dependabot[bot]
6cae56f02b
🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 ( #4158 )
...
* 🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5.1.0 to 6.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5742e2a039...286f3b13b1https://goreleaser.com/deprecations/#-skip
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update config for v2
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use goreleaser v2 tooling for makefile
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>
2024-06-25 22:30:41 +00:00
Spencer Schrock
0d57c0224a
📖 Generate probe markdown documentation ( #4184 )
...
* generate probe markdown documentation
Walks the various probes def.yaml files and puts them in a single
markdown document. This doesn't currently include the remediation, but
neither does the existing checks.md document either.
In order to avoid duplicating yaml definitions, this existing ones were
moved to an internal directory so they can be reused.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe doc generation to Makefile
Note: There is no validate-docs step for the probes code, as the
def.yml fields are validated elsewhere currently in the unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix license for new yaml package
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-20 21:05:06 +00:00
Raghav Kaul
256d5a3b50
🌱 Add script to set up probe boilerplate ( #3948 )
...
* Add script
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* script -> go
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* v4 -> v5
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-05-08 17:58:02 +00:00
Spencer Schrock
0b9dfb656f
⚠️ Replace v4 module references with v5 ( #4027 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-12 14:51:50 -07:00
Josh Soref
3b948257fc
📖 Fix spelling ( #3804 )
...
* spelling: accurate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: administrator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: analyze
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: andtwenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ascii
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: association
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: at least
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: attestor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: barbaric
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: bucket
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: by
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: can
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-insensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-sensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: checking
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: command-line
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: commit
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: committed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: conclusion
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: corresponding
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: created
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dataset
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: default
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: defines
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependency
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: depending
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: desired
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: different
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: disclose
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: download
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: each
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: enforce
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: every time
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: exist
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: existing
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: fields
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: files
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: for
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: force-push
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ignoreed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implements
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: increase
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: indicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: instructions
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: invalid
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: marshal
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: match
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: name
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: nonexistent
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: organization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: package
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: provenance
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: query
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: readers
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: receive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: registered
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: remediate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requests
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requires
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: return
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: scorecard
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: separator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: serialization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: sign up
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specifications
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: successfully
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: their
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: twenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unexpected
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unused
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unverified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: validate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vendor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulns
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: will
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflow
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflows
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---------
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-26 23:08:26 +00:00
AdamKorcz
1a1d9b175c
📖 Add documentation about probes and contributing ( #3762 )
...
* 📖 Add documentation about probes and contributing
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'subdirectory' to 'directory'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix 'golangci' typo
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Added 'make fix-linter' to Makefile
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Move commands to their own table
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'problem' to 'supply-chain security risk'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add sentence about what a finding is
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove sentence about running make rule locally
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'supply-chain security risk' to 'heuristic'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Modify text on where to set remediation data
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add example
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add line about discussing changes to the score in a GitHub issue
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
2024-01-23 11:32:59 -08:00
Spencer Schrock
ee4e83a318
🌱 Enforce make add-projects for GitHub and GitLab repos ( #3780 )
...
* fail if add-projects not run
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add gitlab file to add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* order gitlab projects with make add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* simplify workflow job
this binary doesn't need the build protos
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-01-19 14:11:19 -08:00
Raghav Kaul
622f10442c
🌱 GitLab: track coverage for gitlab e2e tests ( #3601 )
...
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-10-24 11:19:43 -07:00
Spencer Schrock
25c414d59b
🌱 remove unused osv helper tool. ( #3572 )
...
This is a followup cleanup of d4b44e52eb#2303 ).
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 23:35:28 +00:00
Raghav Kaul
55275a79e6
🌱 cron: Add 14k GitLab projects ( #3321 )
...
* Add 15k projects
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix projects csv
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-07-27 21:04:18 +00:00
Spencer Schrock
4ac9999462
🌱 Ensure check markdown is kept in sync with source yaml. ( #3300 )
...
