* change file access method to io.ReadCloser
callers don't always need the full file.
large files are slow and can cause crashes.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch tests to hardcoded readers
Previously they returned bytes or strings, which have corresponding NewReader types.
Since they don't need to be closed, io.NopCloser works well to give them a fake Close.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch tests which called os.ReadFile to os.Open
os.File fufills io.ReadCloser, so this is an easy change
Signed-off-by: Spencer Schrock <sschrock@google.com>
* break tarball tests into two steps: reader and read
The rest of the test was kept the same to minimize the change.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* ossfuzz doesn't implement GetFileReader
Signed-off-by: Spencer Schrock <sschrock@google.com>
* appease linter during refactor
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch git client to new method
add check which ensures git client fulfills the interface
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 🌱 Add branch protection evaluation
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* make helper for getting the branchName
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* move check for branch name
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* define size of slice
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add probe for protected branches.
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'basicNonAdminProtection' to 'deleteAndForcePushProtection'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix markdown in text field in def.yml
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove duplicate conditional
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove redundant 'protected' value from 'requiresCodeOwnersReview' probe
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove protected values from probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Bring back negative outcome in case of 0 codeowners files
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* log based on whether branches are protected
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove unnecessary test
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* debug failing tests
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Fix failing tests
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* rename test
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* update to with latest upstream changes
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linting issues
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove tests that represent impossible scenarios
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove protected finding value
This was discussed previously, but accidentally reverted
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Revert "debug failing tests"
This reverts commit 00acf66ea6.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use branchName key for branch name
Signed-off-by: Spencer Schrock <sschrock@google.com>
* include number of reviews in INFO
this was previously included by the old evaluation code
Signed-off-by: Spencer Schrock <sschrock@google.com>
* reduce info count by 1
requiring codeowners without a corresponding file used to give 1 INFO and 1 WARN
now it only gives 1 WARN
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
* 🌱 Convert pinned dependencies to probe
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add more tests
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add checks unit test
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix year in probe header and add mising test file
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Change usage of ValidateTestReturn
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* rename test
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'pinned' to 'unpinned' in test name
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* export 'depTypeKey'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Do not copy test Dockerfile
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* rename test
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Rebase and bring back 'Test_generateOwnerToDisplay'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Use API to create finding
Signed-off-by: AdamKorcz <adam@adalogics.com>
* one more change to how the probe creates a finding
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
* check code review log messages, not just score
By using ValidateTestReturn, we can get more actionable failure messages
Signed-off-by: Spencer Schrock <sschrock@google.com>
* simplify error checking
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* check logger counts for SAST tests
previously, we only checked the result score.
test failures with this method dont produce as actionable feedback.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify test names and score constants used
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add generic sastToolConfigured probe
switch over the evaluation code to using the single probe with tool value.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove old probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add tests
Signed-off-by: Spencer Schrock <sschrock@google.com>
* experiment with one readme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* appease linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove colon from yaml which led to parse errors
Signed-off-by: Spencer Schrock <sschrock@google.com>
* polish documentation details
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* check logger counts for SAST tests
previously, we only checked the result score.
test failures with this method dont produce as actionable feedback.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify test names and score constants used
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 🌱 Add probe metadata about supported ecosystems
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add metadata for the rest of the probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix wrong formatting
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove oss-fuzz, osv, cii_blob, cii_http clients
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add github and gitlab clients for 2 probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* update workflows to use go 1.22
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update tools go.mod to 1.22.
no one imports this, so we can bump it now and
avoid issues in the future where we need to upgrade.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump docker files
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 🌱 Bump arduino/setup-protoc from 1.3.0 to 3.0.0
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases)
- [Commits](149f6c87b9...c65c819552)
---
updated-dependencies:
- dependency-name: arduino/setup-protoc
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* use vMINOR.PATCH for protoc version
As of arduino/setup-protoc v2, this is the only supported format.
Version 21.6 was used as the majority of the *pb.go files have a header
which says "// protoc v3.21.6".
