ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 13:07:17 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
687 Commits 36 Branches 42 Tags 436 MiB
1c7c1e3c31
Commit Graph

687 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
ee8e4026bc
🌱 Bump github.com/google/go-containerregistry (#832) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.1.2 to 0.6.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.1.2...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-11 16:43:35 +00:00
Azeem Shaikh
4fcb0a392e
Fix a bug in flag parsing (#836) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 15:40:53 +00:00
dependabot[bot]
0f6cbc1703
🌱 Bump cloud.google.com/go/pubsub from 1.13.0 to 1.14.0 (#833) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.13.0...pubsub/v1.14.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-11 05:01:54 +00:00
Azeem Shaikh
6cc41359a9
Remove false log statement (#835) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 04:09:13 +00:00
dependabot[bot]
bbf99add9e
🌱 Bump cloud.google.com/go/bigquery from 1.19.0 to 1.20.1 (#820) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.19.0 to 1.20.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.19.0...bigquery/v1.20.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-11 03:22:00 +00:00
Azeem Shaikh
0561c15f21
Post to webhook on successful cron job completion (#829) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 02:36:57 +00:00
Azeem Shaikh
bc67dd306a
Create a webhook for tagging Docker images (#828) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 01:45:01 +00:00
Azeem Shaikh
ce7d4c396d
Update BQ query in README.md (#831) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-10 17:56:39 -07:00
dependabot[bot]
a2e34ede98 🌱 Bump crazy-max/ghaction-import-gpg from 3.1.0 to 3.2.0 
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md)
- [Commits](b0793c0060...1c6a9e9d35)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-10 10:03:06 -05:00
naveen
ef9880c7b3 🌱 Implemented ignore for license check 
The license check was updated with the ignore files.

Fixed the issue https://github.com/ossf/scorecard/issues/767
 2021-08-09 16:09:01 -05:00
Naveen
0c55af5ef8
Scorecard builds for osx arm64 (#824) 
Removed the arm64 ignore from goreleaser
 2021-08-09 19:22:02 +00:00
Appu
8534836923
Also add version info to goreleaser (#822) 
- shared configuration generation in ./scripts/version-ldflags

Signed-off-by: Appu Goundan <appu@google.com>
 2021-08-09 18:22:30 +00:00
Azeem Shaikh
2931d91e23
Fix typo (#819) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-06 23:45:22 +00:00
dependabot[bot]
0e6559a1ce 🌱 Bump golang from 1.16.6 to 1.16.7 
Bumps golang from 1.16.6 to 1.16.7.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-06 17:26:49 -05:00
dependabot[bot]
fc75fd44e8
🌱 Bump github.com/onsi/gomega from 1.14.0 to 1.15.0 (#816) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-06 17:42:41 -04:00
Azeem Shaikh
7f71928daa
Generate .shard_metadata file in cron job shard (#814) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-06 18:07:42 +00:00
Azeem Shaikh
d58fd2d927
Add CloudBuild config for CronJob (#813) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-05 20:03:26 -07:00
Azeem Shaikh
f4d2628799
Ignore errors extracting corrupted tarball (#812) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-06 01:03:35 +00:00
laurentsimon
d821ea27ec
improve token permission (#811) 
* sarif action

* update
 2021-08-05 17:10:34 +00:00
Azeem Shaikh
df3c8663e9
Use a single image for worker and controller (#810) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-04 00:18:22 +00:00
laurentsimon
e4f3ede843
fix/enhance pinned-dependencies (#806) 
* commit

* e2e tests

* typo
 2021-08-03 23:32:34 +00:00
Azeem Shaikh
790a7778e7
Handle tarballs that cannot be downloaded. (#809) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-03 15:31:32 -07:00
Johan Brandhorst-Satzkorn
a3ae21f7c0
Fix minisign file ending example (#807) 
The minisign project uses *.minisig signature files, which
is correctly searched for by the implementation logic
in signed_releases.go, however, the docs use
"*.minisign", which will confuse users.

Correct the docs to use the "*.minisig" file extension.