* Ensure check markdown is kept in sync with check yaml.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* change generate-docs target to detect changes to docs/checks.md directly.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-24 14:10:13 -07:00
Spencer Schrock
7cc6482680
🌱 Delete unused project-update functionality. ( #3269 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-18 21:58:19 +00:00
Naveen
1ac091a456
🌱 Update the cover profile for e2e ( #3271 )
...
- Update the cover profile for e2e
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-07-17 14:31:17 +00:00
Raghav Kaul
c72cfd5d32
🌱 Gitlab: Move tests that connect to gitlab.com out of unit-tests ( #3221 )
...
* Move tests that connect to GitLab out of e2e
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* mark as pat test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-06-29 15:11:05 -04:00
Avishay Balter
8c9e552f68
✨ add --nuget package manager flag ( #3020 )
...
* add nuget package manager
Signed-off-by: Avishay <avishay.balter@gmail.com>
* fix pat test messages (#2987 )
* also fix pat tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984 )
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.51.1 to 1.51.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.9.0 to 0.9.1
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Update osv-scanner dependency to include Vulnerabilities check fixes (#2981 )
* Update osv-scanner dependency to include Vulnerabilities check fixes
Signed-off-by: Laurent Savaëte <laurent@where.tf>
* Run go mod tidy
Signed-off-by: Laurent Savaëte <laurent@where.tf>
---------
Signed-off-by: Laurent Savaëte <laurent@where.tf>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/docker/distribution in /tools (#2993 )
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Gitlab: e2e test fixes in main (#2992 )
* test secret chagnes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update score
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* address cr comments
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests log/log.go (#2980 )
- Add unit tests for the log package
- Add Apache License to log_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/cloudflare/circl in /tools (#2995 )
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.2.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Add releasing workflow for semantic-release (#2989 )
Signed-off-by: Matt Travi <programmer@travi.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994 )
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934 )
* 🌱 Additional e2e clients/githubrepo/checkruns.go
- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Based on code review comments
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Some tweaks
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 E2E for clients/githubrepo/contributors.go (#2939 )
* 🌱 E2E for clients/githubrepo/contributors.go
- Add an end-to-end test for `contributorsHandler`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed based on code review comments.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed codereview comment.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Clarify that AI/ML doesn't count as human code review (#2953 )
* Clarify that AI/ML doesn't count as human code review
Add this clarification per the Scorecards Zoom call meeting today
(2023-05-04).
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
* Tweaked per review
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
---------
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/controller
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/worker
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e`
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/webhook
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Clarify AI/ML not human code review - in .yml file (#3012 )
This clarifies that AI/ML doesn't count as human code review.
This was earlier done in #2953 but that didn't modify the relevant
.yml file - this does.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005 )
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for checks/raw/maintained.go (#2996 )
- Add tests and checks for the `Maintained` function
- Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump actions/setup-go from 4.0.0 to 4.0.1
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4d34df0c23...fac708d667🌱 Bump codecov/codecov-action from 3.1.3 to 3.1.4
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](894ff025c7...eaaf4bedf3🌱 Unit tests for Policy.go (#3003 )
- Included tests for policy.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump sigstore/cosign-installer from 3.0.3 to 3.0.4
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](204a51a57a...03d0fecf17🌱 Bump github.com/google/go-containerregistry (#3025 )
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Included e2e tests for push to main (#2951 )
- Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Included directories that don't require coverage (#3002 )
- Included directories that don't require coverage.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for checks/raw/contributors.go (#2998 )
- Add tests and fix casing for Contributors function in checks/raw/contributors_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ GitLab: Code Review check (#2764 )
* Add GitLab support for Code-Review check
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove spurious printf
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* e2e test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update: test coverage
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* gitlab: license check (#2834 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#3031 )
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/google/osv-scanner
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.3.3-0.20230509011216-baae1796eeea to 1.3.3.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/commits/v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#3029 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](03d0fecf17...dd6b2e2b61🌱 Bump arduino/setup-protoc from 1.1.2 to 1.2.0
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](64c0c85d18...4b3578161e✨ Add support for github GHES (#2999 )
* ✨ adding support for github GHES
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: lint and cleanup
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: flaky test
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: address missing host
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: lint error
Signed-off-by: Niket Patel <patelniket@gmail.com>
* 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934 )
* 🌱 Additional e2e clients/githubrepo/checkruns.go
- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Based on code review comments
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Some tweaks
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>
* 🌱 E2E for clients/githubrepo/contributors.go (#2939 )
* 🌱 E2E for clients/githubrepo/contributors.go
- Add an end-to-end test for `contributorsHandler`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed based on code review comments.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed codereview comment.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>
* chore: add GHES instructions
Signed-off-by: Niket Patel <patelniket@gmail.com>
* refact: use test setenv
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: corp unit test
Signed-off-by: Niket Patel <patelniket@gmail.com>
---------
Signed-off-by: Niket Patel <patelniket@gmail.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniketm@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Change Facilitators to Maintainers (#3039 )
Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS.
Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder.
Signed-off-by: Jeff Mendoza <jlm@jlm.name>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Gitlab: Commit/Commitor Exceptions (#3026 )
* feat: Added paging for contributor/users against gitlab projects
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Updated the bot flag for unmatched users
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Not all commit users are in the git registry instance
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Skipping check if the email is empty, as well as if the "email" doesn't contain a "." char.
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Updated to allow for commits with PRs to be accounted/added to the client.commits
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Updated to prevent linting issue regarding nested if's
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Adding coverage for commits and contributors for gitlab
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Moved queries from the client to their own functions
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Need to pass the ProjectID value to the contributor query
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updating project title versus projectID values for api querying
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Updated tests to match expected property set for projectID
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* revert: Reverted based on feedback during review
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
---------
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#3040 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Make all StepSecurity app endpoint references consistent (#3042 )
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Update checks.md to show the benefit of >=2 reviewers (#3013 )
* Update checks.yaml instead of cehcks.md
Signed-off-by: Joyce <joycebrum@google.com>
* feat: generate checks.md
Signed-off-by: Joyce Brum <joycebrum@google.com>
---------
Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Improve workflow pinning remediation tests (#3021 )
- Add 3 tests for workflow pinning remediation
[remediation/remediations_test.go]
- Add 3 tests for workflow pinning remediation
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 E2E tests for clients/githubrepo/languages_e2e_test.go (#3000 )
* 🌱 E2E tests for clients/githubrepo/languages_e2e_test.go
- Included e2e tests for clients/githubrepo/languages_e2e_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the token type check.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for pkg/json_raw_results (#3044 )
* 🌱 Unit tests for pkg/json_raw_results.go
- Unit tests for pkg/json_raw_results.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Additional tests
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ [experimental] Add probe code and support for Tool-Update-Dependency (#2944 )
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* add zoom link and agenda link (#3050 )
Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Run E2E PAT test for push to main (#3046 )
- Add E2E PAT tests for push to main.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Update main.yml (#3054 )
-Fixed the YAML indenting issue.
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* only run e2e pat on push (#3056 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#3057 )
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 👻 fix anchor link to the code review section (#3058 )
* fix anchor link to code-review in checks.yaml
Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
* generate checks.md
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
---------
Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Gitlab: Tests (#3027 )
* fix tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* use projectID instead of project where applicable
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* pass ref as listcommitoption
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update tests
* CI-Tests: check if score > 0. pull request client is limited and can't
go back to arbitrary pull requests. CI-Tests don't run on forks, so this
can't be pinned either. But, for active repositories, we typically
expect *some* tests to be run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix commitshandler commitSHA tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/goreleaser/nfpm/v2 in /tools (#3060 )
Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm ) from 2.28.0 to 2.29.0.