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
* rename probe format file
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add option parameter to probe result output function
the ability to pretty print will help write a test function
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add test func
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add docstring
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify test. add another finding
Signed-off-by: Spencer Schrock <sschrock@google.com>
* force add the test file
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/osv-scanner/compare/v1.6.1...v1.6.2)
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* specify go patch version
go mod tidy requires this. I was able to delete the toolchain directive,
and it wasn't added back.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump dockerfiles to 1.21.6 so the build works
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump go version used in codeql workflow
github runners currently use Go 1.20 by default,
which doesn't understand 1.21.x format.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
* Add GL_HOST env flag
Self-hosted instances which dont use a subdomain result in broken API links.
This change may not be finished, but is intended to evaluate the solution.
Previously, self hosted instances where the instance is part of the path (foo.com/gitlab/owner/repo)
would have their API base URL registered as foo.com/api/v4/ instead of foo.com/gitlab/api/v4/
Signed-off-by: Spencer Schrock <sschrock@google.com>
* include token in gitlab project probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* consider GL_HOST when parsing gitlab repo urls
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unneeded GL_HOST parsing
now that repoURL_parse handles GL_HOST, we dont need it elsewhere.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* cleanup
Signed-off-by: Spencer Schrock <sschrock@google.com>
* mention GL_HOST in readme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* handle GL_HOST without scheme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* move api-less check earlier
if we can avoid an API call, do it.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try listing projects with and without auth token
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* revert passing token to list projects
the simpler the better
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* test failures should print the details they receive
this makes debugging failing tests easier.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use GinkgoTB so the test helpers work instead of panicing
Signed-off-by: Spencer Schrock <sschrock@google.com>
* ValidateTestReturn will fail the test directly, no need for the bool return
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify diff details
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 🌱 Bump github.com/goreleaser/goreleaser in /tools (#3238)
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.18.2 to 1.19.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.18.2...v1.19.1)
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* begin implementing probe: minTwoCodeReviewers
Signed-off-by: André Backman <andre.backman@nokia.com>
* print raw results
Signed-off-by: André Backman <andre.backman@nokia.com>
* print raw results
Signed-off-by: André Backman <andre.backman@nokia.com>
* print raw results
Signed-off-by: André Backman <andre.backman@nokia.com>
* rename probe directory: minimumCodeReviewers
Signed-off-by: André Backman <andre.backman@nokia.com>
* rename probe CodeReviewers
Signed-off-by: André Backman <andre.backman@nokia.com>
* rename import for CodeReviewers probe
Signed-off-by: André Backman <andre.backman@nokia.com>
* update code reviewers definition
Signed-off-by: André Backman <andre.backman@nokia.com>
* update code reviewers implementation; fixed embed FS usage
Signed-off-by: André Backman <andre.backman@nokia.com>
* printing all findings, work out where to concatenate them
Signed-off-by: André Backman <andre.backman@nokia.com>
* concatenated findings to one single finding, outcome is based on the least found unique reviewers
Signed-off-by: André Backman <andre.backman@nokia.com>
* refactored uniqueCodeReviewers probe, needs more error checks
Signed-off-by: André Backman <andre.backman@nokia.com>
* add error handling for cases of non-existant author and/or reviewer logins
Signed-off-by: André Backman <andre.backman@nokia.com>
* add error handling for cases of non-existant author and/or reviewer logins
Signed-off-by: André Backman <andre.backman@nokia.com>
* rename probe
Signed-off-by: André Backman <andre.backman@nokia.com>
* update codeReviewTwoReviewers definition
Signed-off-by: André Backman <andre.backman@nokia.com>
* rename unique code reviewers probe
Signed-off-by: André Backman <andre.backman@nokia.com>
* implement codeApproved probe, validation of reviews needs fixing
Signed-off-by: André Backman <andre.backman@nokia.com>
* update codeApproved probe, validation of reviews needs fixing
Signed-off-by: André Backman <andre.backman@nokia.com>
* working version of codeApproved probe
Signed-off-by: André Backman <andre.backman@nokia.com>
* codeReviewed probe implemented
Signed-off-by: André Backman <andre.backman@nokia.com>
* clean up comments, add imports, run all probes
Signed-off-by: André Backman <andre.backman@nokia.com>
* update license comments
Signed-off-by: André Backman <andre.backman@nokia.com>
* Update def.yml license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update def.yml license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update def.yml license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update impl.go license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update impl.go license to Apache 2
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update impl.go license to Apache 2
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update code_review.go license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update entries.go; CodeReviewChecks now called CodeReview
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update impl.go, refactor codeReviewTwoReviewers; moved utility functions into impl.go
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Delete code_review.go utilities
moved utility functions to the impl.go they are used in
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* rename probe
Signed-off-by: André Backman <andre.backman@nokia.com>
* update codeReviewTwoReviewers definition
Signed-off-by: André Backman <andre.backman@nokia.com>
* implement codeApproved probe, validation of reviews needs fixing
Signed-off-by: André Backman <andre.backman@nokia.com>
