Conversation
| } | ||
|
|
||
| if hasBackend && (!ok || sourceCodeDir == "") { | ||
| pass.ReportResult( |
There was a problem hiding this comment.
no need to add this. the source code analyzer already warns of this.
There was a problem hiding this comment.
is it clear that it would also impact other checks like this one?
There was a problem hiding this comment.
it basically stops all other validators from running. so it is pretty obvious things didn't run but we can't make it an error because of some plugins special cases.
| pass.AnalyzerName, | ||
| binaryDirtyBuild, | ||
| fmt.Sprintf("%s: built from a dirty working tree", binaryName), | ||
| "The binary was built with uncommitted changes (vcs.modified=true). Binaries submitted for signing should be built from a clean git working tree.", |
There was a problem hiding this comment.
This is a nice check but I suspect we are going to have people asking about this. This works perfect for CI-pipelines but I suspect people that like to submit from zips created in their machines will constantly hit this.
IMO we should keep this but add an entry in the documentation of what this actually means, why we need it and how to fix it and link it here.
| pass.ReportResult( | ||
| pass.AnalyzerName, | ||
| binaryCGOEnabled, | ||
| fmt.Sprintf("%s: built with CGO_ENABLED=1", binaryName), |
There was a problem hiding this comment.
do we have genuine cases where CGO_ENABLED=1 is a valid option? I had the idea we don't allow cgo in plugins. if that's the case we can turn this into an error.
There was a problem hiding this comment.
i wasn't sure if it was allowed in some cases. i can change to error
2 participants
Adds a new gobuildinfo analyzer that validates embedded Go build metadata in backend plugin binaries. The checks catch common issues that indicate a binary was not built correctly for submission: