diff --git a/cron/controller/main.go b/cron/controller/main.go index ee543700..47630534 100644 --- a/cron/controller/main.go +++ b/cron/controller/main.go @@ -23,12 +23,12 @@ import ( "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/types/known/timestamppb" + "sigs.k8s.io/release-utils/version" "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/cron/config" "github.com/ossf/scorecard/v4/cron/data" "github.com/ossf/scorecard/v4/cron/pubsub" - "github.com/ossf/scorecard/v4/pkg" ) var headSHA = clients.HeadSHA @@ -140,7 +140,7 @@ func main() { } *metadata.NumShard = (shardNum + 1) *metadata.ShardLoc = bucket + "/" + data.GetBlobFilename("", t) - *metadata.CommitSha = pkg.GetCommit() + *metadata.CommitSha = version.GetVersionInfo().GitCommit metadataJSON, err := protojson.Marshal(&metadata) if err != nil { panic(fmt.Errorf("error during protojson.Marshal: %w", err)) diff --git a/pkg/scorecard.go b/pkg/scorecard.go index 0cc42b5f..f84275bf 100644 --- a/pkg/scorecard.go +++ b/pkg/scorecard.go @@ -22,6 +22,8 @@ import ( "sync" "time" + "sigs.k8s.io/release-utils/version" + "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/clients" sce "github.com/ossf/scorecard/v4/errors" @@ -96,15 +98,15 @@ func RunScorecards(ctx context.Context, if err != nil { return ScorecardResult{}, err } - + versionInfo := version.GetVersionInfo() ret := ScorecardResult{ Repo: RepoInfo{ Name: repo.URI(), CommitSHA: commitSHA, }, Scorecard: ScorecardInfo{ - Version: GetSemanticVersion(), - CommitSHA: GetCommit(), + Version: versionInfo.GitVersion, + CommitSHA: versionInfo.GitCommit, }, Date: time.Now(), } diff --git a/pkg/scorecard_version.go b/pkg/scorecard_version.go deleted file mode 100644 index 55acc8fd..00000000 --- a/pkg/scorecard_version.go +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright 2021 Security Scorecard Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package pkg - -import ( - "runtime" - "strings" -) - -// Base version information. -// -// This is the fallback data used when version information from git is not -// provided via go ldflags in the Makefile. See version.mk. -var ( - // Output of "git describe". The prerequisite is that the branch should be - // tagged using the correct versioning strategy. - gitVersion = "unknown" - // SHA1 from git, output of $(git rev-parse HEAD). - gitCommit = "unknown" - // State of git tree, either "clean" or "dirty". - gitTreeState = "unknown" - // Build date in ISO8601 format. - buildDate = "unknown" -) - -// GetTagVersion returns the scorecard version -// fr the release GitHub tag, i.e. v.X.Y.Z. -func GetTagVersion() string { - return gitVersion -} - -// GetSemanticVersion returns the semantic version, -// i.e., X.Y.Z. -func GetSemanticVersion() string { - tv := GetTagVersion() - if strings.HasPrefix(tv, "v") { - return tv[1:] - } - return tv -} - -// GetCommit returns the GitHub's commit hash that scorecard was built from. -func GetCommit() string { - return gitCommit -} - -// GetTreeState returns the git tree state. -func GetTreeState() string { - return gitTreeState -} - -// GetBuildDate returns the date scorecard was build. -func GetBuildDate() string { - return buildDate -} - -// GetGoVersion returns the Go version used to build scorecard. -func GetGoVersion() string { - return runtime.Version() -} - -// GetOS returns the OS the build can run on. -func GetOS() string { - return runtime.GOOS -} - -// GetArch returns the architecture (e.g., x86) the build can run on. -func GetArch() string { - return runtime.GOARCH -} - -// GetCompiler returns the compiler that was used to build scorecard. -func GetCompiler() string { - return runtime.Compiler -} diff --git a/scripts/version-ldflags b/scripts/version-ldflags index 2e88d24b..6065e10a 100755 --- a/scripts/version-ldflags +++ b/scripts/version-ldflags @@ -23,5 +23,5 @@ GIT_HASH=$(git rev-parse HEAD) # https://mirrors.edge.kernel.org/pub/software/scm/git/docs/git-log.html SOURCE_DATE_EPOCH=$(git log --date=iso8601-strict -1 --pretty=%ct) GIT_TREESTATE=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi) -PKG=$(go list -m | head -n1)/pkg -echo "-X $PKG.gitVersion=$GIT_VERSION -X $PKG.gitCommit=$GIT_HASH -X $PKG.gitTreeState=$GIT_TREESTATE -X $PKG.buildDate=$SOURCE_DATE_EPOCH -w -extldflags \"-static\"" \ No newline at end of file +PKG=sigs.k8s.io/release-utils/version +echo "-X $PKG.gitVersion=$GIT_VERSION -X $PKG.gitCommit=$GIT_HASH -X $PKG.gitTreeState=$GIT_TREESTATE -X $PKG.buildDate=$SOURCE_DATE_EPOCH -w -extldflags \"-static\""