naveen
1aff6db9f6
🌱 Ignore docker builds
...
- ignore docker builds for non-main branches
- ignore docker builds for *.md
2022-02-16 17:52:55 -06:00
Azeem Shaikh
674146ca3c
Make verbosity levels case insensitive ( #1650 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-16 19:33:04 +00:00
naveen
db1d568499
🌱 Remove building ko to speed up builds
...
- Remove building ko as we aren't using `ko` yet.
- Every build of `ko` slows down the build time.
- When we enable `ko` which will replace `docker` then we can enable `ko` builds
2022-02-16 10:49:27 -06:00
dependabot[bot]
e6f6c56d34
🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.0.0 to 2.1.3.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-16 08:36:38 -06:00
dependabot[bot]
4ebd8aff9c
🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 in /tools
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.0.0 to 2.1.3.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-16 07:13:41 -06:00
Jeff Mendoza
ba503c3bee
✨ githubrepo: Allow providing an already authenticated transport ( #1644 )
2022-02-15 19:13:45 -05:00
Azeem Shaikh
cda7a1b1d4
Add tests for graphQL costs ( #1643 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 23:38:23 +00:00
Azeem Shaikh
de5224bbc5
Update e2e tests ( #1641 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 19:27:45 +00:00
Azeem Shaikh
2b206dc365
Remove Version
field from LogMessage ( #1640 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 18:26:06 +00:00
naveen
35511342c8
🌱 Parallelize the builds
...
- Created a workflow with multiple jobs for each of the docker builds
- Created a workflow with multiple jobs for each of the ko builds
- Removed the reference to dockerbuild and kobuild in the build-targets
make target
- This should reduce the time required to finish the CI builds as it
makes it parallel.
2022-02-15 11:51:54 -06:00
laurentsimon
e7fd58d9a3
✨ Check for secrets in pull_request_target ( #1634 )
...
* checks/dangerous_workflow.go: add pull_request_target support for secrets
* missing files
* linter
2022-02-15 16:04:57 +00:00
dependabot[bot]
e3637c9e17
🌱 Bump cloud.google.com/go/bigquery from 1.27.0 to 1.28.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.27.0 to 1.28.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.27.0...spanner/v1.28.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-15 06:21:45 -06:00
Azeem Shaikh
1e488a804f
Fix for repos which do not squash PR commits ( #1637 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-14 23:33:15 +00:00
Azeem Shaikh
f3332ce129
Add validation for commit-based APIs ( #1635 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-14 22:24:35 +00:00
dependabot[bot]
eb0730ae79
🌱 Bump github.com/goreleaser/goreleaser in /tools ( #1632 )
2022-02-14 11:35:10 +00:00
Stephen Augustus (he/him)
394789cf22
README.md: Add OpenSSF Best Practices badge ( #1629 )
...
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-02-12 03:46:52 -08:00
Azeem Shaikh
2e3e505a8c
Simplify DetailLogger interface ( #1628 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-11 15:48:58 -08:00
Azeem Shaikh
38be00c31f
Reduce query cost by analysing lesser associatedPR ( #1624 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-10 21:50:22 -06:00
laurentsimon
7de151cf49
✨ Check for secrets in workflows run on pull requests ( #1615 )
...
* updates
* missing files
* typo
* linter
* linter
* updates
* updates
2022-02-10 18:54:44 +00:00
dependabot[bot]
9b921f07c7
🌱 Bump actions/setup-go from 2.1.5 to 2.2.0 ( #1619 )
2022-02-10 10:13:56 +00:00
laurentsimon
61e52d4a65
update workflow ( #1617 )
2022-02-09 10:51:58 -08:00
dependabot[bot]
368c105abe
🌱 Bump cloud.google.com/go/pubsub from 1.17.0 to 1.18.0 ( #1616 )
2022-02-09 09:34:53 +00:00
Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard ( #1613 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes ( #1579 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 16:49:49 -08:00
Azeem Shaikh
eac2aecce6
Add support for commit-based lookup to GitHub APIs ( #1612 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 22:06:05 +00:00
naveen
68bf172e59
🌱 Unit tests fileparser/listing
...
Unit tests fileparser/listing
https://github.com/ossf/scorecard/issues/986
2022-02-07 15:33:18 -06:00
Naveen
30fc06e4a8
Fixed the formatting issue
2022-02-07 15:15:57 -06:00
naveen
aaf7a9f208
🌱 Cache builds between runs
...