- [Release notes](https://github.com/goreleaser/nfpm/releases )
- [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml )
- [Commits](https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/nfpm/v2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Gitlab: Add projects to cron (#2936 )
* cron: add gitlab projects
* support gitlab client
* simplify gitlab detection
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix MakeGitlabRepo
* shortcut when repo url is github.com
* fixes add-projects, validate-projects
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Move gitlab repos to release controller
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add csv headers
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Use gitlab.WithBaseURL
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* formatting & logging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* remove spurious test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* consolidate logic
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Turn on experimental flag
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add projects
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update client
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Simplify caching in docker workflow (#3061 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.3 to 2.3.4 (#3064 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...f0e3dfb303🌱 Bump cloud.google.com/go/pubsub from 1.30.1 to 1.31.0 (#3065 )
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 gitlab: cron (#3070 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.4 to 2.3.5 (#3072 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0e3dfb303...0225834cc5🌱 Bump tj-actions/changed-files from 35.9.2 to 36.0.3 (#3071 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.2 to 36.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](b2d17f5124...25eaddf37a🐛 Gitlab status updates (#3052 )
* doc: Updating gitlab support validation status
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updated logic for gitlab to prevent exceptions based on releases
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Added initial tests for gitlab branches
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* doc: Updated general README
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Cleaned up the query for pipelines to be focused on the commitID
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* feat: Allowed for a non-graphql method of retrieving MRs associated to a commit
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* doc: Updated status for the CI-Tests
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository.
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
---------
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 in /tools (#3079 )
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor ) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/sigstore/rekor/releases )
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* get nuget latest version from registration URL
Signed-off-by: Avishay <avishay.balter@gmail.com>
* better coverage
Signed-off-by: Avishay <avishay.balter@gmail.com>
* sign
Signed-off-by: Avishay <avishay.balter@gmail.com>
* fix tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* more tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* client tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* lint
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Apply suggestions from code review
Co-authored-by: Joel Verhagen <joel.verhagen@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` (#3080 )
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` in /cron/internal/cii
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/controller
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/worker
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/webhook
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` in /cron/internal/bq
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump arduino/setup-protoc from 1.2.0 to 1.3.0 (#3089 )
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](4b3578161e...149f6c87b9🌱 Bump tj-actions/changed-files from 36.0.3 to 36.0.9 (#3088 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.3 to 36.0.9.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25eaddf37a...cf4fe8759a#3090 )
tensorflow/tensorflow is huge and was slowing down tests.
Also removed the rust e2e tests because they're already present as unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 in /tools (#3094 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#3093 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#3104 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f46c48ed6d...1360a344cc🌱 Bump tj-actions/changed-files from 36.0.9 to 36.0.12 (#3108 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.9 to 36.0.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](cf4fe8759a...5978e5a2df🌱 Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#3106 )
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.83.0 to 0.84.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.9.1 to 0.9.2
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.1...v0.9.2 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ GitLab: enable more checks in cron (#3097 )
* Enable checks
* Binary-Artifacts
* Code-Review
* License
* Vulnerabilities
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Enable more checks
* CII Best Practices
* Fuzzing
* Maintained
* Packaging
* Pinned-Dependencies
* Signed-Releases
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update repo name
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 agenda link change (#3111 )
Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.5 to 2.3.6 (#3112 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49🌱 Bump tj-actions/changed-files from 36.0.12 to 36.0.15 (#3116 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.12 to 36.0.15.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5978e5a2df...5d2fcdb4cb🌱 Bump golang.org/x/tools from 0.9.2 to 0.9.3
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.2 to 0.9.3.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.2...v0.9.3 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for option (#3109 )
- Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format
- Add tests for checks to run and format flags
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 GitLab: add gitlab auth token to cron worker env (#3117 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Don't run pat e2e on dependabot merges (#3119 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Detect fast-check PBT library for fuzz section (#3073 )
* ✨ Detect fast-check PBT library for fuzz section
As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596 , we add support for the detection of fast-check as a possible fuzzing solution.
I also adapted the documentation related to fuzzing accordingly.
