ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fixes for signed releases. (#16)

Browse Source 
* Fixes for signed releases.

* Fmt.
This commit is contained in:
Abhishek Arya 2020-10-16 13:09:20 -07:00 committed by GitHub
parent 6e5ce52cae
commit 2ceadcd253
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
checks/signed_releases.go
View File

@ -7,6 +7,8 @@ import (
"github.com/google/go-github/v32/github"
)
var releaseLookBack int = 5
func init() {
registerCheck("Signed-Releases", SignedReleases)
}
@ -24,14 +26,14 @@ func SignedReleases(c checker.Checker) checker.CheckResult {
if err != nil {
return checker.RetryResult(err)
}
if len(assets) <= 1 {
if len(assets) == 0 {
continue
}
totalReleases++
signed := false
for _, asset := range assets {
for _, suffix := range []string{".sig", ".minisig"} {
c.Logf("signed release found: %s", asset)
c.Logf("signed release found: %s", asset.GetName())
for _, suffix := range []string{".asc", ".minisig", ".sig"} {
if strings.HasSuffix(asset.GetName(), suffix) {
signed = true
break
@ -42,10 +44,13 @@ func SignedReleases(c checker.Checker) checker.CheckResult {
break
}
}
if totalReleases > releaseLookBack {
break
}
}
if totalReleases == 0 {
return checker.InconclusiveResult
}
return checker.ProportionalResult(totalSigned, totalReleases, .75)
return checker.ProportionalResult(totalSigned, totalReleases, 0.8)
}