* update codeApproved probe, validation of reviews needs fixing
Signed-off-by: André Backman <andre.backman@nokia.com>
* working version of codeApproved probe
Signed-off-by: André Backman <andre.backman@nokia.com>
* codeReviewed probe implemented
Signed-off-by: André Backman <andre.backman@nokia.com>
* clean up comments, add imports, run all probes
Signed-off-by: André Backman <andre.backman@nokia.com>
* update license comments
Signed-off-by: André Backman <andre.backman@nokia.com>
* update license comments
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Included unit tests (#3242)
- Included unit tests
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump golang.org/x/text from 0.10.0 to 0.11.0 (#3243)
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.10.0...v0.11.0)
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 (#3244)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0)
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 📖 Update Branch-Protection admin and non-admin requirements (#2772)
* docs: Branch protection admin-only requirements
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Branch protection requirements by tier
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: How get a perfect score in branch protection
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Fix local images ref in doc
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Fix typo
Co-authored-by: Pedro Nacht <pedro.k.night@gmail.com>
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Fix check specific table of contents
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Code owners setting is non admin
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Fix branch protection applied not only to main branch
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Add alt text for images
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: You can get a perfect score with non admin access
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: update max tier scores
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: update tier 1 max points explanation
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Move changes to internal checks doc
Move changes done in docs/checks.md to docs/checks/internal/checks.yaml.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Revert changes on checks doc
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Fix admin settings evaluated on branch protection
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Change branch protection model status checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Change tiers score to expected score
The expected score for the code to output is 3/10 for Tier 1 case and 7/10 for Tier 3 case. The scoring issue will be reported as bug.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Fix Tier 3 score
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Co-authored-by: Pedro Nacht <pedro.k.night@gmail.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Linter workflow cleanup (#3247)
* Fix linter timeout by renaming deprecated deadline.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Disable depguard linter.
As of golangci-lint v3.5.0, the depguard linter is complaining. We don't use a .depguard.yml file, so just disabling the linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Move linter into own workflow.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Fix bash command substitution.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add harden runner.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch names to existing linter job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Update golangci-lint to v1.53.3
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump tj-actions/changed-files from 37.0.5 to 37.1.0 (#3253)
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.0.5 to 37.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](54849deb96...87e23c4c79)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump github.com/goreleaser/goreleaser in /tools (#3252)
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.19.1 to 1.19.2.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.19.1...v1.19.2)
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump golang.org/x/tools from 0.10.0 to 0.11.0
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.10.0...v0.11.0)
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Improve rate limit handling in roundtripper (#3237)
- Add rate limit testing and handling functionality
- Add tests for successful response and Retry-After header set scenarios
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump tj-actions/changed-files from 37.1.0 to 37.1.1 (#3259)
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.1.0 to 37.1.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](87e23c4c79...1f20fb83f0)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#3260)
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.5.0...v2.6.0)
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱Add urls for opentelemetry, micrometer and new relic to weekly cron (#3248)
* add urls for opentelemetry and micrometer
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
* add jakarta-activation url
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
* adding json-path
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
* fix uing make
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
---------
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🐛 Add npm installs to Pinned-Dependencies score (#2960)
* feat: Add npm install to pinned dependencies score
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix pinned dependencies evaluation tests
Considering the new npm installs dependencies in Pinned-Dependencies score, there are some changes. Now, all tests generate one more Info log for "npm installs are all pinned". Also, for "various wanrings" test, the total score has to weight now 6 scores instead of 5. The new score counts 10 for actionScore, 0 for dockerFromScore, 0 for dockerDownloadScore, 0 for scriptScore, 0 for pipScore and 10 for npm score, which gives us 20/6~=3.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix pinned dependencies e2e tests
Considering the new npm installs dependencies in Pinned-Dependencies score, there are some changes. The repo being tested, ossf-tests/scorecard-check-pinned-dependencies-e2e, has third-party GitHub actions pinned, no npm installs, and all other dependencies types are unpinned. This gives us 8 for actionScore, 10 for npmScore and 0 for all other scores. Previously the total score was 8/5~=1, and now the total score is 18/6=3. Also, since there are no npm installs, there's one more Info log for "npm installs are pinned".
