ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 21:18:09 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
332 Commits 36 Branches 42 Tags 436 MiB
4c6b500dea
Commit Graph

332 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris McGehee
4c6b500dea Fix lint issues: lll linter 2021-05-02 11:18:26 -05:00
Chris McGehee
87b5a6a922 Fix lint issues: godot linter 2021-05-02 11:14:01 -05:00
naveen
360d6b8381 🌱 e2e tests for cronjob 
* Implemented basic e2e tests for cornjob
 2021-05-01 16:07:26 -05:00
naveen
cd7231dd75 🌱 Cleanup dependabot config 2021-04-29 17:10:24 -05:00
naveen
a64426e369 🌱 Remove synk 
Removing synk as per our discussion.
 2021-04-29 12:32:21 -05:00
naveen
c6b4e24218 🌱 Clean and Validation of cron 
* Included validation for the cron
* Removed branch protection check from the cron
 2021-04-29 11:03:41 -05:00
naveen
da2e7029c7 🌱 Update golangci version to 1.39 
* Upgrade the golangci version to 1.39
* Changed the checkout depth
  https://github.com/golangci/golangci-lint/issues/1088#issuecomment-801540792
 2021-04-29 08:24:41 -05:00
Azeem Shaikh
d3a59eacff Move Dockerfile.gsutil to inside cron/ 2021-04-27 17:21:53 -05:00
Azeem Shaikh
86a46560c8 Rename CheckResults to Checks to match BQ schema. 2021-04-26 17:45:04 -05:00
naveen
eade3f9564 🌱 Included go mod verify for cron and scripts 
* Included go mod verify cron and scripts
 2021-04-26 10:06:14 -05:00
naveen
872e9139d8 🐛 docker build for gitcache 
* Fixed docker build for git cache
 2021-04-26 10:01:50 -05:00
naveen
f7b658d31d 🌱 Fixed lint issues in cron 
* Fixed golang ci-lint issues in cron
 2021-04-26 08:51:28 -05:00
dependabot[bot]
bdf86e00c8 🌱 Bump actions/github-script from v3 to v4.0.2 
Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.2.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-26 08:30:49 -05:00
naveen
3d24435ba8 🌱 Fixing the docker build issue 2021-04-23 15:17:42 -04:00
Naveen
760e01fbb8 Revert "🌱 Bump actions/github-script from v3 to v4.0.1" 
This reverts commit 3ad35e3661.
 2021-04-23 11:53:17 -04:00
dependabot[bot]
3ad35e3661 🌱 Bump actions/github-script from v3 to v4.0.1 
Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...85e88a66eaa831097093a3d278536947f2984d20)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-22 08:37:01 -04:00
Oliver Chang
158c2cdbde
Fix typo in scorecard date format. (#353) 2021-04-21 21:16:26 -07:00
Azeem Shaikh
bd3eff1fcf
Cron job uses line-delimited JSON (#344) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Separate out ReposURL nito repos/

* Add TODO in gitcache module.

* Add RepoRequest/Response types.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

* Simplify cmd package.

* Make cron/ a package instead of module.

* Fix TODO.

* Remove binary file.

* go.mod file.

* go.mod updates.

* Refactor cron to use in-memory JSON.

* Fix JSON output.

* Fix go.mod

* Address PR comments.

* Change %w -> %v.

* Address PR comments.

* Fix err.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-19 12:49:51 -07:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348) 
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
 2021-04-19 12:18:34 -07:00
Oliver Chang
df27afd3b3
Make checks documentation machine readable. (#345) 
*  Make checks documentation machine readable.

Make checks.yaml as a machine and human readable source of truth of
checks documentation.

A tiny Python script is also added to generate checks.json and checks.md
from this file.

* move checks scripts and files
 2021-04-16 11:15:56 -07:00
naveen
1d3821e08c 🌱 Fix concurrent cronjob execution 
* With the increased scans the cronjob is running longer than expected
which was causing the multiple jobs to be executing concurrently.

