ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,527 Commits 34 Branches 42 Tags 435 MiB
7cd6406aef
Commit Graph

103 Commits

Author SHA1 Message Date
Azeem Shaikh
7cd6406aef
Reduce build target radius (#2293) 
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-09-24 19:58:50 +00:00
Azeem Shaikh
08c2ee5f42
Modify tool installation (#2288) 
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-09-22 10:58:10 -05:00
raghavkaul
482a59ec9b
🌱 Tests: Fix data race failures (#2262) 
* Fix data race failures in tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Keep coverprofiles for the attestor separate

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
 2022-09-19 11:26:13 -04:00
raghavkaul
9e269b8e3c
🌱 Feature: Add scorecard attestation policy module (#2240) 
* Add ability to parse policy.yaml

Temporary commit

Temporary commit

Temporary commit

Temporary commit

Temporary commit

Temporary commit

* Remove hidden options

* Fix cilint problems

* Add tests

* Add tests

* Address PR comments

* Refactor to standalone module
* Don't depend on evaluation package
* Remove everything but the Binary-Artifact

* Fix test failures

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Address PR comments

* Use glob for binary artifact ignores
* Makefile

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
 2022-09-12 16:33:52 -04:00
raghavkaul
90ed090448
🌱 Build/test fixes: Install protoc and protoc-gen-go (#2038) 
* Install protoc in validate-projects step

The `validate-projects` Makefile target depends on compilation of all go
binaries, including the protobuf generated go binaries

* Makefile: Cron build relies on `make install` for tools deps

* Add an explicit dependency to the build-proto steps
* Remove sleep
 2022-07-11 20:02:22 +00:00
Azeem Shaikh
d1714a289a
Move the cron job to internal package (#1960) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-05-25 15:37:22 -07:00
naveensrinivasan
6ed6c9b70e 🌱 Publish images with ko 
- Publish images with ko

https://github.com/ossf/scorecard/issues/744

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-18 10:40:05 -05:00
laurentsimon
2873c0d58d e2e for GITHUB_TOKEN 2022-04-12 10:54:38 -05:00
dependabot[bot]
66b3d8ce5c
🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools (#1757) 
* 🌱 Bump github.com/golangci/golangci-lint in /tools

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* golangci-lint: Surface and fix as many lint warnings automatically

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* generated: Run golangci-lint with `fix: true`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
 2022-03-23 02:23:39 +00:00
naveensrinivasan
7d1795384c Fixed the path of the generated mock files. 
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-11 09:55:24 -06:00
naveensrinivasan
1995bc3b9c 🌱 Refactor to make it testable 
- Related to https://github.com/ossf/scorecard/issues/1568

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-11 09:55:24 -06:00
Batuhan Apaydın
53bae3ee1a feat: upgrade to ko v0.10.0 
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2022-02-19 05:24:27 -06:00
naveen
bba55d4257 🌱 Parallelize builds 
- parallelize builds
 2022-02-17 15:23:21 -06:00
naveen
db1d568499 🌱 Remove building ko to speed up builds 
- Remove building ko as we aren't using `ko` yet.
- Every build of `ko` slows down the build time.
- When we enable `ko` which will replace `docker` then we can enable `ko` builds
 2022-02-16 10:49:27 -06:00
Azeem Shaikh
cda7a1b1d4
Add tests for graphQL costs (#1643) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 23:38:23 +00:00
Azeem Shaikh
de5224bbc5
Update e2e tests (#1641) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 19:27:45 +00:00
naveen
35511342c8 🌱 Parallelize the builds 
- Created a workflow with multiple jobs for each of the docker builds
- Created a workflow with multiple jobs for each of the ko builds
- Removed the reference to dockerbuild and kobuild in the build-targets
  make target
- This should reduce the time required to finish the CI builds as it
  makes it parallel.
 2022-02-15 11:51:54 -06:00
naveen
05cedd7cf7 🌱 Categorize the Makefile 
Categorize the makefile into sections for better readability.

