ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Feature - Report codecoverage to codecov.io

Browse Source
This commit is contained in:
naveen 2021-01-26 17:17:31 -05:00 committed by Naveen
parent 09b83b9bf1
commit 2a1463b315
5 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.codecov.yml Normal file
View File

@ -0,0 +1,33 @@
---
codecov:
notify:
after_n_builds: 1
require_ci_to_pass: false
coverage:
precision: 2
round: down
range: 50..75
status:
project:
default:
enabled: true
# allowed to drop coverage and still result in a "success" commit status
threshold: null
if_not_found: success
if_no_uploads: success
if_ci_failed: error
patch:
default:
enabled: true
threshold: null
if_not_found: success
if_no_uploads: success
if_ci_failed: error
changes: false
comment:
layout: "header, diff"
behavior: default
require_changes: false

3
.github/workflows/main.yml vendored
View File

@ -28,3 +28,6 @@ jobs:
go get github.com/onsi/ginkgo/ginkgo@v1.14.2
go mod download
make e2e
- uses: codecov/codecov-action@v1
with:
files: e2e/e2e.coverprofile,pkg/pkg.coverprofile,checks/checks.coverprofile

2
.gitignore vendored
View File

@ -12,7 +12,7 @@ scorecard
*.test
# Output of the go coverage tool, specifically when used with LiteIDE.
*.out
*.coverprofile
# IDE directories.

4
Makefile
View File

@ -7,7 +7,7 @@ fmt:
# ignoring e2e tests
test:
go test -covermode atomic -coverprofile=profile.out `go list ./... | grep -v e2e`
go test -covermode atomic `go list ./... | grep -v e2e`
tidy:
go mod tidy
@ -25,5 +25,5 @@ lint: golangci-lint ## Run golangci-lint linter
.PHONY: e2e
# export GITHUB_AUTH_TOKEN with personal access token to run the e2e
e2e:
ginkgo test -v -p ./e2e/...
ginkgo -v -cover ./...

5
README.md
View File

@ -3,6 +3,7 @@
![build](https://github.com/ossf/scorecard/workflows/build/badge.svg?branch=main)
![golangci-lint](https://github.com/ossf/scorecard/workflows/golangci-lint/badge.svg?branch=main)
![CodeQL](https://github.com/ossf/scorecard/workflows/CodeQL/badge.svg?branch=main)
[![codecov](https://codecov.io/gh/ossf/scorecard/branch/main/graph/badge.svg?token=PMJ6NAN9J3)](https://codecov.io/gh/ossf/scorecard)
<img align="right" src="artwork/openssf_security.png" width="200" height="400">
@ -145,8 +146,8 @@ The following checks are all run against the target project:
| Fuzzing | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)? |
| SAST | Does the project use static code analysis tools, e.g. [CodeQL](https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository#enabling-code-scanning-using-actions), [SonarCloud](https://sonarcloud.io)? |
| Active | Did the project get any commits in the last 90 days? |
| Branch-Protection | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? |
| Packaging | Does the project build and publish official packages from CI/CD, e.g. [GitHub Publishing](https://docs.github.com/en/free-pro-team@latest/actions/guides/about-packaging-with-github-actions#workflows-for-publishing-packages) ?
| Branch-Protection | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? |
| Packaging | Does the project build and publish official packages from CI/CD, e.g. [GitHub Publishing](https://docs.github.com/en/free-pro-team@latest/actions/guides/about-packaging-with-github-actions#workflows-for-publishing-packages) ? |
To see detailed information on how each check works, see the [check-specific documentation page](checks.md).