diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index f97d3fcc..8022b4fa 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "io" + "io/ioutil" "net/http" "os" "strings" @@ -27,7 +28,7 @@ import ( "github.com/ossf/scorecard/clients" ) -const repoFilename = "./githubrepo.tar.gz" +const repoFilename = "githubrepo*.tar.gz" type Client struct { repo *github.Repository @@ -35,11 +36,13 @@ type Client struct { ctx context.Context owner string repoName string + tarball string } func (client *Client) InitRepo(owner, repoName string) error { client.owner = owner client.repoName = repoName + repo, _, err := client.repoClient.Repositories.Get(client.ctx, client.owner, client.repoName) if err != nil { // nolint: wrapcheck @@ -52,31 +55,34 @@ func (client *Client) InitRepo(owner, repoName string) error { url = strings.Replace(url, "{/ref}", client.repo.GetDefaultBranch(), 1) req, err := http.NewRequestWithContext(client.ctx, http.MethodGet, url, nil) if err != nil { - return fmt.Errorf("error during http.NewRequestWithContext: %w", err) + return fmt.Errorf("http.NewRequestWithContext: %w", err) } + resp, err := http.DefaultClient.Do(req) if err != nil { - return fmt.Errorf("error during HTTP call: %w", err) + return fmt.Errorf("http.DefaultClient.Do: %w", err) } defer resp.Body.Close() - repoFile, err := os.OpenFile(repoFilename, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644) + // Create a temp file. This automaticlly appends a random number to the name. + repoFile, err := ioutil.TempFile("", repoFilename) if err != nil { - return fmt.Errorf("error opening file %s for write: %w", repoFilename, err) + return fmt.Errorf("ioutil.TempFile: %w", err) } + defer repoFile.Close() + + client.tarball = repoFile.Name() + if _, err := io.Copy(repoFile, resp.Body); err != nil { - return fmt.Errorf("error during io.Copy: %w", err) - } - if err := repoFile.Close(); err != nil { - return fmt.Errorf("error during file Close: %w", err) + return fmt.Errorf("io.Copy: %w", err) } return nil } func (client *Client) GetRepoArchiveReader() (io.ReadCloser, error) { - archiveReader, err := os.OpenFile(repoFilename, os.O_RDONLY, 0o644) + archiveReader, err := os.OpenFile(client.tarball, os.O_RDONLY, 0o644) if err != nil { - return archiveReader, fmt.Errorf("error opening file %s for read: %w", repoFilename, err) + return archiveReader, fmt.Errorf("os.OpenFile: %w", err) } return archiveReader, nil } diff --git a/e2e/active_test.go b/e2e/active_test.go index 728e7df6..6d7959f9 100644 --- a/e2e/active_test.go +++ b/e2e/active_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:Active", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "airflow", GraphClient: graphClient, diff --git a/e2e/automatic_deps_test.go b/e2e/automatic_deps_test.go index ec1b3c48..22c81c99 100644 --- a/e2e/automatic_deps_test.go +++ b/e2e/automatic_deps_test.go @@ -22,15 +22,21 @@ import ( "github.com/ossf/scorecard/checker" "github.com/ossf/scorecard/checks" + "github.com/ossf/scorecard/clients/githubrepo" ) var _ = Describe("E2E TEST:Automatic-Dependency-Update", func() { Context("E2E TEST:Validating dependencies are automatically updated", func() { It("Should return deps are automatically updated for dependabot", func() { l := log{} + repoClient := githubrepo.CreateGithubRepoClient(context.Background(), ghClient) + err := repoClient.InitRepo("ossf", "scorecard") + Expect(err).Should(BeNil()) + checker := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, + RepoClient: repoClient, Owner: "ossf", Repo: "scorecard", GraphClient: graphClient, @@ -42,9 +48,14 @@ var _ = Describe("E2E TEST:Automatic-Dependency-Update", func() { }) It("Should return deps are automatically updated for renovatebot", func() { l := log{} + repoClient := githubrepo.CreateGithubRepoClient(context.Background(), ghClient) + err := repoClient.InitRepo("netlify", "netlify-cms") + Expect(err).Should(BeNil()) + checker := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, + RepoClient: repoClient, Owner: "netlify", Repo: "netlify-cms", GraphClient: graphClient, diff --git a/e2e/branchprotection_test.go b/e2e/branchprotection_test.go index e3de1788..b8464bbe 100644 --- a/e2e/branchprotection_test.go +++ b/e2e/branchprotection_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:Branch Protection", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "airflow", GraphClient: graphClient, diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index f622915a..6b9c1a0f 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:CITests", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "airflow", GraphClient: graphClient, diff --git a/e2e/cii_best_practices_test.go b/e2e/cii_best_practices_test.go index 4f22e25d..fed440d7 100644 --- a/e2e/cii_best_practices_test.go +++ b/e2e/cii_best_practices_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:CIIBestPractices", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "tensorflow", Repo: "tensorflow", GraphClient: graphClient, diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index 1b08358d..0c29eff7 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:CodeReview", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "airflow", GraphClient: graphClient, diff --git a/e2e/contributors_test.go b/e2e/contributors_test.go index 47660eae..03b9a0f3 100644 --- a/e2e/contributors_test.go +++ b/e2e/contributors_test.go @@ -32,7 +32,8 @@ var _ = Describe("E2E TEST:CodeReview", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "ossf", Repo: "scorecard", GraphClient: graphClient, @@ -47,7 +48,8 @@ var _ = Describe("E2E TEST:CodeReview", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "airflow", GraphClient: graphClient, diff --git a/e2e/e2e_suite_test.go b/e2e/e2e_suite_test.go index c570128a..da9ee897 100644 --- a/e2e/e2e_suite_test.go +++ b/e2e/e2e_suite_test.go @@ -33,7 +33,7 @@ import ( var ( ghClient *github.Client graphClient *githubv4.Client - client *http.Client + httpClient *http.Client ) type log struct { @@ -73,12 +73,12 @@ var _ = BeforeSuite(func() { rt := roundtripper.NewTransport(ctx, sugar) - client = &http.Client{ + httpClient = &http.Client{ Transport: rt, } - ghClient = github.NewClient(client) - graphClient = githubv4.NewClient(client) + ghClient = github.NewClient(httpClient) + graphClient = githubv4.NewClient(httpClient) }) var _ = AfterSuite(func() { diff --git a/e2e/frozen_deps_test.go b/e2e/frozen_deps_test.go index f537f6b3..d75c3032 100644 --- a/e2e/frozen_deps_test.go +++ b/e2e/frozen_deps_test.go @@ -12,7 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -//nolint:dupl package e2e import ( @@ -23,16 +22,22 @@ import ( "github.com/ossf/scorecard/checker" "github.com/ossf/scorecard/checks" + "github.com/ossf/scorecard/clients/githubrepo" ) var _ = Describe("E2E TEST:FrozenDeps", func() { Context("E2E TEST:Validating deps are frozen", func() { It("Should return deps are not frozen", func() { l := log{} + repoClient := githubrepo.CreateGithubRepoClient(context.Background(), ghClient) + err := repoClient.InitRepo("tensorflow", "tensorflow") + Expect(err).Should(BeNil()) + checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: repoClient, Owner: "tensorflow", Repo: "tensorflow", GraphClient: graphClient, @@ -42,12 +47,17 @@ var _ = Describe("E2E TEST:FrozenDeps", func() { Expect(result.Error).Should(BeNil()) Expect(result.Pass).Should(BeFalse()) }) - It("Should return deps are not frozen", func() { + It("Should return deps are frozen", func() { l := log{} + repoClient := githubrepo.CreateGithubRepoClient(context.Background(), ghClient) + err := repoClient.InitRepo("ossf", "scorecard") + Expect(err).Should(BeNil()) + checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: repoClient, Owner: "ossf", Repo: "scorecard", GraphClient: graphClient, diff --git a/e2e/fuzzing_test.go b/e2e/fuzzing_test.go index e2f5338e..06255a33 100644 --- a/e2e/fuzzing_test.go +++ b/e2e/fuzzing_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:Fuzzing", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "tensorflow", Repo: "tensorflow", GraphClient: graphClient, diff --git a/e2e/packaging_test.go b/e2e/packaging_test.go index 1834c825..73cd5825 100644 --- a/e2e/packaging_test.go +++ b/e2e/packaging_test.go @@ -32,7 +32,8 @@ var _ = Describe("E2E TEST:Packaging", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "orc", GraphClient: graphClient, @@ -47,7 +48,8 @@ var _ = Describe("E2E TEST:Packaging", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "ossf", Repo: "scorecard", GraphClient: graphClient, diff --git a/e2e/pull_requests_test.go b/e2e/pull_requests_test.go index 02e8a4cf..076c6b92 100644 --- a/e2e/pull_requests_test.go +++ b/e2e/pull_requests_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:PullRequests", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "airflow", GraphClient: graphClient, diff --git a/e2e/sast_test.go b/e2e/sast_test.go index ba8c99f9..f387a71d 100644 --- a/e2e/sast_test.go +++ b/e2e/sast_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:SAST", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "airflow", GraphClient: graphClient, diff --git a/e2e/security_policy_test.go b/e2e/security_policy_test.go index 22af07d1..624c7efa 100644 --- a/e2e/security_policy_test.go +++ b/e2e/security_policy_test.go @@ -22,16 +22,22 @@ import ( "github.com/ossf/scorecard/checker" "github.com/ossf/scorecard/checks" + "github.com/ossf/scorecard/clients/githubrepo" ) var _ = Describe("E2E TEST:SecurityPolicy", func() { Context("E2E TEST:Validating security policy", func() { It("Should return valid security policy", func() { l := log{} + repoClient := githubrepo.CreateGithubRepoClient(context.Background(), ghClient) + err := repoClient.InitRepo("tensorflow", "tensorflow") + Expect(err).Should(BeNil()) + checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: repoClient, Owner: "tensorflow", Repo: "tensorflow", GraphClient: graphClient, diff --git a/e2e/signedreleases_test.go b/e2e/signedreleases_test.go index 84ae5b92..1fab728f 100644 --- a/e2e/signedreleases_test.go +++ b/e2e/signedreleases_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:Signedreleases", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "apache", Repo: "airflow", GraphClient: graphClient, diff --git a/e2e/signedtags_test.go b/e2e/signedtags_test.go index 784d2e9a..09aeaff8 100644 --- a/e2e/signedtags_test.go +++ b/e2e/signedtags_test.go @@ -31,7 +31,8 @@ var _ = Describe("E2E TEST:Signedtags", func() { checkRequest := checker.CheckRequest{ Ctx: context.Background(), Client: ghClient, - HTTPClient: client, + HTTPClient: httpClient, + RepoClient: nil, Owner: "bitcoin", Repo: "bitcoin", GraphClient: graphClient, diff --git a/pkg/scorecard.go b/pkg/scorecard.go index 533100bb..d15851a3 100644 --- a/pkg/scorecard.go +++ b/pkg/scorecard.go @@ -85,6 +85,7 @@ func RunScorecards(ctx context.Context, if err := repoClient.InitRepo(repo.Owner, repo.Repo); err != nil { return repos.RepoResult{}, fmt.Errorf("error during InitRepo for %s: %w", repo.URL(), err) } + ret := repos.RepoResult{ Repo: repo.URL(), Date: time.Now().Format("2006-01-02"),