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix typo
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Unpinned npm install score
When having one unpinned npm install and all other dependencies pinned, the score should be 50/6~=8. Also, it should raise 1 warning for the unpinned npm install, 6 infos saying the other dependency types are pinned (2 for GHAs, 2 for dockerfile image and downdloads, 1 for script downdloads and 1 for pip installs), and 0 debug logs since the npm install dependency does not have an error message.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Undefined npm install score
When an error happens to parse a npm install dependency, the error/debug message is saved in "Msg" field. In this case, we were not able to define if the npm install is pinned or not. This dependency is classified as pinned undefined. We treat such cases as pinned cases, so it logs as Info that npm installs are all pinned and counts the score as 10. Then, the final score makes it to 10 as well. Since it logs the error/debug message, the Debug log goes to 1.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix typo
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix "validate various warnings and info" test
Considering the new npm installs dependencies in Pinned-Dependencies score, there are some changes. Now, all tests generate one more Info log for "npm installs are all pinned". Also, this test total score has to weight now 6 scores instead of 5. The new score counts 10 for actionScore, 0 for dockerFromScore, 0 for dockerDownloadScore, 0 for scriptScore, 0 for pipScore and 10 for npm score, which gives us 20/6~=3.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: npm dependencies pinned log
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Remove test of error when parsing an npm dependency
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump github.com/moby/buildkit from 0.11.6 to 0.12.0 (#3264)
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.6 to 0.12.0.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](https://github.com/moby/buildkit/compare/v0.11.6...v0.12.0)
---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* Ack linter warning and add tracking issue. (#3263)
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🐛 Forgive job-level permissions (#3162)
* Forgive all job-level permissions
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Update tests
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace magic number
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Rename test
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Test that multiple job-level permissions are forgiven
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Drop unused permissionIsPresent
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Update documentation
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Modify score descriptions
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Document warning for job-level permissions
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* List job-level permissions that get WARNed
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🐛 Fix typo (#3267)
Signed-off-by: Eugene Kliuchnikov <eustas@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 📖 Suggest new score viewer on badge documentation (#3268)
* docs(readme): suggest new score viewer on badge documentation
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
* docs(readme): add link to ossf blogpost about the badge
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
* docs: update badge of our own README to the new viewer
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
---------
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump tj-actions/changed-files from 37.1.1 to 37.1.2 (#3266)
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.1.1 to 37.1.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](1f20fb83f0...2a968ff601)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Update the cover profile for e2e (#3271)
- Update the cover profile for e2e
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Improve e2e workflow tests (#3273)
- Add e2e test for workflow runs
- Retrieve successful runs of the scorecard-analysis.yml workflow
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Excluded dependabot from codecov (#3272)
- Exclude dependabot from codecov job in main.yml
[.github/workflows/main.yml]
- Exclude dependabot from codecov job
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Increase test coverage for searching commits (#3276)
- Add an e2e test for searching commits by author
- Search commits by author `dependabot[bot]` and expect results
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🐛 Fix Branch-Protection scoring (#3251)
* fix: Verify if branch is required to be up to date before merge
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Comment tracking GraphQL bug
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Add validation if pointers are not null before accessing the values
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Delete debug log file
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* ✨ scdiff: generate cmd skeleton (#3275)
* add scdiff root command
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add generate boilerplate.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* get rid of init
Signed-off-by: Spencer Schrock <sschrock@google.com>
* read newline delimitted repo file
