Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IDEA] feat: GitHub-Action #473

Closed
jkowalleck opened this issue Feb 2, 2023 · 5 comments
Closed

[IDEA] feat: GitHub-Action #473

jkowalleck opened this issue Feb 2, 2023 · 5 comments
Labels
enhancement New feature or request

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Feb 2, 2023
edited
Loading

A pull request #472 was opened out of nowhere,
that suggested having a GitHub-Action that installs and runs this very tool.

This is an arguable topic, so let's discuss:
Why is such a GH-Action needed?
What are the actual use cases? How would you use it?
What are the pros? What are the cons?
What is the benefit of a GH-Action instead of running the installation process and the tool via a GitHub-Workflow yourself?
... and much more .
@jkowalleck jkowalleck added the enhancement New feature or request label Feb 2, 2023
@jkowalleck jkowalleck mentioned this issue Feb 2, 2023
Closed
@fnxpt
Copy link

fnxpt commented Feb 2, 2023
edited
Loading

Ok, so a little bit of context Im currently implementing some workflows and I noticed that 2 of the tools that I need didn't have an github action, if you look into https://github.com/marketplace?type=actions&query=cyclonedx+ you will see that there are a few tools/plugins that have an action for this.
Everything that was done on the action can always be done on a workflow, but the goal of having actions is to make it easier to integrate in workflows.

As for pros and cons I see the following.

Pros:
Easy to integrate in workflows/Reusability
More visibility if we include it on marketplace

Cons:
One more thing to maintain, (probably the only effort will be when adding removing parameters)

@jkowalleck
Copy link
Member Author

re: #473 (comment)

  • the "More visibility if we include it on marketplace" in the PRO's list is speculative.

  • the "Easy to integrate in workflows/Reusability" in the PRO's is not a unique selling point here.

    You say

    the goal of having actions is to make it easier to integrate in workflows.

    I don't see one of the following being better than the other, under these aspects

    - uses: CycloneDX/cyclonedx-node-npm@master
  with:
    version: '^1.4'
    foo: bar

    -- VS --

    - run: npx --yes -- '@cyclonedx/cyclonedx-npm@^1.4' --foo=bar

Please help me understand the benefit for the users of such an action.

@fnxpt
Copy link

fnxpt commented Feb 2, 2023

Thats fair @jkowalleck it doesn't really make sense. Im going to close the PR, sorry for wasting your time

@jkowalleck
Copy link
Member Author

No worries, @fnxpt.

I will keep this feature request open.
Maybe others will come up with other use cases or questions.

@jkowalleck jkowalleck changed the title feat: GitHub-Action [IDEA] feat: GitHub-Action Feb 2, 2023
@jkowalleck
Copy link
Member Author

jkowalleck commented Feb 6, 2023
edited
Loading

Closed, in favor of CycloneDX/gh-node-module-generatebom#6

@jkowalleck jkowalleck closed this as not planned Won't fix, can't repro, duplicate, stale Feb 6, 2023
@CycloneDX CycloneDX locked and limited conversation to collaborators Feb 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fnxpt @jkowalleck