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-03 21:35:13 +00:00
Azeem Shaikh
08cc3c6202
Rollout worker whenever controller starts (#808) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-03 20:50:30 +00:00
Naveen
254f316ce5
🌱 Fix the e2e fixes for signedtags (#805) 2021-08-03 16:02:06 +00:00
naveen
f2b4d07c33 🌱 Updated e2e signed releases 
Updated the e2e signed releases to the new repository.
 2021-08-03 09:05:16 -05:00
laurentsimon
b2b37161f3
Improve token permission check (#800) 
* draft

* draft 2

* draft3

* fix e2e

* comment

* comment

* check codeql

* missing files

* comments

* nit

* update msg

* msg

* nit

* nit

* msg

* e2e

* update doc
 2021-08-03 00:56:45 +00:00
Naveen
91d3d82348
🌱 Fix the protobuf GitHub runner issue (#801) 
Fixes the protobuf GitHub runner issue by cloning the repository and
installing it locally.

Source  https://lukasjoswiak.com/github-actions-protobuf/
 2021-08-02 23:52:57 +00:00
laurentsimon
6718939a08
Cleanup errors and log (#782) 
* cleanup

* text

* add errors

* fixes

* more

* fixes

* linnter

* comments

* name
 2021-08-02 22:38:42 +00:00
laurentsimon
9b2f3f5270
broken link to doc (#799) 
* broken link

* main doc link
 2021-08-02 14:33:17 -07:00
Azeem Shaikh
30bb11965a
Update Packaging check to use new APIs (#796) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-02 17:17:38 +00:00
laurentsimon
1bee125ab3
fix message (#798) 2021-08-02 16:00:22 +00:00
dependabot[bot]
0a7e1515ef
🌱 Bump mvdan.cc/sh/v3 from 3.3.0 to 3.3.1 (#797) 
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/mvdan/sh/releases)
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/sh/compare/v3.3.0...v3.3.1)

---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-02 09:19:22 -04:00
Azeem Shaikh
388c3aeaad
Add a BQ transfer job for releasetest (#790) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-01 16:45:57 +00:00
naveen
33a63ff6b9 🌱 Fixed the failing lint check 2021-08-01 10:57:22 -05:00
Oliver Chang
7c2117342c fix tests 2021-08-01 10:57:22 -05:00
Oliver Chang
cf9c860441 Replace personal test repo with ossf-tests repo. 2021-08-01 10:57:22 -05:00
Azeem Shaikh
251a6c4ac8
Linter fix (#795) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-01 10:59:30 -04:00
Azeem Shaikh
6368c25f54
More linter issues (#794) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-01 03:42:14 +00:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 (#793) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-31 22:31:34 +00:00
dependabot[bot]
a66b53ebe4
🌱 Bump peter-evans/slash-command-dispatch from 2.1.3 to 2.2.1 (#735) 
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch) from 2.1.3 to 2.2.1.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases)
- [Commits](72ab5a2e41...fc430081ad)

---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-31 11:12:20 +00:00
Azeem Shaikh
d045a6655f
Catch RuntimeErrors in release testing (#791) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-30 19:13:17 +00:00
laurentsimon
577061b5e3
enable score results by default (#788) 
* enable v2

* linnter
 2021-07-30 15:21:09 +00:00
laurentsimon
29594d4294
change signature of FileIfExist and FileContent (#787) 
* draft

* add pinning

* remove functions

* typo

* commment

* name
 2021-07-30 15:09:52 +00:00
laurentsimon
b35cbdcdcf
Make Branch-Protection score more granular (#777) 
* commit

* uni tests

* full score

* typos

* update msg

* remove function

* comments

* linter

* comments
 2021-07-30 01:54:19 +00:00
laurentsimon
c48fe4f9ed
Make Token-Permission check more granular (#773) 
* draft

* add tests

* add e2e2 tests

* typos

* typo

* fixes

* linter

* use named value

* comments

* comment
 2021-07-30 00:13:01 +00:00
dependabot[bot]
564b10946f
🌱 Bump goreleaser/goreleaser-action from 2.6.1 to 2.7.0 (#762) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](ac067437f5...5a54d7e660)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-29 21:51:16 +00:00
dependabot[bot]
fae54a6af4
🌱 Bump cloud.google.com/go/pubsub from 1.12.2 to 1.13.0 (#723) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.12.2 to 1.13.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.12.2...pubsub/v1.13.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-07-29 21:28:39 +00:00
Azeem Shaikh
1d1e799f84
Add ListCommits and IsArchived API (#772) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 14:18:58 -07:00
Azeem Shaikh
d19d436294
Update release test cron job (#778) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 21:08:48 +00:00