add biased language check to gh actions #3282
Conversation
|
|
|
Please sign the CLA :) |
|
That's a nice GitHub Action :-) |
anuraaga
changed the title
|
Hi, is there anything additional that needs to be done to get this merged? :) |
| - uses: actions/checkout@v2 | ||
| - id: pink-panther | ||
| uses: splunk/pink-panther@main | ||
| continue-on-error: true |
There was a problem hiding this comment.
Won't this cause the workflow to be considered successful even if there is biased language? Don't we want it to fail?
There was a problem hiding this comment.
That seems fine as an interim step, particularly if it checks the entire repository and not just changed files. Would give us notice and time to start addressing the issues. Hard to know how it works, though, since the code the action actually uses doesn't appear to be in the action repo.
There was a problem hiding this comment.
Some repo's can contain a slew of biased terms which can take quite a while to replace, so we didn't want this job to fail the workflow. Instead, we've added an error annotation as shown in the attached photo to notify users there are biased terms in the repo, but allow the workflow to continue.
As for the code itself, this is hosted in our internal Gitlab instance where we test, build, and publish for use in both GitLab CI and GitHub Actions. The image is essentially a Python script utilizing RipGrep to search through the repo for a list of biased terms Splunk defines, and outputs a summary in JSON format which is visible in the job.
There was a problem hiding this comment.
The image is essentially a Python script utilizing RipGrep to search through the repo for a list of biased terms Splunk defines
Yet another reason it would be nice for the code executed by the action to be publicly available. I'm not sure it's up to Splunk to define what is considered appropriate language for this project. I don't think this is a debate that needs to happen now, but I would like to be able to view the list of terms and have an opportunity to provide input on them.
There was a problem hiding this comment.
Completely understandable. Let me circle back with the team and see what we're able to share publicly. As for the biased terms we are searching for currently, the list is short (only 4 terms) which you can also view in the JSON output during the job, shown here
The main repository lives in Splunk's internal GitLab instance, which will build and publish the docker image to ghcr.io. I just updated to remove the github token, thanks for pointing it out as it currently doesn't need it |
Thanks, removing the token greatly reduces my concerns, though it would still be nice for the code the action runs to be publicly visible. To the extent that this would only have read-only access to a public repo I no longer feel the need to object to merging this PR. |
|
What are the next steps to get this PR merged? |
Hi @tigrannajaryan, at the moment yes |
@Lng88 unfortunately we cannot accept that as a tool for this repo. All dependencies and tools we use need to be open-source and have a license that we are allowed to use. |
Thanks for your response @tigrannajaryan. We discussed internally with the team yesterday and will start the process for open sourcing. Will keep this MR posted with updates, unless you'd like it closed and re-opened when oss is ready. |
@Lng88 Sounds good. Please close for now and feel free to re-open and submit a new PR when it is ready for review. |
This PR ports the client authenticator interfaces from PR #3128 in a piece meal fashion. The interfaces are currently not used by any client configurations and are published for reviewing only. Plan is to modify ToClient and ToDialOptions apis once all the clients are prepared per #3287 (core and contrib side as well). Link to tracking Issue: #3287 #3282 Testing: Unit tests, [manual test described (for only oidc)](open-telemetry/opentelemetry-collector#3128 (comment))
… extensions configuration map (#3340) This PR is a port of the configfrpc's ToDialOptions() and confighttp ToClient() from PR #3128 in a piece meal fashion. The following are the changes - Refactored configgrpc.PerRPCAuth as extension implementing configauth.GrpcClientAuthenticator - Plugged in extensions configuration to all the grpc based clients in the core (OTLP, OpenCensus, Jaeger, JaegerReceiver) - Plugged in extensions configuration to all the HTTP based clients in the core (Zipkin, OTLPHTTP) Link to tracking Issue: #3282 #3276 Testing: Unit tests, [manual test described (for only oidc)](#3128 (comment))
|
So, it appears that as of June 24th 2021 they've since changed the Licensing to be Apache 2.0 Could we resurrect this merge request? (I'll likely follow up on the otel slack during the workweek with relevant people from this convo but wanted to ask this publicly) |
Description:
Adding a github actions workflow to check for biased language in the project. The biased language we are checking include these 4 words: blacklist, whitelist, master, slave. This is to help bring awareness to the number of biased language in the repository with the goal of eventually reducing these terms used in the project. This is an organization wide effort at Splunk to help bring change and make an impact by removing institutionalized bias from the products we help create that are widely used by many individuals.
Testing:
This workflow was tested in my forked repository
Documentation:
Biased Language action repo