sync_github_advisories lessons-learned/recommendations
jasnow opened this issue · comments
Tried out the "rake sync_github_advisories" yesterday. Successful downloaded the advisories (3 modified and 10 new).
Later I reviewed some recent PRs that have advisories in them - these helped me understand
how others mapped the "before" fields into the "after" file.
Also learned that I can't download the file multiple times - need to see if there is a "-f" (force) option.
Recommendations
- Add about "yamllint" during contributing. I added it locally to fix the yaml-ness.
- Encourage running "rake" before contributing since it run checks against the yaml file.
- The Github key needed is classic, not fine grain.
- Add an example GitHub "before" file to the repo and then point to the "after" file so contributors can see actual mapping.
UPDATE: Yesterday got some yaml files that I had downloaded and edited previously so I had "git diff"erences.
"git diff" was so unhelpful, I finally just did a cut-and-paste from master into my branch.
- Need a better "git diff" tool (Personal TODO)
- Won't "pre-edit" downloaded files again (smile).
- Another Personal TODO from previous entry: "-f" (force" with "sync_github_advisories"?
This is better as a blog or diary somewhere else so closing.