mirror of
https://github.com/ossf/scorecard.git
synced 2024-08-15 19:30:40 +03:00
🌱 Enforce make add-projects
for GitHub and GitLab repos (#3780)
* fail if add-projects not run Signed-off-by: Spencer Schrock <sschrock@google.com> * add gitlab file to add-projects Signed-off-by: Spencer Schrock <sschrock@google.com> * order gitlab projects with make add-projects Signed-off-by: Spencer Schrock <sschrock@google.com> * simplify workflow job this binary doesn't need the build protos Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
This commit is contained in:
parent
0dcad3a960
commit
ee4e83a318
23
.github/workflows/main.yml
vendored
23
.github/workflows/main.yml
vendored
@ -298,7 +298,6 @@ jobs:
|
||||
add-projects:
|
||||
name: add-projects
|
||||
runs-on: ubuntu-latest
|
||||
needs: build-proto
|
||||
permissions:
|
||||
contents: read
|
||||
steps:
|
||||
@ -306,29 +305,10 @@ jobs:
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- name: Install Protoc
|
||||
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
|
||||
with:
|
||||
version: ${{ env.PROTOC_VERSION }}
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Cache builds
|
||||
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
|
||||
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
|
||||
with:
|
||||
path: |
|
||||
~/go/pkg/mod
|
||||
~/.cache/go-build
|
||||
~/Library/Caches/go-build
|
||||
%LocalAppData%\go-build
|
||||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-go-
|
||||
- name: Clone the code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v2.2.0
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
check-latest: true
|
||||
@ -342,6 +322,7 @@ jobs:
|
||||
command: |
|
||||
go env -w GOFLAGS=-mod=mod
|
||||
make add-projects
|
||||
git diff --exit-code
|
||||
validate-projects:
|
||||
name: validate-projects
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -154,10 +154,14 @@ The personal access token need the following scopes:
|
||||
|
||||
## How do I add additional GitHub repositories to be scanned by scorecard weekly?
|
||||
|
||||
Scorecard maintains the list of repositories in a file
|
||||
Scorecard maintains the list of GitHub repositories in a file
|
||||
https://github.com/ossf/scorecard/blob/main/cron/internal/data/projects.csv
|
||||
|
||||
Submit a PR for this file and scorecard would start scanning in subsequent runs.
|
||||
GitLab repositories are listed in:
|
||||
https://github.com/ossf/scorecard/blob/main/cron/internal/data/gitlab-projects.csv
|
||||
|
||||
Append your desired repositories to the end of these files, then run `make add-projects`.
|
||||
Commit the changes, and submit a PR and scorecard would start scanning in subsequent runs.
|
||||
|
||||
## Adding New Checks
|
||||
|
||||
|
7
Makefile
7
Makefile
@ -94,11 +94,14 @@ check-linter: | $(GOLANGCI_LINT)
|
||||
# Run golangci-lint linter
|
||||
$(GOLANGCI_LINT) run -c .golangci.yml
|
||||
|
||||
add-projects: ## Adds new projects to ./cron/internal/data/projects.csv
|
||||
add-projects: ## Adds new projects to ./cron/internal/data/projects.csv and ./cron/internal/data/gitlab-projects.csv
|
||||
add-projects: ./cron/internal/data/projects.csv | build-add-script
|
||||
# Add new projects to ./cron/internal/data/projects.csv
|
||||
# GitHub
|
||||
./cron/internal/data/add/add ./cron/internal/data/projects.csv ./cron/internal/data/projects.new.csv
|
||||
mv ./cron/internal/data/projects.new.csv ./cron/internal/data/projects.csv
|
||||
# GitLab
|
||||
./cron/internal/data/add/add ./cron/internal/data/gitlab-projects.csv ./cron/internal/data/gitlab-projects.new.csv
|
||||
mv ./cron/internal/data/gitlab-projects.new.csv ./cron/internal/data/gitlab-projects.csv
|
||||
|
||||
validate-projects: ## Validates ./cron/internal/data/projects.csv
|
||||
validate-projects: ./cron/internal/data/projects.csv | build-validate-script
|
||||
|
39910
cron/internal/data/gitlab-projects.csv
Normal file → Executable file
39910
cron/internal/data/gitlab-projects.csv
Normal file → Executable file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user