add LSIF indexing & uploading to Sourcegraph workflow #341
Conversation
fwcd
added
enhancement
| uses: sourcegraph/lsif-upload-action@master | ||
| with: | ||
| endpoint: https://sourcegraph.com | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
Does this need any special authorization, e.g. some OAuth app that needs to be registered, or does it work out-of-the-box?
Also are there potential security implications to using the GitHub token (which e.g. also permits write access) here? Maybe it might be a good idea to limit the permissions here to only include those needed.
There was a problem hiding this comment.
This value should work by making a new developer access token and adding it to the secrets of your repo/org. You shouldn't need to perform any additional flow after that.
We need repo scope of personal access tokens so that we can read the ones attached to your profile. Here is the point in Sourcegraph server code that actually queries GitHub on your behalf if you'd like to see how it's actually used. I'm not sure if a lower scope would allow us the same permissions (and if so we'd definitely recommend using that instead).
In the future we may also expand our user permissions model so that authenticating directly with the code host will become unnecessary (though I don't have a timeline to give you at this point).
There was a problem hiding this comment.
There was a problem hiding this comment.
According to these docs, I believe read access on repository-projects would be sufficient.
Adds LSIF indexing workflow with Kotlin SemanticDB compiler plugin via the lsif-java cli tool. Resulting LSIF file is uploaded to Sourcegraph for "precise code intelligence" navigation.
This will help us get more in-the-wild testing of the Kotlin plugin (please feel free to report any and all issues 🙂), and hopefully you find it useful too when reviewing PRs.