scorecard/roundtripper/roundtripper.go

// Copyright 2020 Security Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package roundtripper

import (
	"context"
	"log"
	"net/http"
	"os"
	"strconv"
	"strings"

	"github.com/bradleyfalzon/ghinstallation"
	"go.uber.org/zap"

	"github.com/ossf/scorecard/clients/githubrepo"
)

const (
	// GithubAuthToken is for making requests to GiHub's API.
	GithubAuthToken = "GITHUB_AUTH_TOKEN" // #nosec G101
	// GithubAppKeyPath is the path to file for GitHub App key.
	GithubAppKeyPath = "GITHUB_APP_KEY_PATH"
	// GithubAppID is the app ID for the GitHub App.
	GithubAppID = "GITHUB_APP_ID"
	// GithubAppInstallationID is the installation ID for the GitHub App.
	GithubAppInstallationID = "GITHUB_APP_INSTALLATION_ID"
)

// NewTransport returns a configured http.Transport for use with GitHub.
func NewTransport(ctx context.Context, logger *zap.SugaredLogger) http.RoundTripper {
	transport := http.DefaultTransport

	if token := os.Getenv(GithubAuthToken); token != "" {
		// Use GitHub PAT
		transport = githubrepo.MakeGitHubTransport(transport, strings.Split(token, ","))
	} else if keyPath := os.Getenv(GithubAppKeyPath); keyPath != "" { // Also try a GITHUB_APP
		appID, err := strconv.Atoi(os.Getenv(GithubAppID))
		if err != nil {
			log.Panic(err)
		}
		installationID, err := strconv.Atoi(os.Getenv(GithubAppInstallationID))
		if err != nil {
			log.Panic(err)
		}
		transport, err = ghinstallation.NewKeyFromFile(transport, int64(appID), int64(installationID), keyPath)
		if err != nil {
			log.Panic(err)
		}
	}

	return MakeRateLimitedTransport(transport, logger)
}
Add license header and code of conduct files. (#34) * Add license header and code of conduct files. * Fill missing field. 2020-10-26 23:22:13 +03:00			`// Copyright 2020 Security Scorecard Authors`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

Initial commit. 2020-10-09 17:47:59 +03:00			`package roundtripper`

			`import (`
			`"context"`
Add support for and hookup app based authentication for higher rate limiting. (#69) This also configures it in our nightly cron cluster. 2020-11-13 20:06:46 +03:00			`"log"`
Initial commit. 2020-10-09 17:47:59 +03:00			`"net/http"`
			`"os"`
			`"strconv"`
Add support for multiple auth tokens to round robin requests through. (#87) 2020-12-02 16:59:43 +03:00			`"strings"`
Initial commit. 2020-10-09 17:47:59 +03:00
Add support for and hookup app based authentication for higher rate limiting. (#69) This also configures it in our nightly cron cluster. 2020-11-13 20:06:46 +03:00			`"github.com/bradleyfalzon/ghinstallation"`
Add better logging. 2020-10-13 19:29:29 +03:00			`"go.uber.org/zap"`
Add monitoring to measure remaining Github tokens (#652) Co-authored-by: Azeem Shaikh <azeems@google.com> 2021-07-05 00:42:21 +03:00
			`"github.com/ossf/scorecard/clients/githubrepo"`
Initial commit. 2020-10-09 17:47:59 +03:00			`)`

