| ▲ | bdangubic 6 days ago |
| or alternative hire right people that know what they are doing and don’t need a whole lot of junk to work on and deploy. I have been coding 31 years now and don’t have the slighest clue why anyone would ever need a “github action” |
|
| ▲ | Nextgrid 6 days ago | parent [-] |
| There's value in enforcing checks on the server side to avoid people accidentally/maliciously merging code that doesn't pass said checks. Checks can be linters, security scanners, etc. |
| |
| ▲ | bdangubic 6 days ago | parent | next [-] | | why on the server?! | | |
| ▲ | Nextgrid 6 days ago | parent | next [-] | | Because then you protect against a compromised/misbehaving developer workstation. No matter what the individual developer does, the server will prevent a PR being merged if it doesn’t pass the server-enforced checks. Running builds on a designated server would also protect against malware on a developer’s machine silently embedding itself into the resulting artifact and then deployed to production. | |
| ▲ | franklyworks 6 days ago | parent | prev [-] | | This was probably the question to ask before declaring it all as junk. |
| |
| ▲ | Cyph0n 6 days ago | parent | prev [-] | | > Checks can be linters, security scanners, etc. The first checks I setup are build and test. The rest is “extra”. |
|
