feat(config): discover .github/poutine.yml as a config path#424
Conversation
Closes boostsecurityio#422 Previously only `.poutine.yml` at the repo root was auto-discovered. Add `.github/poutine.yml` (no leading dot, matching the GitHub convention used by dependabot, zizmor, etc.) as a secondary discovery path so users can keep CI-related configs together under `.github/`. Precedence, highest first: 1. `--config <path>` flag 2. `.poutine.<ext>` in the working directory 3. `.github/poutine.<ext>` Extensions probed are those supported by viper (yml, yaml, json, toml, ...). `.poutine.yml` at the repo root continues to win when both defaults exist, so there is no backwards-compatibility break. Signed-off-by: graelo <graelo@graelo.cc>
|
Love it @graelo don't worry. We all use Claude too. We'll have a look at review in depth tomorrow. |
There was a problem hiding this comment.
Pull request overview
Adds a second configuration auto-discovery location under .github/ to keep repo root cleaner while preserving backward-compatible precedence with existing root-level configs.
Changes:
- Added default config discovery for
.github/poutine.<ext>with lower precedence than root.poutine.<ext>. - Refactored config lookup into
findDefaultConfigFileand updatedinitConfig()to use the resolved path. - Added unit tests for discovery precedence/edge-cases and updated README documentation.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| cmd/root.go | Implements explicit config discovery precedence and uses the resolved config file path for Viper. |
| cmd/config_discovery_test.go | Adds unit coverage for default config discovery paths and precedence behavior. |
| README.md | Documents the new .github/poutine.yml auto-discovery location and precedence. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| // findDefaultConfigFile returns the path of the first default config file | ||
| // found under baseDir, in order of precedence: | ||
| // 1. <baseDir>/.poutine.<ext> (repo root) |
There was a problem hiding this comment.
The comment describing precedence says "(repo root)" for <baseDir>/.poutine.<ext>, but baseDir is a parameter (and initConfig() currently passes ".", i.e., the working directory). Consider rewording the comment to refer to baseDir/working directory rather than "repo root" to keep the documentation accurate.
| // 1. <baseDir>/.poutine.<ext> (repo root) | |
| // 1. <baseDir>/.poutine.<ext> (baseDir / working directory) |
| @@ -125,7 +125,7 @@ See [.poutine.sample.yml](.poutine.sample.yml) for an example configuration file | |||
|
|
|||
| #### Configuration | |||
|
|
|||
| Create a `.poutine.yml` configuration file in your current working directory, or use a custom path with the `--config` flag: | |||
| Create a `.poutine.yml` configuration file in your current working directory, or keep it alongside your other GitHub metadata at `.github/poutine.yml` — both are auto-discovered. When both exist, `.poutine.yml` at the repo root wins. To use a custom path, pass the `--config` flag (which takes precedence over both): | |||
|
|
|||
There was a problem hiding this comment.
The README examples/documentation refer specifically to .poutine.yml and .github/poutine.yml, but config discovery in code probes all extensions supported by Viper (yml/yaml/json/toml/...). Consider adjusting this text to .poutine.<ext> / .github/poutine.<ext> (or mention the supported extensions) so the docs match actual behavior.
Signed-off-by: graelo <graelo@graelo.cc>
|
Thanks @graelo 👍 Happy to see you use and like the tool enough to make small contributions |
|
@fproulx-boostsecurity thanks again. Do you think you could update poutine-action to v1.1.4 now poutine itself was updated? |
Hi @fproulx-boostsecurity — thanks for the invitation on #422, happy to pick this up!
This adds
.github/poutine.ymlas a secondary auto-discovery path, so the config can live alongside the other.github/metadata (dependabot, codeowners, …) instead of cluttering the repo root. No leading dot when under.github/, matching what zizmor and friends do.Precedence, highest wins:
--config <path>flag.poutine.<ext>in the working directory.github/poutine.<ext>.poutine.ymlat the root still wins when both defaults are present, so existing setups are untouched. Extensions probed are whatever viper supports (yml, yaml, json, toml, …), same as before.Changes:
cmd/root.go— pulled the default lookup into a smallfindDefaultConfigFilehelper so the precedence is explicit and testable.cmd/config_discovery_test.go— unit tests for each branch (no config, root.yml/.yaml,.github/poutine.yml, root-wins-over-.github, plus a guard that a directory named like the config file is skipped).README.md— documented the new path and the precedence.Ran locally:
go build ./...,go vet ./...,gofmt -l cmd/(clean),go test ./...(green).Small note: I used Claude to help author this PR — I was short on time and don't work in Go regularly. I've read through every change and run the full test suite, and I'm happy to iterate on whatever you'd like tweaked.
Cheers!
Signed-off-by: graelo graelo@graelo.cc