Add support for and hookup app based authentication for higher rate limiting. (#69) This also configures it in our nightly cron cluster. 2020-11-13 20:06:46 +03:00			`const (`
🌱 Fix lint issues: Replace golint with revive (#493) * Fix lint issues: Replace golint with revive golint is deprecated and recommended to be replaced with revive * Updating comments to be more accurate * Updating comments again Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com> 2021-05-24 21:34:33 +03:00			`// GithubAuthToken is for making requests to GiHub's API.`
			`GithubAuthToken = "GITHUB_AUTH_TOKEN" // #nosec G101`
			`// GithubAppKeyPath is the path to file for GitHub App key.`
			`GithubAppKeyPath = "GITHUB_APP_KEY_PATH"`
			`// GithubAppID is the app ID for the GitHub App.`
			`GithubAppID = "GITHUB_APP_ID"`
			`// GithubAppInstallationID is the installation ID for the GitHub App.`
			`GithubAppInstallationID = "GITHUB_APP_INSTALLATION_ID"`
Add support for and hookup app based authentication for higher rate limiting. (#69) This also configures it in our nightly cron cluster. 2020-11-13 20:06:46 +03:00			`)`
Initial commit. 2020-10-09 17:47:59 +03:00
Feat-Implement httpcache middleware for GitHub API (#203) The GitHub API supports conditional requests https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests https://github.com/google/go-github supports Conditional requests https://github.com/google/go-github#conditional-requests As we are scaling more and more projects this would add a lot of value. Initial run fetches information using `httpcache` as a middleware, which caches the HTTP response initially in a large disk (PVC), probably move to Redis later as a cache instead of disk. Subsequent `cron runs` will utilize the `httpcache` for checking content modification and load it from the cache if it isn't modified, which reduces the hitting the Rate Limit of the GitHub API. 2021-02-22 20:18:28 +03:00			`// NewTransport returns a configured http.Transport for use with GitHub.`
Add better logging. 2020-10-13 19:29:29 +03:00			`func NewTransport(ctx context.Context, logger *zap.SugaredLogger) http.RoundTripper {`
Initial commit. 2020-10-09 17:47:59 +03:00			`transport := http.DefaultTransport`
Refactor roundtripper code (#471) Co-authored-by: Azeem Shaikh <azeems@google.com> 2021-05-19 09:34:20 +03:00
Feat-Implement httpcache middleware for GitHub API (#203) The GitHub API supports conditional requests https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests https://github.com/google/go-github supports Conditional requests https://github.com/google/go-github#conditional-requests As we are scaling more and more projects this would add a lot of value. Initial run fetches information using `httpcache` as a middleware, which caches the HTTP response initially in a large disk (PVC), probably move to Redis later as a cache instead of disk. Subsequent `cron runs` will utilize the `httpcache` for checking content modification and load it from the cache if it isn't modified, which reduces the hitting the Rate Limit of the GitHub API. 2021-02-22 20:18:28 +03:00			`if token := os.Getenv(GithubAuthToken); token != "" {`
Fix bug in GitHub token access (#490) Co-authored-by: Azeem Shaikh <azeems@google.com> 2021-05-22 21:24:53 +03:00			`// Use GitHub PAT`
Add monitoring to measure remaining Github tokens (#652) Co-authored-by: Azeem Shaikh <azeems@google.com> 2021-07-05 00:42:21 +03:00			`transport = githubrepo.MakeGitHubTransport(transport, strings.Split(token, ","))`
Feat-Implement httpcache middleware for GitHub API (#203) The GitHub API supports conditional requests https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests https://github.com/google/go-github supports Conditional requests https://github.com/google/go-github#conditional-requests As we are scaling more and more projects this would add a lot of value. Initial run fetches information using `httpcache` as a middleware, which caches the HTTP response initially in a large disk (PVC), probably move to Redis later as a cache instead of disk. Subsequent `cron runs` will utilize the `httpcache` for checking content modification and load it from the cache if it isn't modified, which reduces the hitting the Rate Limit of the GitHub API. 2021-02-22 20:18:28 +03:00			`} else if keyPath := os.Getenv(GithubAppKeyPath); keyPath != "" { // Also try a GITHUB_APP`
			`appID, err := strconv.Atoi(os.Getenv(GithubAppID))`
Add support for and hookup app based authentication for higher rate limiting. (#69) This also configures it in our nightly cron cluster. 2020-11-13 20:06:46 +03:00			`if err != nil {`
			`log.Panic(err)`
			`}`
Feat-Implement httpcache middleware for GitHub API (#203) The GitHub API supports conditional requests https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests https://github.com/google/go-github supports Conditional requests https://github.com/google/go-github#conditional-requests As we are scaling more and more projects this would add a lot of value. Initial run fetches information using `httpcache` as a middleware, which caches the HTTP response initially in a large disk (PVC), probably move to Redis later as a cache instead of disk. Subsequent `cron runs` will utilize the `httpcache` for checking content modification and load it from the cache if it isn't modified, which reduces the hitting the Rate Limit of the GitHub API. 2021-02-22 20:18:28 +03:00			`installationID, err := strconv.Atoi(os.Getenv(GithubAppInstallationID))`
Add support for and hookup app based authentication for higher rate limiting. (#69) This also configures it in our nightly cron cluster. 2020-11-13 20:06:46 +03:00			`if err != nil {`
			`log.Panic(err)`
			`}`
Feat-Implement httpcache middleware for GitHub API (#203) The GitHub API supports conditional requests https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests https://github.com/google/go-github supports Conditional requests https://github.com/google/go-github#conditional-requests As we are scaling more and more projects this would add a lot of value. Initial run fetches information using `httpcache` as a middleware, which caches the HTTP response initially in a large disk (PVC), probably move to Redis later as a cache instead of disk. Subsequent `cron runs` will utilize the `httpcache` for checking content modification and load it from the cache if it isn't modified, which reduces the hitting the Rate Limit of the GitHub API. 2021-02-22 20:18:28 +03:00			`transport, err = ghinstallation.NewKeyFromFile(transport, int64(appID), int64(installationID), keyPath)`
Add support for and hookup app based authentication for higher rate limiting. (#69) This also configures it in our nightly cron cluster. 2020-11-13 20:06:46 +03:00			`if err != nil {`
			`log.Panic(err)`
			`}`
Initial commit. 2020-10-09 17:47:59 +03:00			`}`

:seedling: Removing gitcache Removing gitcache 2021-07-13 04:29:23 +03:00			`return MakeRateLimitedTransport(transport, logger)`
Feat- Use cloud buckets for caching Use cloud buckets for httpcache. The implementation uses https://github.com/google/go-cloud for it to be cloud vendor agnostic. 2021-02-23 18:01:49 +03:00			`}`