robert Houghton
Re: [DISCUSS] Adding LTGM as gating PR checks
Short answer would be to work with the rest of the community to get the check to pass, fix the LGTM configuration, something like that. Otherwise, the Concourse CI has the ability to set PR context messages. -Robert From: Owen Nichols Date: Thursday, December 16, 2021 at 10:40 AM To: dev@geode.apache.org Subject: Re: [DISCUSS] Adding LTGM as gating PR checks Requiring LGTM looks good to me. It does not seem to have a high rate of false-positives like some other linters, but if we are making it gating, what would the process look like to override a false-positive? On 12/16/21, 10:37 AM, "Anthony Baker" wrote: Thanks Robert, I think this is important. I think this is a good first step. In future I think we should consider adding a CI job to ensure that pre-existing security errors are addressed. Perhaps GitHub code scanning is worth investigating since they have acquired the LGTM product. Anthony > On Dec 16, 2021, at 10:08 AM, Robert Houghton wrote: > > We have had LGTM tests enabled on Apache Geode PRs for quite some time, and have done a great job of trending those warnings and errors to in the right direction. I would like to make the change to our GitHub to make those changes blocking for all new PRs, given their reliability and lack-of-flakiness. > > Does anyone have strong feelings against that? > > -Robert Houghton
Re: [DISCUSS] Adding LTGM as gating PR checks
Requiring LGTM looks good to me. It does not seem to have a high rate of false-positives like some other linters, but if we are making it gating, what would the process look like to override a false-positive? On 12/16/21, 10:37 AM, "Anthony Baker" wrote: Thanks Robert, I think this is important. I think this is a good first step. In future I think we should consider adding a CI job to ensure that pre-existing security errors are addressed. Perhaps GitHub code scanning is worth investigating since they have acquired the LGTM product. Anthony > On Dec 16, 2021, at 10:08 AM, Robert Houghton wrote: > > We have had LGTM tests enabled on Apache Geode PRs for quite some time, and have done a great job of trending those warnings and errors to in the right direction. I would like to make the change to our GitHub to make those changes blocking for all new PRs, given their reliability and lack-of-flakiness. > > Does anyone have strong feelings against that? > > -Robert Houghton
Re: [DISCUSS] Adding LTGM as gating PR checks
Thanks Robert, I think this is important. I think this is a good first step. In future I think we should consider adding a CI job to ensure that pre-existing security errors are addressed. Perhaps GitHub code scanning is worth investigating since they have acquired the LGTM product. Anthony > On Dec 16, 2021, at 10:08 AM, Robert Houghton wrote: > > We have had LGTM tests enabled on Apache Geode PRs for quite some time, and > have done a great job of trending those warnings and errors to in the right > direction. I would like to make the change to our GitHub to make those > changes blocking for all new PRs, given their reliability and > lack-of-flakiness. > > Does anyone have strong feelings against that? > > -Robert Houghton
Re: [DISCUSS] Adding LTGM as gating PR checks
Excuse me. I meant to link the PR that would enable this behavior: https://github.com/apache/geode/pull/7197 -Robert Houghton From: Robert Houghton Date: Thursday, December 16, 2021 at 10:08 AM To: geode Subject: [DISCUSS] Adding LTGM as gating PR checks We have had LGTM tests enabled on Apache Geode PRs for quite some time, and have done a great job of trending those warnings and errors to in the right direction. I would like to make the change to our GitHub to make those changes blocking for all new PRs, given their reliability and lack-of-flakiness. Does anyone have strong feelings against that? -Robert Houghton
[DISCUSS] Adding LTGM as gating PR checks
We have had LGTM tests enabled on Apache Geode PRs for quite some time, and have done a great job of trending those warnings and errors to in the right direction. I would like to make the change to our GitHub to make those changes blocking for all new PRs, given their reliability and lack-of-flakiness. Does anyone have strong feelings against that? -Robert Houghton
