Azeem Shaikh
be8aa3d713
Export registered check names ( #518 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-05-27 14:54:34 -07:00
Chris McGehee
6b63f3f963
🌱 Fix lint issues: Replace golint with revive ( #493 )
...
* Fix lint issues: Replace golint with revive
golint is deprecated and recommended to be replaced with revive
* Updating comments to be more accurate
* Updating comments again
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-24 11:34:33 -07:00
Chris McGehee
61ecad3151
Add new linter: gci ( #498 )
2021-05-23 20:51:52 -07:00
Chris McGehee
2e7a71fbf2
Fix lint issues: goerr113 linter ( #491 )
...
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-22 12:36:47 -07:00
Chris McGehee
50f7ed8519
🌱 Fix lint issues: gochecknoinits linter ( #485 )
...
* Fix lint issues: gochecknoinits linter
* Fix lint issues: gochecknoinits linter
2021-05-22 13:19:52 -04:00
Abhishek Arya
5f82d2b9c0
✨ Add checks for workflow action pinning ( #466 )
...
Patch by Laurent Simon <laurentsimon@google.com>
Co-authored-by: Laurent Simon <laurentsimon@google.com>
2021-05-17 13:03:39 -07:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) ( #348 )
...
* Fix lint issues: whitespace linter
* Fix lint issues: wrapcheck linter
* Fix lint issues: errcheck linter
* Fix lint issues: paralleltest linter
* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring ( #338 )
...
* ✨ Refactor to reduce code duplication
* ✨
* Move lib/ back to checker/
* Move lib/ back to checker/
* Move lib/ back to checker/
* Address PR comments.
* Addressing PR comments.
* Avoid printing `ShouldRetry` and `Error` in output JSON.
* Fix JSON output.
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-10 07:26:56 -05:00
Abhishek Arya
ad7cc4a951
Add colon before sha.
2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91
Fixes - verifiedtag checks
...
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags
>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.
https://api.github.com/repos/ossf/scorecard/git/refs/tags
```
[
{
"ref": "refs/tags/v1.0.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0 ",
"object": {
"sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
"type": "commit",
"url": "87997ffb57
"
}
},
{
"ref": "refs/tags/v1.1.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0 ",
"object": {
"sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
"type": "tag",
"url": "f2c6338546
"
}
}
]
```
Annotated tags
https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags
```
[
{
"ref": "refs/tags/v0.2",
"node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
"url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2 ",
"object": {
"sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
"type": "tag",
"url": "64dbf9ae21
"
}
}
]
```
The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57
fixes #107
2021-02-12 14:26:54 -05:00
Cameron Moore
ac55575713
Adjust details logging on a few checks
...
Log positive results in Pull-Requests and update log messages in
Signed-Releases and Signed-Tags.
2020-12-20 16:12:31 -06:00
Cameron Moore
eb0d488bb2
Show negative results in Signed-Tags details
...
Negative results logged with a "!!" prefix.
Updates #95
$ go run . --repo=github.com/cilium/cilium --show-details --checks=Signed-Tags
Starting [Signed-Tags]
Finished [Signed-Tags]
RESULTS
-------
Signed-Tags: Fail 4
verified tag found: v1.9.0-rc1, commit: a46b5c308779b00676bcbffe6847701984fb7ec7
!! unverified tag found: v1.9.0-rc2, commit: 2ee8e4659ad4050154eb83008ba6434bddad44eb, reason: unsigned
verified tag found: v1.9.0-rc3, commit: ee77e846a9b85e318d6d077c801e2615d5e7dbe3
!! unverified tag found: v1.9.0, commit: 1cdd547dce26adb046d117494d559c64007365fd, reason: unsigned
verified tag found: v1.9.1, commit: bb4abe1720cb56c6a5f74d0567665555ad8434f1
found 3 of 5 verified tags
2020-12-20 14:28:45 -06:00
Abhishek Arya
079180d0ae
Bug fixes
...
- Fix typo for default output function.
- For signed tags, get the only required last 5. matches signed
releases.
2020-11-09 18:13:59 -08:00
dlorenc
fd188f5263
Use the GraphQL API to retrieve the list of tags in signed-tags. ( #45 )
2020-11-06 15:28:26 -06:00
Dan Lorenc
9f686dc707
Rename repo/modules.
2020-10-27 14:23:48 -05:00
Abhishek Arya
81eab9d2d8
Add license header and code of conduct files. ( #34 )
...
* Add license header and code of conduct files.
* Fill missing field.
2020-10-26 15:22:13 -05:00
Abhishek Arya
04c9b37981
Fix PR calc logic, remove bot accounts. ( #17 )
...
* Fix PR calc logic, remove bot accounts.
* Fmt.
2020-10-16 18:11:07 -05:00
Abhishek Arya
6e5ce52cae
Fix filenames to match check names, remove unneeded repos.txt. ( #15 )
...
* Fix filenames to match check names, remove unneeded repos.txt.
* Fix conflict.
* Minor fix.
2020-10-16 13:22:28 -05:00