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
* Typo
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
* Update missing md files
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
---------
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 temporarily disable failing e2e tests so we don't block all PRs. (#3130 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr comments
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#3121 )
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* i🌱 Ignore all pb files for test (#3127 )
- Update .codecov.yml to ignore additional files
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Deprecate dependencydiff package and add access token requirement (#3125 )
- Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function
- Add a line to the `.codecov.yml` to ignore the `dependencydiff` package
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ [experimental] Support for new `--format probe` (#3048 )
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump distroless/base (#3122 )
Bumps distroless/base from `10985f0` to `c623859`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Ignore deprecation warning for dependencydiff tests. (#3136 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.15 to 36.0.18
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.15 to 36.0.18.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5d2fcdb4cb...07e0177b72🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 in /tools (#3135 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.3.3 to 1.3.4.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.27.7 to 1.27.8
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.7 to 1.27.8.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#3139 )
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Increase test coverage for finding outcomes (#3142 )
* Increase test coverage for finding outcomes
- Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updates based on Codereview
- Update `Outcome` variable in `finding/finding_test.go`
- Add `t.Parallel()` for test parallelization
- Add comparison using `cmp.Diff` to test for mismatches
- Update test cases for various outcomes
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.18 to 36.1.0 (#3143 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.18 to 36.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](07e0177b72...fb20f4d248🌱 Re-enable skipped e2e tests. Switch to smaller code review repo. (#3144 )
* re-enable skipped ci test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* re-enable skipped attestor test. switch to ossf-tests repo
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove extra policies from tests that only look at code review.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unneeded policies from binary artifact tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* add license header
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr comments
Signed-off-by: Avishay <avishay.balter@gmail.com>
* making the packages internal
Signed-off-by: Avishay <avishay.balter@gmail.com>
* generate mocks
Signed-off-by: Avishay <avishay.balter@gmail.com>
---------
Signed-off-by: Avishay <avishay.balter@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
2023-06-15 16:13:41 -07:00
raghavkaul
46c6fe700c
✨ Gitlab: CI-Tests check ( #2833 )
...
* gitlab: support ci-tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update gitlab workflows
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
2023-04-24 17:58:27 +00:00
raghavkaul
e2715fd7f0
✨ GitLab: Security Policy check ( #2754 )
...
* Add tarballHandler for GitLab, enabling repo download
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Abstract OrgSecurityPolicy details to RepoClient instead of checker
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove Org() from RepoClient
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Rename
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Don't run as part of CI tests that depend on external sites
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-03-16 19:18:32 +00:00
raghavkaul
110e352273
✨ Gitlab support: RepoClient ( #2655 )
...
* Add make targets and E2E test target for GitLab only
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add GitLab support to RepoClient
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Build
* Make target for e2e-gitlab-token
* Only run Gitlab tests in CI that don't require a token
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove spurious printf
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* 🐛 Check OSS Fuzz build file for Fuzzing check (#2719 )
* Check OSS-Fuzz using project list
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use clients.RepoClient interface to perform the new OSS Fuzz check
Signed-off-by: Spencer Schrock <sschrock@google.com>
* wip: add eager client for better repeated lookup of projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Split lazy and eager behavior into different implementations.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests and benchmarks
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Switch to always parsing JSON to determine if a project is present. The other approach of looking for a substring match would lead to false positives.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add eager constructor to surface status file errors sooner.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Switch existing users to new OSS Fuzz client
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Mark old method as deprecated in the godoc
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unused comment.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use new OSS Fuzz client in e2e test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix typo.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Fix potential path bug with test server.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Force include the two JSON files which were being ignored by .gitignore
Signed-off-by: Spencer Schrock <sschrock@google.com>
* trim the status json file
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2023-03-13 11:13:50 -04:00
Naveen
0c090b3cf0
🌱 Updated the coverage for tests ( #2728 )
...
- Updated the `Makefile` to include the `-coverpkg=./...` flag when running tests.
[Makefile]
- Changed `SKIP_GINKGO=1 go test -race -covermode=atomic -coverprofile=unit-coverage.out` to `SKIP_GINKGO=1 go test -race -covermode=atomic -coverprofile=unit-coverage.out -coverpkg=./...` in the `Makefile`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-03-07 16:26:58 -06:00
raghavkaul
4c7066e3b6
🌱 attestor: module -> subpackage ( #2464 )
...
* Enable cilint checking on attestor and fix cilint errors
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Make attestor a subpackage of scorecard
* Move e2e test
* Use scorecard logger
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-11-30 10:22:00 -08:00
Latortuga
f9f910d437
✨ Commit depth feature ( #2407 )
...