Cache builds between runs.
2022-02-07 11:52:36 -06:00
naveen
049db386a5
🌱 Unit tests for dependency_update_tool
...
Unit tests for dependency_update_tool
https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-02-07 11:05:37 -06:00
laurentsimon
873308016c
checks/packaging.go: ignore workflows/<>/ files ( #1591 )
2022-02-04 21:42:59 +00:00
Julia Ferraioli
95e7c030eb
Update the biweekly meeting times ( #1603 )
2022-02-04 20:50:41 +00:00
naveen
80cc0dd11e
🌱 Unit tests checks/ci_tests_test.go
...
Unit tests for tests checks/ci_tests_test.go
https://github.com/ossf/scorecard/issues/986
2022-02-04 13:26:16 -06:00
Behnaz Hassanshahi
f84291dcfd
🐛 Fix Dependabot check to accept .yaml file extension ( #1601 )
2022-02-03 23:53:32 +00:00
naveen
5e1fd5230c
🌱 Tweaking codecov config
2022-02-03 15:50:16 -06:00
naveen
35aad1dce5
🌱 Unit tests code-review for raw
...
Unit tests code-review for raw.
https://github.com/ossf/scorecard/issues/986
2022-02-03 13:22:39 -06:00
naveen
674f747d47
🌱 Unit tests for vulnerabilities raw package
...
Unit tests for vulnerabilities raw package
https://github.com/ossf/scorecard/issues/986
2022-02-03 13:00:35 -06:00
Arnout Engelen
28bf341a3f
📖 recommend nix-shell
over nix-env
...
Which is more idiomatic
2022-02-03 11:53:25 -06:00
naveen
634643e9f7
🌱 Unit test for fileparser/listing
...
Unit test for fileparser/listing
https://github.com/ossf/scorecard/issues/986
🌱 Unit test for fileparser/listing
Unit tests for fileparser/listing
https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-02-03 11:01:57 -06:00
Martijn Pieters
88aa0e8159
📖 Add make install to Environment Setup
...
Fixes #1588
2022-02-03 10:39:37 -06:00
Azeem Shaikh
4581c363cf
Remove ListMergedPRs API ( #1566 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-03 00:01:35 +00:00
laurentsimon
9037444513
✨ Raw data for code review check ( #1505 )
...
* separate code review's eval and check
* missing file
* add comments
* fix
* fix
* linter
* fixes
* fix
* linter
* linter
* linter
* draft
* fixes
* fixes
* simplify
* update date
* rem comments
* typo
* linter
* typo
* linter
2022-02-02 19:51:38 +00:00
laurentsimon
7032b1910e
Ignore all files under testdata/ ( #1594 )
2022-02-02 19:17:21 +00:00
laurentsimon
0670b8bdee
pkg/sarif.go: Add score in message ( #1593 )
...
pkg/testdata/check6.sarif: Update message
2022-02-02 18:30:04 +00:00
naveen
009aa85e3f
🌱 Unit tests for Vulnerabilities
...
- Unit tests for Vulnerabilities
- https://github.com/ossf/scorecard/issues/986
2022-02-02 11:55:57 -06:00
naveen
05cedd7cf7
🌱 Categorize the Makefile
...
Categorize the makefile into sections for better readability.
Examples :- Development, Build and Tests
2022-02-02 11:17:23 -06:00
laurentsimon
79b216c956
checks/security_policy_test.go: updated unit tests ( #1590 )
...
checks/raw/security_policy.go: add support for .adoc policies
2022-02-02 08:31:42 -08:00
Arnout Engelen
24842de010
📖 remove inaccurate claim about github rendering emoji
...
GitHub renders `:xyz:` aliases in PR titles just fine nowadays.
2022-02-02 09:15:27 -06:00
laurentsimon
86d8281031
Do not parse non-dockerfile ( #1583 )
...
* draft
* checks/pinned_dependencies.go: added isDockerfiler()
checks/pinned_dependencies_test.go: added TestDockerfileInvalidFiles
* undo CodeQL
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-02-01 23:50:15 +00:00
Azeem Shaikh
2d0e5381c2
Revert Committer.Name
change ( #1576 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-01 23:00:11 +00:00
naveen
e4eb6d247f
🌱 Unit tests for security policy
...
Unit tests for security policy.
https://github.com/ossf/scorecard/issues/986
2022-02-01 14:06:28 -06:00