(docs) Add documentation for new rule CPMR0076 #1107
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gep13
requested changes
Dec 5, 2024
| <Callout type="warning"> | ||
| This rule has not been implemented in Package Validator, and is only available in the Chocolatey Community Validation extension. | ||
|
|
||
| Once it has been implemented in Packge Validator, the severity or behavior may be changed in the Chocolatey Community Validation extension. |
There was a problem hiding this comment.
Suggested change
| Once it has been implemented in Packge Validator, the severity or behavior may be changed in the Chocolatey Community Validation extension. | |
| Once it has been implemented in Package Validator, the severity or behavior may be changed in the Chocolatey Community Validation extension. |
| order: 76 | ||
| xref: cpmr0076 | ||
| title: CPMR0076 - Raw GitHub Icon URL Is Used (nuspec) | ||
| description: Information on how to remediate the Chocloatey Package Moderation Rule 0076 |
There was a problem hiding this comment.
Suggested change
| description: Information on how to remediate the Chocloatey Package Moderation Rule 0076 | |
| description: Information on how to remediate the Chocolatey Package Moderation Rule 0076 |
| ## Recommended Solution | ||
|
|
||
| Please update the Icon URL to use an Icon that is coming from a proper CDN instead of GitHub or RawGit. | ||
| There existis CDN providers for GitHub links that can be used, like [JSDelivr](https://www.jsdelivr.com/) and [Statically](https://statically.io/). |
There was a problem hiding this comment.
Suggested change
| There existis CDN providers for GitHub links that can be used, like [JSDelivr](https://www.jsdelivr.com/) and [Statically](https://statically.io/). | |
| There are CDN providers for GitHub links that can be used, like [JSDelivr](https://www.jsdelivr.com/) and [Statically](https://statically.io/). |
There was a problem hiding this comment.
Also, should we link to the section of the docs where this is discussed in more depth?
There was a problem hiding this comment.
I was thinking of it, but I could only see a small section it was mentioned and couldn't be directly linked to.
I could only see it mentioned here: https://docs.chocolatey.org/en-us/community-repository/moderation/#requirements
but linking to that do not make it obvious where the relevant part is located.
|
|
||
| ## Reasoning | ||
|
|
||
| GitHub has expressed it being unwanted to hotlink to _raw_ files in the past as these are not static assets, and RawGit has shut down. |
There was a problem hiding this comment.
Suggested change
| GitHub has expressed it being unwanted to hotlink to _raw_ files in the past as these are not static assets, and RawGit has shut down. | |
| GitHub has made it clear that hotlinking to _raw_ files on GitHub should be avoided, as these are not static assets, and RawGit has shut down. |
There was a problem hiding this comment.
Also, do we have a link to where we can point people to for the information about GitHub?
There was a problem hiding this comment.
I have added a link to the blog post on GitHub regarding this that I am aware of.
This adds a new component that can be used to mark Package Validator rules as not yet being implemented in Package Validator, but however has been implemented in the Chocolatey Community Validation Extension.
This adds the new rule for flagging Icon URLs that make use of GitHub or RawGit URLs in the nuspec file. This rule is not currently planned for Package Validator, but is useful to have as it will be implemented in the Chocolatey Community Validation extension.
AdmiringWorm
force-pushed
the
cpmr0076
branch
from
e96e70a to
255b5aa
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description Of Changes
This adds the new rule for flagging Icon URLs that make use of GitHub or
RawGit URLs in the nuspec file.
This rule is not currently planned for Package Validator, but is useful
to have as it will be implemented in the Chocolatey Community Validator
extension.
Motivation and Context
To document rules that are implemented in Chocolatey Community Validation extension, and considered for Package Validator.
Testing
Change Types Made
Change Checklist
Related Issue