* 🌱 Bump actions/dependency-review-action from 2.4.1 to 2.5.1
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...0efb1d1d84🌱 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2397 )
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump cloud.google.com/go/pubsub from 1.25.1 to 1.26.0
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.25.1 to 1.26.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.25.1...pubsub/v1.26.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.73.1 to 0.74.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.73.1...v0.74.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.20.2 to 1.23.0 (#2409 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.20.2 to 1.23.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.20.2...v1.23.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.0...v1.50.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump goreleaser/goreleaser-action from 2.9.1 to 3.2.0 (#2363 )
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...b508e2e3ef🌱 Bump github.com/goreleaser/goreleaser in /tools (#2373 )
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.11.5 to 1.12.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.11.5...v1.12.3 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* fix workflow (#2417 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Bump scorecard-action (#2416 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Fail unit-test job if codecov upload fails (#2415 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Enable comparison for alternative isText implementation (#2414 )
* use more performant IsText
Signed-off-by: Spencer Schrock <sschrock@google.com>
* AB test isText implementations
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add comparison env var to release test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* go mod tidy for attestor
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🐛 modify alternative isText to accept carriage returns (#2421 )
* modify IsText from golang.org/x/tools/godoc/util to accept carriage returns.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add TODO reminder to cleanup after release tests
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.23.0 to 1.24.0
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.23.0...v1.24.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.29 to 2.1.30
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8#2422 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ Improved Security Policy Check (#2195 )
* ✨ Improved Security Policy Check (#2137 )
* Examines and awards points for linked content (URLs / Emails)
* Examines and awards points for hints of disclosure and vulnerability practices
* Examines and awards points for hints of elaboration of timelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired Security Policy to correctly use linked content length for evaluation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* gofmt'ed changes
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added unit test cases for the new content-based Security Policy checks
Signed-off-by: Scott Hissam <shissam@gmail.com>
* reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ Improved Security Policy Check (#2137 ) (revisted based on comments)
* replaced reason strings with log.Info & log.Warn (as seen in --show-details)
* internal assertion check for nil (*pinfo) and empty pfile
* internal switched to FileTypeText over FileTypeSource
* internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file
* revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflict with checks.yaml
Signed-off-by: Scott Hissam <shissam@gmail.com>
* updated raw results to emit all the raw information for the new security policy check
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflicts and lint errors with json_raw_results.go
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files.
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment
Signed-off-by: Scott Hissam <shissam@gmail.com>
* restored reporting full security policy path and filename for policies found in the org level repos
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved conflicts in checks.yaml for documentation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
* removed whitespace before stanza for Run attestor e2e
Signed-off-by: Scott Hissam <shissam@gmail.com>
* resolved code review and doc review comments
Signed-off-by: Scott Hissam <shissam@gmail.com>
* repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.30 to 2.1.31 (#2431 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee#2433 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* modified tests,InitRepo Function, Added GetCommitDepth Function to Client Interface
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* removed getcommitdepth function
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added TODO
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 in /tools (#2436 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Code Review: treat merging a PR as code review (#2413 )
* Merges on Github count as a code review by the maintainer
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update Raw Results
* More detailed information for Changesets
* If there's no Revision ID, use the Commit SHA instead
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Check that pull request had atleast one reviewer that wasn't its author
* Add field for Pull Request Merged-By to Github and Gitlab
* Note, this check can be bypassed if an author opens a PR with other
people's commits
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Trivial: Fix typo (exepted -> expected) (#2440 )
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump step-security/harden-runner from 1.5.0 to 2.0.0 (#2443 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.5.0 to 2.0.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](2e205a28d0...ebacdc22ef🌱 cron: support reading prefix from file for controller input files (7/n) (#2445 )
* add prefix marker file to config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read the new config values, if they exist.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add function to fetch prefix file config value.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read prefix file if prefix not set.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests to verify how List works with various prefixes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests for getPrefix
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove panics from iterator helper functions
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Detect SECURITY.markdown in addition to SECURITY.md (#2447 )
GitHub probably supports many more file extensions for Markdown
files, but at the very least, `.md` and `.markdown` have been
standardized in RFC 7763.
