mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-11 17:07:53 +03:00
Use the GraphQL API to retrieve the list of tags in signed-tags. (#45)
This commit is contained in:
parent
68bc599017
commit
fd188f5263
@ -20,11 +20,13 @@ import (
|
||||
"net/http"
|
||||
|
||||
"github.com/google/go-github/v32/github"
|
||||
"github.com/shurcooL/githubv4"
|
||||
)
|
||||
|
||||
type Checker struct {
|
||||
Ctx context.Context
|
||||
Client *github.Client
|
||||
GraphClient *githubv4.Client
|
||||
HttpClient *http.Client
|
||||
Owner, Repo string
|
||||
Logf func(s string, f ...interface{})
|
||||
|
@ -15,8 +15,8 @@
|
||||
package checks
|
||||
|
||||
import (
|
||||
"github.com/google/go-github/v32/github"
|
||||
"github.com/ossf/scorecard/checker"
|
||||
"github.com/shurcooL/githubv4"
|
||||
)
|
||||
|
||||
var tagLookBack int = 5
|
||||
@ -26,21 +26,41 @@ func init() {
|
||||
}
|
||||
|
||||
func SignedTags(c checker.Checker) checker.CheckResult {
|
||||
tags, _, err := c.Client.Repositories.ListTags(c.Ctx, c.Owner, c.Repo, &github.ListOptions{})
|
||||
if err != nil {
|
||||
|
||||
type ref struct {
|
||||
Name githubv4.String
|
||||
Target struct {
|
||||
Oid githubv4.String
|
||||
}
|
||||
}
|
||||
var query struct {
|
||||
Repository struct {
|
||||
Refs struct {
|
||||
Nodes []ref
|
||||
} `graphql:"refs(refPrefix: \"refs/tags/\", last: 20)"`
|
||||
} `graphql:"repository(owner: $owner, name: $name)"`
|
||||
}
|
||||
|
||||
variables := map[string]interface{}{
|
||||
"owner": githubv4.String(c.Owner),
|
||||
"name": githubv4.String(c.Repo),
|
||||
}
|
||||
|
||||
if err := c.GraphClient.Query(c.Ctx, &query, variables); err != nil {
|
||||
return checker.RetryResult(err)
|
||||
}
|
||||
|
||||
totalReleases := 0
|
||||
totalSigned := 0
|
||||
for _, t := range tags {
|
||||
for _, t := range query.Repository.Refs.Nodes {
|
||||
sha := string(t.Target.Oid)
|
||||
totalReleases++
|
||||
gt, _, err := c.Client.Git.GetCommit(c.Ctx, c.Owner, c.Repo, t.GetCommit().GetSHA())
|
||||
gt, _, err := c.Client.Git.GetTag(c.Ctx, c.Owner, c.Repo, sha)
|
||||
if err != nil {
|
||||
return checker.RetryResult(err)
|
||||
}
|
||||
if gt.GetVerification().GetVerified() {
|
||||
c.Logf("signed tag found: %s, commit: %s", *t.Name, t.GetCommit().GetSHA())
|
||||
c.Logf("signed tag found: %s, commit: %s", t.Name, sha)
|
||||
totalSigned++
|
||||
}
|
||||
if totalReleases > tagLookBack {
|
||||
|
3
go.mod
3
go.mod
@ -6,8 +6,11 @@ require (
|
||||
github.com/google/go-github v17.0.0+incompatible
|
||||
github.com/google/go-github/v32 v32.1.0
|
||||
github.com/prometheus/common v0.14.0
|
||||
github.com/shurcooL/githubv4 v0.0.0-20200928013246-d292edc3691b
|
||||
github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect
|
||||
github.com/spf13/cobra v1.1.0
|
||||
github.com/spf13/viper v1.7.0
|
||||
go.uber.org/zap v1.16.0
|
||||
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 // indirect
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
|
||||
)
|
||||
|
8
go.sum
8
go.sum
@ -285,6 +285,10 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
|
||||
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||
github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
|
||||
github.com/shurcooL/githubv4 v0.0.0-20200928013246-d292edc3691b h1:0/ecDXh/HTHRtSDSFnD2/Ta1yQ5J76ZspVY4u0/jGFk=
|
||||
github.com/shurcooL/githubv4 v0.0.0-20200928013246-d292edc3691b/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo=
|
||||
github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a h1:KikTa6HtAK8cS1qjvUvvq4QO21QnwC+EfvB+OAuZ/ZU=
|
||||
github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a/go.mod h1:AuYgA5Kyo4c7HfUmvRGs/6rGlMMV/6B1bVnB9JxJEEg=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
|
||||
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
|
||||
@ -397,6 +401,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
|
||||
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
|
||||
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
|
||||
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 h1:42cLlJJdEh+ySyeUUbEQ5bsTiq8voBeTuweGVkY6Puw=
|
||||
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421 h1:Wo7BWFiOk0QRFMLYMqJGFMd9CgUAcGx7V+qEg/h5IBI=
|
||||
@ -433,10 +439,12 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||
golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo=
|
||||
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
|
@ -26,6 +26,7 @@ import (
|
||||
"github.com/google/go-github/v32/github"
|
||||
"github.com/ossf/scorecard/checker"
|
||||
"github.com/ossf/scorecard/roundtripper"
|
||||
"github.com/shurcooL/githubv4"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@ -71,13 +72,15 @@ func RunScorecards(ctx context.Context, logger *zap.SugaredLogger, repo RepoURL,
|
||||
Transport: rt,
|
||||
}
|
||||
ghClient := github.NewClient(client)
|
||||
graphClient := githubv4.NewClient(client)
|
||||
|
||||
c := checker.Checker{
|
||||
Ctx: ctx,
|
||||
Client: ghClient,
|
||||
HttpClient: client,
|
||||
Owner: repo.Owner,
|
||||
Repo: repo.Repo,
|
||||
Ctx: ctx,
|
||||
Client: ghClient,
|
||||
HttpClient: client,
|
||||
Owner: repo.Owner,
|
||||
Repo: repo.Repo,
|
||||
GraphClient: graphClient,
|
||||
}
|
||||
|
||||
resultsCh := make(chan Result)
|
||||
|
Loading…
Reference in New Issue
Block a user