* Bump go directive to 1.22.0
At least one of our dependencies now requires 1.22. Additionally, with
the Go 1.23 release, Go 1.21 is no longer supported. Due to the loopvar
changes, I'm submitting this as a standalone change.
https://go.dev/doc/go1.22
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unneeded nolint directive
This wasn't included in b31449017e,
because we didn't redeclare the loopvar with `tt := tt`, which is now
done by default in Go 1.22.0.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump minimum Go version in setup doc
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* undo pat scope doc change
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add Go resources
some contributors may be unfamiliar with the language
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* feature dco requirement more prominently
Signed-off-by: Spencer Schrock <sschrock@google.com>
* recommend merge commits to sync PR
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix make target table
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove references to old Go environment variables
GO111MODULE is no longer used as of Go 1.17.
GOPATH is still used for other purposes, but not in 'development mode'.
https://go.dev/wiki/GOPATH
Signed-off-by: Spencer Schrock <sschrock@google.com>
* misc minor clarifications
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove reference to errors from CONTRIBUTORS.md
I don't think this is one of the top things we should be displaying to someone
Signed-off-by: Spencer Schrock <sschrock@google.com>
* mention make in environment
Signed-off-by: Spencer Schrock <sschrock@google.com>
* no scopes needed for PATs
Signed-off-by: Spencer Schrock <sschrock@google.com>
* highlight other scorecard options
Signed-off-by: Spencer Schrock <sschrock@google.com>
* allow shell codeblocks to be pasted into a shell
the comment style was wrong and the $ was interpretted as a command.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 📖 Add documentation about probes and contributing
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'subdirectory' to 'directory'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix 'golangci' typo
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Added 'make fix-linter' to Makefile
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Move commands to their own table
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'problem' to 'supply-chain security risk'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add sentence about what a finding is
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove sentence about running make rule locally
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'supply-chain security risk' to 'heuristic'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Modify text on where to set remediation data
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add example
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add line about discussing changes to the score in a GitHub issue
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* upgrade go.mod to 1.21
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use slices from stdlib
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use max/min builtins
Signed-off-by: Spencer Schrock <sschrock@google.com>
* multierrors
possibly spin this off into its own PR
Signed-off-by: Spencer Schrock <sschrock@google.com>
* dont call rand.Seed
As of Go 1.20, the generator is seeded randomly at startup.
https://pkg.go.dev/math/rand#Seed
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update minimum Go version in documentation
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Bump dockerfiles to 1.21
* Go minimum version should match our go.mod
* Bump GitHub action go version to 1.21 and ensure all workflows use env variable.
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Change docs on how to run and debug locally
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* Remove docs section on debug Go lang
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* updated makefile to include unit-test and unit-test-attestor and contributing doc to include e2e-pat
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
* updated docs
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
Co-authored-by: Dave Banerjee <Dave.Banerjee@ibm.com>
Fix link to projects.csv in README.md
Remove out of date info on daily cron job from CONTRIBUTING.md and fix
various links.
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
The `CONTRIBUTING.md` documentation was obsolete when discussing
documentation updates. It gave the wrong location for `checks.yaml`,
wrong command to update `checks.md`, and failed to note that some
documentation wasn't in `checks.yaml`.
This commit updates the docs-about-docs so it's hopefully
correct again :-).
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
* Fix lint issues: whitespace linter
* Fix lint issues: wrapcheck linter
* Fix lint issues: errcheck linter
* Fix lint issues: paralleltest linter
* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.
Update the contributing doc with scopes of the personal access token.
Updated the workflow to include the e2e tests.
* Updated the contributing guidelines with Environment Setup,
Contributing steps, How to build scorecard locally, What to do before
submitting a pull request and Where the CI Tests are configured.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>