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor (#2430 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: expose the stackdriver prefix as a config variable so it can be changed. (#2446 )
* Expose the stackdriver prefix as a config variable so it can be changed.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* fix linter warning
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Only write to the rawBucket if the value exists. (#2451 )
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0 (#2448 )
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.2.0...v0.3.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump attestor modules
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Move cron monitoring to a non-internal location. (#2453 )
This allows external workers (e.g. criticality_score) to use the same
monitoring code.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#2455 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...30d5821115🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents (#2454 )
* Generalize the transfer logic so it is easy to build new transfer agents
This change moves code that reads shards and produces summaries into the
data package so that it can be reused to create new transfer agents,
similar to the BigQuery transfer agent in cron/internal/bq.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* Lint fix and commentary.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/addlicense in /tools (#2459 )
Bumps [github.com/google/addlicense](https://github.com/google/addlicense ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/google/addlicense/releases )
- [Changelog](https://github.com/google/addlicense/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/google/addlicense/compare/v1.0.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/google/addlicense
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* go mod tidy
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Added <= instead of == incase negative int is passed
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* missed test fix
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Latortuga <42878263+latortuga71@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: scott hissam <shissam@users.noreply.github.com>
Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com>
Co-authored-by: favonia <favonia@gmail.com>
Co-authored-by: Caleb Brown <calebbrown@google.com>
2022-11-22 16:11:36 +00:00
raghavkaul
272cae527c
🌱 attestor: Dockerize + small improvements for Cloud Build usage ( #2456 )
...
* Dockerize
* Add cloudbuild.yaml
* Improve logging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add README.md
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* debian10 -> 11
* CLI
* Remove logging statements
* Dockerfile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-11-17 16:49:06 -08:00
raghavkaul
a8f98be924
✨ CLI for scorecard-attestor ( #2309 )
...
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-11-01 18:30:17 +00:00
Dave Banerjee
d7c23c9433
📖 Patch fix: updated makefile to include unit-test and unit-test-attestor and cont… ( #2366 )
...
* updated makefile to include unit-test and unit-test-attestor and contributing doc to include e2e-pat
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
* updated docs
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
Co-authored-by: Dave Banerjee <Dave.Banerjee@ibm.com>
2022-10-20 22:28:55 +00:00
Spencer Schrock
f979097a1f
🌱 cron: generalize and expose worker (6/n) ( #2317 )
...
* WIP
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Appease linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Update Makefile for worker
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Extract already completed request sanity check.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add worker test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove logger from worker interface
Signed-off-by: Spencer Schrock <sschrock@google.com>
* move cron data and worker out of cron/internal
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Move config out of internal.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Document worker interface.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Fix typo which prevented metadata from going to cron job.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Address feedback.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Revert "Fix typo which prevented metadata from going to cron job."
This reverts commit 876acb062e
2022-10-19 21:01:42 +00:00
Naveen
d4b44e52eb
🌱 Remove check-osv ( #2303 )
...
- Remove Check OSV as it is integrated into GitHub now.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-09-27 14:18:16 +00:00
Spencer Schrock
c3a7921f71
fix arg typo ( #2304 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-26 19:02:01 -05:00
Azeem Shaikh
7cd6406aef
Reduce build target radius ( #2293 )
...
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-24 19:58:50 +00:00
Azeem Shaikh
08c2ee5f42
Modify tool installation ( #2288 )
...
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-22 10:58:10 -05:00
raghavkaul
482a59ec9b
🌱 Tests: Fix data race failures ( #2262 )
...
* Fix data race failures in tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Keep coverprofiles for the attestor separate
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-09-19 11:26:13 -04:00
raghavkaul
9e269b8e3c
🌱 Feature: Add scorecard attestation policy module ( #2240 )
...
