Add a Dockerfile and k8s cron job to upload files to GCS each night. (#59)

2024-09-17 11:57:12 +03:00 · 2020-11-12 12:26:38 -06:00 · 2020-11-12 12:26:38 -06:00 · ef19bdf032
commit ef19bdf032
parent 6fc2ee6fd2
5 changed files with 110 additions and 2 deletions
--- a/22
+++ b/22
@ -0,0 +1,22 @@
+# Copyright 2020 Security Scorecard Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM golang
+COPY . /go/src/github.com/ossf/scorecard
+WORKDIR /go/src/github.com/ossf/scorecard
+RUN [ "go", "build", "."]
+
+FROM gcr.io/cloud-builders/gsutil
+WORKDIR /go/src/github.com/ossf/scorecard
+COPY --from=0 /go/src/github.com/ossf/scorecard /go/src/github.com/ossf/scorecard
+ENTRYPOINT [ "./cron/cron.sh" ]
--- a/README.md
+++ b/README.md
@ -11,6 +11,22 @@ A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You

 1. Use this data to proactively improve the security posture of the critical projects the world depends on.

+## Public Data
+
+If you're only interested in seeing the results over time, we run this program nightly and publish the results in
+`csv` format.
+
+This data is available on Google Cloud Storage and can be downloaded via the `gsutil` command-line tool.
+
+```shell
+$ gsutil ls gs://ossf-scorecards/
+gs://ossf-scorecards/11-11-2020.csv
+...
+```
+
+The list of projects that are checked each night is available in the `cron/projects.txt` file in this repository.
+If you would like us to track more, please feel free to send a Pull Request with others.
+
 ## Usage

 The program only requires one argument to run, the name of the repo:
--- a/cron/cron.sh
+++ b/cron/cron.sh
@ -1,4 +1,17 @@
 #!/bin/bash
+# Copyright 2020 Security Scorecard Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

 SOURCE="${BASH_SOURCE[0]}"
 input=$(dirname $SOURCE)/projects.txt
@ -7,5 +20,7 @@ touch $output
 while read -r line
 do
    echo $line
-    go run . --repo=$line --format=csv 2>/dev/null >> $output
+    ./scorecard --repo=$line --format=csv >> $output
 done < "$input"
+
+gsutil cp $output gs://$GCS_BUCKET
--- a/cron/projects.txt
+++ b/cron/projects.txt
@ -1,2 +1,29 @@
-github.com/ossf/scorecard
+github.com/torvalds/linux
+github.com/raspberrypi/linux
+github.com/rust-lang/rust
 github.com/kubernetes/kubernetes
+github.com/nodejs/node
+github.com/tensorflow/tensorflow
+github.com/git/git
+github.com/ansible/ansible
+github.com/gatsbyjs/gatsby
+github.com/php/php-src
+github.com/ceph/ceph
+github.com/pytorch/pytorch
+github.com/elastic/elasticsearch
+github.com/facebook/react
+github.com/openssl/openssl
+github.com/saltstack/salt
+github.com/golang/go
+github.com/mrdoob/three.js
+github.com/bitcoin/bitcoin
+github.com/home-assistant/core
+github.com/pandas-dev/pandas
+github.com/helm/charts
+github.com/electron/electron
+github.com/twbs/bootstrap
+github.com/servo/servo
+github.com/scikit-learn/scikit-learn
+github.com/numpy/numpy
+github.com/babel/babel
+github.com/cockroachdb/cockroach
--- a/k8s/cron.yaml
+++ b/k8s/cron.yaml
@ -0,0 +1,28 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: daily-score
+spec:
+  schedule: "0 8 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: run-score
+            image: gcr.io/openssf/cron:latest
+            imagePullPolicy: Always
+            args:
+            - /bin/sh
+            - -c
+            - /cron/cron.sh
+            env:
+            - name: GITHUB_AUTH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: github
+                  key: token
+            - name: GCS_BUCKET
+              value: ossf-scorecards
+
+          restartPolicy: OnFailure