2023-02-07, 14:50–15:15, B.2.015
Most Puppet users have had the experience of evaluating modules on the Puppet Forge. Maybe you have too. Maybe you were comparing a handful that all claimed to meet your needs, or maybe you were just determining whether a specific module met your standards for deploying into your production environment. With tools like puppet-lint and the PDK, it's fairly straightforward to evaluate code quality. But what about the health of the project itself? Is it actively maintained? Are Forge releases kept up to date? What are the chances that the latest release was compromised with a hidden bitcoin miner?
How do you answer those sorts of questions? You probably
- Skimmed the module's README for signs of the author's diligence.
- Poked through the issue list and pull requests on the repository hosting the module source to see how responsive the maintainers were to community collaboration.
- Checked the changelog for consistency.
- Maybe you even checked the commit history to see if there were unreleased fixes, or compared tags against the published version(s).
Wouldn't it be nice to automate some of this due diligence? That's what denmark does. The Shakespeare quote refers to corruption at the top of a political hierarchy making its way down through the entire state. In the context of this tool, it means that often we can detect concerns with a project by sniffing around the edges and seeing if anything rolling downhill stinks.
See the project at https://github.com/binford2k/denmark
Community lead and developer advocate at Puppet; I get to build neat things -and- talk to people! \o/ I've been in the tech industry in one way or another since the late 90's doing everything from devops before devops was a thing at a tiny security startup, to forensics investigations, to maintaining a compute cluster for a computational anthropology department at an American university and teaching the grad students how to write distributed Java code to run on it.
I run marathons in those funny finger shoes and recently moved my social engagement to https://hachyderm.io/@binford2k