* Changed the concurrent policy to "Forbid" to avoid it.
 2021-04-14 09:35:26 -05:00
Naveen
8e352e408a
🌱 Included make targets for update binary (#340) 
* Include the build and go mod verify targets to the update binary.
 2021-04-13 01:36:45 +00:00
naveen
9397708318 Handle vendored repos dependency 
*Handle vendored repos for go dependency

* Add additional repositories for projects.txt
 2021-04-12 15:50:10 -05:00
Naveen
f02df30b61
Included dependency parsing for go (#337) 
* Included dependency parsing of go.mod files.
* Parse vanity URL in go.mod to add dependencies
* Updated dependencies for scorecard and cosign based on the vanity URL's.
 2021-04-10 12:21:51 -05:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
naveen
6aad826067 🌱 Included dependencies for k8s 
* Included the k8s dependencies.
 2021-04-08 14:17:56 -05:00
naveen
c2236f68f8 🌱 Updated commit message for dependabot 
* Updated commit message to have 🌱 prefix in dependabot PR.
 2021-04-08 14:13:44 -05:00
dependabot[bot]
4b997019d5 Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 in /gitcache 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.0 to 1.16.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.0...v1.16.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-08 10:52:04 -05:00
dependabot[bot]
fc0eac922a Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.0 to 1.16.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.0...v1.16.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-08 09:27:08 -05:00
dependabot[bot]
f8fdccb478 Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 in /gitcache 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.2...v1.16.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-05 12:22:30 -05:00
dependabot[bot]
e0cd796b7f Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.2...v1.16.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-05 12:12:04 -05:00
asraa
8a5f9a8ea7
zero pad dates (#328) 
Signed-off-by: Asra Ali <asraa@google.com>
 2021-04-05 07:57:37 -07:00
Abhishek Arya
f15a6bfbf0
Dont retry and log http get failures. (#324) 2021-04-04 10:24:14 -07:00
Asra Ali
ed8d5801bc Add updater to collect deps in project files and add to projects.txt 
Signed-off-by: Asra Ali <asraa@google.com>
 2021-04-02 12:57:57 -05:00
dependabot[bot]
3f70d82ce0 Bump golang from 1.16.2 to 1.16.3 
Bumps golang from 1.16.2 to 1.16.3.

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-02 12:03:43 -05:00
nathannaveen
f5185e4bd6 🌱 included copyright headers. 2021-04-01 21:36:10 -05:00
naveen
6d9463bf60 🌱 Upgrade golang docker container 
Golang docker container upgrade.
 2021-04-01 19:43:30 -05:00
Chris McGehee
7432e5e6f9 using make targets in docker builds 2021-03-30 14:12:24 -04:00
dependabot[bot]
8ef259d250 Bump github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0 in /gitcache 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.2.0 to 5.3.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.2.0...v5.3.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-30 13:04:31 -04:00
naveen
2f62126a3e 🐛 Fix docker buildx syntax 
The docker build syntax was in incorrect location which was causing the
builds to fail.

https://github.com/docker/buildx/issues/348#issuecomment-709155842
 2021-03-29 23:59:21 -04:00
Naveen
3e4432ceea Update PULL_REQUEST_TEMPLATE.md 2021-03-24 17:11:02 -04:00
Naveen
0e5b8e63f2 Eating your own dog food 
Eating your own dog food
 2021-03-22 18:00:20 -04:00
naveen
775a83a2f7 🌱 update dependabot for cron and scripts 
The cron and scripts are based on go.mod. The dependabot settings are
updated to watch those folders.
 2021-03-22 11:50:01 -04:00
naveen
7622cea5a6 🌱 updated the makefile to include scripts and cron 
Updated the makefile to include scripts and cron.
 2021-03-22 11:42:18 -04:00
naveen
688dc5e6c7 Refactor cron job 
* Refactored cron job from shell script to go.
* Included metadata to the projects.txt for envoy
* Included checks for duplicate item in projects.txt
* Sorted the projects.txt so that it is easier for someone to look for a
project
 2021-03-21 22:31:07 -04:00
naveen
52e742cce9 📖 Instructions on PR process 
* Included instructions in the PR process.
 2021-03-21 11:11:30 -04:00
naveen
ba42e1ab7b 🌱 Changed cron to run everyday 
With the latest fix for roundrobin token usage, the cron can run
everyday.
 2021-03-19 11:50:26 -04:00
Asra Ali
7a2675532a add envoy deps statically 
Signed-off-by: Asra Ali <asraa@google.com>
 2021-03-19 10:07:33 -04:00
Naveen
1a81741624
🌱Remove branch protection check from cron (#290) 
The branch protection check needs an admin access to the repository. All
of the checks from cron would fail and uses another call to the API.

This will reduce usage of the API.
 2021-03-19 07:27:09 -04:00
naveen
8427362772 🌱 verifier to generate release notes 
The verifier helps release notes generation.
https://github.com/kubernetes-sigs/kubebuilder-release-tools

https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/verify/main.go
 2021-03-18 12:19:06 -04:00