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Run scorecard and echo results.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add license
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add basic runner tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add Runner comment.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch to using scorecard logger.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* linter fix
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Delete unused project-update functionality. (#3269)
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump tj-actions/changed-files from 37.1.2 to 37.3.0 (#3280)
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.1.2 to 37.3.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](2a968ff601...39283171ce)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump github.com/google/osv-scanner from 1.3.5 to 1.3.6 (#3281)
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/osv-scanner/compare/v1.3.5...v1.3.6)
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump gocloud.dev from 0.30.0 to 0.32.0 (#3284)
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.30.0 to 0.32.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](https://github.com/google/go-cloud/compare/v0.30.0...v0.32.0)
---
updated-dependencies:
- dependency-name: gocloud.dev
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Include attestor Dockerfile in CI and dependabot updates (#3285)
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump tj-actions/changed-files from 37.3.0 to 37.4.0
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.3.0 to 37.4.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](39283171ce...de0eba3279)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump google-appengine/debian11 in /attestor
Bumps google-appengine/debian11 from `fed7dd5` to `97dc4fb`.
---
updated-dependencies:
- dependency-name: google-appengine/debian11
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.86.0 to 0.88.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.86.0 to 0.88.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.86.0...v0.88.0)
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Use a matrix for docker image building (#3290)
* working matrix.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove unneeded env vars. Add comments.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* minor syntax change.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Improve e2e workflow tests (#3282)
- Ensure that only head queries are supported in workflow tests
- Add a test to detect when a non-existent workflow file is used
[e2e/workflow_test.go]
- Add a test to check that only head queries are supported
- Add a test to check that a non-existent workflow file returns an error
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Use a matrix for when building binaries in main.yml (#3291)
* Use matrix for build jobs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* These build targets dont seem to need protoc.
This lets us save the API quota.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Fix hanging docker jobs for doc only changes. (#3292)
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 📖 Add contributor ladder (#3246)
* Add contributor ladder
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Clarify sponsorship
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Hope for retirement warning
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* 1 maintainer can sponsor a community member
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Apply suggestions from code review
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Pedro Nacht <pedro.k.night@gmail.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Signed-off-by: Pedro Nacht <pedro.k.night@gmail.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Consolidate GitLab e2e workflows. (#3278)
* Move gitlab to different workflow to parallelize.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add missing versions.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Add separate cache for long-running tests (#3293)
* Add separate cache for unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* share cache with gitlab tests too.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* share cache with github integration tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* explicitly download modules in unit test job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* checkout needs to be before the go.mod is read.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* checkout needs to be before the go.sum files are hashed.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#3297)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0)
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Bump github.com/onsi/gomega from 1.27.8 to 1.27.9 (#3298)
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.8 to 1.27.9.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.8...v1.27.9)
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Improve search commit e2e tests (#3295)
- Add 2 tests for searching commits in e2e/searchCommits_test.go
- Fix errors in e2e/searchCommits_test.go when not using HEAD or when user does not exist
[e2e/searchCommits_test.go]
- Add 2 tests for searching commits
- Fix error when not using HEAD
- Fix error when user does not exist
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 📖 update docs for webhooks documentation (#3299)
* update docs for webhooks documentation