Examples :- Development, Build and Tests
 2022-02-02 11:17:23 -06:00
naveen
2dcdbcd32b 🌱 Track code coverage 
Track code coverage
https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-19 16:29:31 -06:00
Azeem Shaikh
f2c57d2590 Migrate to v4 2022-01-12 14:12:09 -06:00
naveen
de39061cc5 🌱 Refactor vulnerabilities client 2022-01-04 13:55:58 -06:00
Jason Hall
cef72f0f7d
🐛 Fix ko build workflows in Makefile (#1392) 
* Use ko to build everything in cloudbuild.yaml

* --push=false and undo cloudbuild.yaml changes for now
 2021-12-15 10:35:07 -06:00
Azeem Shaikh
aa558ff2f4
Add parallelism to improve build times (#1342) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-12-02 12:20:27 -08:00
Azeem Shaikh
de0cfbec9a Add a validation step for goreleaser 2021-11-23 13:08:26 -06:00
Azeem Shaikh
9878c4e61e
Randomize the repos tested during release test (#1299) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-18 17:04:07 +00:00
Azeem Shaikh
71e8698617
Add a cron job to copy CII badges data (#1278) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-16 04:23:00 +00:00
Azeem Shaikh
6223b6620a
Add CIIClient interface (#1262) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-15 02:46:41 +00:00
Chris McGehee
16cd53de44 make install was not installing to GOPATH 2021-11-14 11:57:18 -06:00
Azeem Shaikh
51de6b6e5d
Check for issue activity in Maintained (#1251) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 22:16:22 +00:00
Azeem Shaikh
c8d2a51375
Ignore nil values in Branch-Protection check (#1243) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 19:11:06 +00:00
laurentsimon
ae271b4513
🐛 Validate doc on pre-submit (#1235) 
* validate doc on pre-submit

* typo
 2021-11-10 16:56:44 +00:00
Naveen
4ee366eb0f
🌱 Move docker build checks to ko (#1214) 
Move the docker builds checks to ko
 2021-11-08 15:55:58 +00:00
Azeem Shaikh
83649a799e
Remove repos package (#1191) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-29 16:07:46 +00:00
Azeem Shaikh
c73c5628ea
Fix GitHub workflows failing (#1172) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2021-10-28 18:42:55 +00:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image (#1127) 
* feat: add google/ko support for building/pusing container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat: updates according to reviews

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2021-10-26 17:22:22 +00:00
naveen
311d2e2e42 🌱 Reproducible builds with static binary 
Changes to goreleaser to have static binaries and reproducible builds.
 2021-10-25 15:58:47 -05:00
laurentsimon
950e0e3d2d
Add support for file-based repo URIs (#1113) 
* draft

* draft

* docker file

* error

* fix

* fix

* fixa

* bug

* comments

* missing merge

* fix

* fix rebase

* merge issue

* fix

* validate format early

* fix

* fix2

* comments

* fix
 2021-10-21 20:08:56 +00:00
Azeem Shaikh
66f864022c
Add GitHub token server (#1132) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-15 03:03:51 +00:00
naveen
7ca5061efc 🌱 Remove OSV ignores 
The checks for OSV ignored a few OSV. These have been fixed and removing
them from the ignore list.
 2021-10-04 16:19:14 -05:00
Naveen
6c537537ab
🌱 Reproducible go builds (#1083) 2021-09-28 22:02:58 +00:00
Azeem Shaikh
3cbe7b26f7
Consistent -ldflags across go build (#1070) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-27 14:42:39 -05:00
Naveen
91eb41e235
🌱 Check for OSV for a go.mod changes (#1053) 
At present we don't have a way to identify any new dependencies to go.mod that have osv/cve.
With this it will query the osv.dev for any vulnerabilities and report if it found any.

It also has an option to ignore any vulnerabilities if we chose to ignore.

This is ignoring 3 osv that are in our dependencies.
 2021-09-22 20:41:56 +00:00
laurentsimon
6fb92a3df5
add version for cron (#1011) 2021-09-14 15:00:32 +00:00
Azeem Shaikh
1cb8c06001
Bug in Makefile generate-docs (#996) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 15:26:27 +00:00
laurentsimon
870db56814
Cleanup documentation code (#981) 
* draft 1

* unit tests

* fix

* fixes

* fix

* mod

* comments

* fixes

* rename

* fix

* linter
 2021-09-09 22:09:39 +00:00
naveen
2b15b1353b 🌱 Moving tools dependencies to separate go.mod 
* Moving the tools dependencies to a separate go.mod to reduce the
dependencies on scorecard.

* This is also increases the security posture by having less dependencies
on the main go.mod
 2021-09-07 18:23:41 -05:00
neil465
fda87a45bb Fixed typo reepo to repo 2021-09-04 10:53:19 -05:00
Azeem Shaikh
830c4f57db
100k cron job repos (#958) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-02 19:31:55 +00:00
Azeem Shaikh
9a1978a051
Use RefUpdateRule in BranchProtection check (#936) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 23:14:42 +00:00
Naveen
f40fa63826
🌱 Included race flag to tests (#921) 
Included the `-race` flag to tests to detect any race conditions.
Especially now that we are using the `sync` package.
 2021-08-27 14:17:14 +00:00