-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add LSIF indexing & uploading to Sourcegraph workflow #341
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks very interesting, thanks!
uses: sourcegraph/lsif-upload-action@master | ||
with: | ||
endpoint: https://sourcegraph.com | ||
github_token: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need any special authorization, e.g. some OAuth app that needs to be registered, or does it work out-of-the-box?
Also are there potential security implications to using the GitHub token (which e.g. also permits write access) here? Maybe it might be a good idea to limit the permissions here to only include those needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This value should work by making a new developer access token and adding it to the secrets of your repo/org. You shouldn't need to perform any additional flow after that.
We need repo scope of personal access tokens so that we can read the ones attached to your profile. Here is the point in Sourcegraph server code that actually queries GitHub on your behalf if you'd like to see how it's actually used. I'm not sure if a lower scope would allow us the same permissions (and if so we'd definitely recommend using that instead).
In the future we may also expand our user permissions model so that authenticating directly with the code host will become unnecessary (though I don't have a timeline to give you at this point).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to these docs, I believe read access on repository-projects
would be sufficient.
Adds LSIF indexing workflow with Kotlin SemanticDB compiler plugin via the lsif-java cli tool. Resulting LSIF file is uploaded to Sourcegraph for "precise code intelligence" navigation.
This will help us get more in-the-wild testing of the Kotlin plugin (please feel free to report any and all issues 🙂), and hopefully you find it useful too when reviewing PRs.