* Add ability to parse policy.yaml
Temporary commit
Temporary commit
Temporary commit
Temporary commit
Temporary commit
Temporary commit
* Remove hidden options
* Fix cilint problems
* Add tests
* Add tests
* Address PR comments
* Refactor to standalone module
* Don't depend on evaluation package
* Remove everything but the Binary-Artifact
* Fix test failures
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use glob for binary artifact ignores
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-09-12 16:33:52 -04:00
raghavkaul
90ed090448
🌱 Build/test fixes: Install protoc and protoc-gen-go ( #2038 )
...
* Install protoc in validate-projects step
The `validate-projects` Makefile target depends on compilation of all go
binaries, including the protobuf generated go binaries
* Makefile: Cron build relies on `make install` for tools deps
* Add an explicit dependency to the build-proto steps
* Remove sleep
2022-07-11 20:02:22 +00:00
Azeem Shaikh
d1714a289a
Move the cron job to internal package ( #1960 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 15:37:22 -07:00
naveensrinivasan
6ed6c9b70e
🌱 Publish images with ko
...
- Publish images with ko
https://github.com/ossf/scorecard/issues/744
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-18 10:40:05 -05:00
laurentsimon
2873c0d58d
e2e for GITHUB_TOKEN
2022-04-12 10:54:38 -05:00
dependabot[bot]
66b3d8ce5c
🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools ( #1757 )
...
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* golangci-lint: Surface and fix as many lint warnings automatically
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* generated: Run golangci-lint with `fix: true`
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
2022-03-23 02:23:39 +00:00
naveensrinivasan
7d1795384c
Fixed the path of the generated mock files.
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-11 09:55:24 -06:00
naveensrinivasan
1995bc3b9c
🌱 Refactor to make it testable
...
- Related to https://github.com/ossf/scorecard/issues/1568
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-11 09:55:24 -06:00
Batuhan Apaydın
53bae3ee1a
feat: upgrade to ko v0.10.0
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2022-02-19 05:24:27 -06:00
naveen
bba55d4257
🌱 Parallelize builds
...
- parallelize builds
2022-02-17 15:23:21 -06:00
naveen
db1d568499
🌱 Remove building ko to speed up builds
...
- Remove building ko as we aren't using `ko` yet.
- Every build of `ko` slows down the build time.
- When we enable `ko` which will replace `docker` then we can enable `ko` builds
2022-02-16 10:49:27 -06:00
Azeem Shaikh
cda7a1b1d4
Add tests for graphQL costs ( #1643 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 23:38:23 +00:00
Azeem Shaikh
de5224bbc5
Update e2e tests ( #1641 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 19:27:45 +00:00
naveen
35511342c8
🌱 Parallelize the builds
...
- Created a workflow with multiple jobs for each of the docker builds
- Created a workflow with multiple jobs for each of the ko builds
- Removed the reference to dockerbuild and kobuild in the build-targets
make target
- This should reduce the time required to finish the CI builds as it
makes it parallel.
2022-02-15 11:51:54 -06:00
naveen
05cedd7cf7
🌱 Categorize the Makefile
...
Categorize the makefile into sections for better readability.
Examples :- Development, Build and Tests
2022-02-02 11:17:23 -06:00
naveen
2dcdbcd32b
🌱 Track code coverage
...
Track code coverage
https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-19 16:29:31 -06:00
Azeem Shaikh
f2c57d2590
✨ Migrate to v4
2022-01-12 14:12:09 -06:00
naveen
de39061cc5
🌱 Refactor vulnerabilities client
2022-01-04 13:55:58 -06:00
Jason Hall
cef72f0f7d
🐛 Fix ko build workflows in Makefile ( #1392 )
...
* Use ko to build everything in cloudbuild.yaml
* --push=false and undo cloudbuild.yaml changes for now
2021-12-15 10:35:07 -06:00
Azeem Shaikh
aa558ff2f4
Add parallelism to improve build times ( #1342 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-02 12:20:27 -08:00
dependabot[bot]
Spencer Schrock
Raghav Kaul
Josh Soref
AdamKorcz
Naveen
Avishay Balter
Latortuga
Dave Banerjee
Azeem Shaikh
raghavkaul
laurentsimon
Batuhan Apaydın
Azeem Shaikh
Jason Hall