Signed-off-by: leec94 <leec94@bu.edu>
* change webhook severity in readme
Signed-off-by: leec94 <leec94@bu.edu>
---------
Signed-off-by: leec94 <leec94@bu.edu>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Unit tests OSSFuzz client (#3301)
* 🌱 Unit tests OSSFuzz client
- Included tests for IsArchived, LocalPath, ListFiles, GetFileContent, GetBranch, GetDefaultBranch, GetOrgRepoClient, GetDefaultBranchName, ListCommits, ListIssues, ListReleases, ListContributors, ListSuccessfulWorkflowRuns, ListCheckRunsForRef, ListStatuses, ListWebhooks, SearchCommits, Close, ListProgrammingLanguages,
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Improve OSSFuzz client tests
[clients/ossfuzz/client_test.go]
- Add a test for the `GetCreatedAt` method
- Fix the `URI` method to return the correct value
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* 🌱 Ensure check markdown is kept in sync with source yaml. (#3300)
* Ensure check markdown is kept in sync with check yaml.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* change generate-docs target to detect changes to docs/checks.md directly.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* Update def.yml license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* Update def.yml license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* Update def.yml license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* Update code_review.go license
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* Update entries.go; CodeReviewChecks now called CodeReview
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
* refactor codeReviewTwoReviewers; moved utility functions into impl.go
Signed-off-by: André Backman <andre.backman@nokia.com>
* Update impl.go, refactor codeReviewTwoReviewers; moved utility functions into impl.go
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* Update go.mod, aligned imports
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
* update license comments
Signed-off-by: André Backman <andre.backman@nokia.com>
* update license comments
Signed-off-by: André Backman <andre.backman@nokia.com>
* change EOL = CRLF to LF
Signed-off-by: André Backman <andre.backman@nokia.com>
* add error handling in case of no changesets
Signed-off-by: André Backman <andre.backman@nokia.com>
* completed tests for code-review probes
Signed-off-by: André Backman <andre.backman@nokia.com>
* update codeReview probes and utils
Signed-off-by: André Backman <andre.backman@nokia.com>
* fixed some lint errors, check for more
Signed-off-by: André Backman <andre.backman@nokia.com>
* fixed lint issues
Signed-off-by: André Backman <andre.backman@nokia.com>
* fix lint errors
Signed-off-by: André Backman <andre.backman@nokia.com>
* add test for multiple reviews with only one unique reviewer
Signed-off-by: André Backman <andre.backman@nokia.com>
* simplify func uniqueReviewers, use map[string]bool
Signed-off-by: André Backman <andre.backman@nokia.com>
* fix linting error
Signed-off-by: André Backman <andre.backman@nokia.com>
* moved probe tests to their own function
Signed-off-by: André Backman <andre.backman@nokia.com>
* fix comment syntax
Signed-off-by: André Backman <andre.backman@nokia.com>
* gci-ed files to fix linter errors
Signed-off-by: André Backman <andre.backman@nokia.com>
* implement change to skip bot-authored changesets that are reviewed/approved
Signed-off-by: André Backman <andre.backman@nokia.com>
* rewrite finding message
Signed-off-by: André Backman <andre.backman@nokia.com>
* fix output message; do not count the number of approved bot-authored changesets
Signed-off-by: André Backman <andre.backman@nokia.com>
* fix typos
Signed-off-by: André Backman <andre.backman@nokia.com>
* moved probe tests to their corresponding location
Signed-off-by: André Backman <andrebackmann@gmail.com>
* removed redundant probe codeReviewed
Signed-off-by: André Backman <andrebackmann@gmail.com>
* Update probes/codeApproved/def.yml
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
* Update probes/codeApproved/def.yml
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
* Update probes/codeApproved/def.yml
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
* Update probes/codeApproved/def.yml
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
* Update probes/codeApproved/def.yml
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
* Update probes/codeReviewOneReviewers/def.yml
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
* Lint
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Signed-off-by: Eugene Kliuchnikov <eustas@google.com>
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Signed-off-by: Pedro Nacht <pedro.k.night@gmail.com>
Signed-off-by: leec94 <leec94@bu.edu>
Signed-off-by: André Backman <andrebackmann@gmail.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: André Backman <andre.backman@nokia.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Gabriela Gutierrez <gabigutierrez@google.com>
Co-authored-by: Pedro Nacht <pedro.k.night@gmail.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Ajmal Kottilingal <90693406+ajmalab@users.noreply.github.com>
Co-authored-by: Pedro Nacht <pnacht@google.com>
Co-authored-by: Eugene Kliuchnikov <eustas@google.com>
Co-authored-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Co-authored-by: Caroline <leec94@bu.edu>
Co-authored-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: gowriNSN <143079242+gowriNSN@users.noreply.github.com>
Co-authored-by: Raghav Kaul <raghavkaul@google.com>