ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,209 Commits 34 Branches 42 Tags 435 MiB
7d1795384c
Commit Graph

94 Commits

Author SHA1 Message Date
naveensrinivasan
7d1795384c Fixed the path of the generated mock files. 
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-11 09:55:24 -06:00
naveensrinivasan
1995bc3b9c 🌱 Refactor to make it testable 
- Related to https://github.com/ossf/scorecard/issues/1568

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-11 09:55:24 -06:00
Batuhan Apaydın
53bae3ee1a feat: upgrade to ko v0.10.0 
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2022-02-19 05:24:27 -06:00
naveen
bba55d4257 🌱 Parallelize builds 
- parallelize builds
 2022-02-17 15:23:21 -06:00
naveen
db1d568499 🌱 Remove building ko to speed up builds 
- Remove building ko as we aren't using `ko` yet.
- Every build of `ko` slows down the build time.
- When we enable `ko` which will replace `docker` then we can enable `ko` builds
 2022-02-16 10:49:27 -06:00
Azeem Shaikh
cda7a1b1d4
Add tests for graphQL costs (#1643) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 23:38:23 +00:00
Azeem Shaikh
de5224bbc5
Update e2e tests (#1641) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 19:27:45 +00:00
naveen
35511342c8 🌱 Parallelize the builds 
- Created a workflow with multiple jobs for each of the docker builds
- Created a workflow with multiple jobs for each of the ko builds
- Removed the reference to dockerbuild and kobuild in the build-targets
  make target
- This should reduce the time required to finish the CI builds as it
  makes it parallel.
 2022-02-15 11:51:54 -06:00
naveen
05cedd7cf7 🌱 Categorize the Makefile 
Categorize the makefile into sections for better readability.

Examples :- Development, Build and Tests
 2022-02-02 11:17:23 -06:00
naveen
2dcdbcd32b 🌱 Track code coverage 
Track code coverage
https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-19 16:29:31 -06:00
Azeem Shaikh
f2c57d2590 Migrate to v4 2022-01-12 14:12:09 -06:00
naveen
de39061cc5 🌱 Refactor vulnerabilities client 2022-01-04 13:55:58 -06:00
Jason Hall
cef72f0f7d
🐛 Fix ko build workflows in Makefile (#1392) 
* Use ko to build everything in cloudbuild.yaml

* --push=false and undo cloudbuild.yaml changes for now
 2021-12-15 10:35:07 -06:00
Azeem Shaikh
aa558ff2f4
Add parallelism to improve build times (#1342) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-12-02 12:20:27 -08:00
Azeem Shaikh
de0cfbec9a Add a validation step for goreleaser 2021-11-23 13:08:26 -06:00
Azeem Shaikh
9878c4e61e
Randomize the repos tested during release test (#1299) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-18 17:04:07 +00:00
Azeem Shaikh
71e8698617
Add a cron job to copy CII badges data (#1278) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-16 04:23:00 +00:00
Azeem Shaikh
6223b6620a
Add CIIClient interface (#1262) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-15 02:46:41 +00:00
Chris McGehee
16cd53de44 make install was not installing to GOPATH 2021-11-14 11:57:18 -06:00
Azeem Shaikh
51de6b6e5d
Check for issue activity in Maintained (#1251) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 22:16:22 +00:00
Azeem Shaikh
c8d2a51375
Ignore nil values in Branch-Protection check (#1243) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 19:11:06 +00:00
laurentsimon
ae271b4513
🐛 Validate doc on pre-submit (#1235) 
* validate doc on pre-submit

* typo
 2021-11-10 16:56:44 +00:00
Naveen
4ee366eb0f
🌱 Move docker build checks to ko (#1214) 
Move the docker builds checks to ko
 2021-11-08 15:55:58 +00:00
Azeem Shaikh
83649a799e
Remove repos package (#1191) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-29 16:07:46 +00:00
Azeem Shaikh
c73c5628ea
Fix GitHub workflows failing (#1172) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2021-10-28 18:42:55 +00:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image (#1127) 
* feat: add google/ko support for building/pusing container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat: updates according to reviews

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2021-10-26 17:22:22 +00:00
naveen
311d2e2e42 🌱 Reproducible builds with static binary 
Changes to goreleaser to have static binaries and reproducible builds.
 2021-10-25 15:58:47 -05:00
laurentsimon
950e0e3d2d
Add support for file-based repo URIs (#1113) 
* draft

* draft

* docker file

* error

* fix

* fix

* fixa

* bug

* comments

* missing merge

* fix

* fix rebase

* merge issue

* fix

* validate format early

* fix

* fix2

* comments

* fix
 2021-10-21 20:08:56 +00:00
Azeem Shaikh
66f864022c
Add GitHub token server (#1132) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-15 03:03:51 +00:00
naveen
7ca5061efc 🌱 Remove OSV ignores 
The checks for OSV ignored a few OSV. These have been fixed and removing
them from the ignore list.
 2021-10-04 16:19:14 -05:00
Naveen
6c537537ab
🌱 Reproducible go builds (#1083) 2021-09-28 22:02:58 +00:00
Azeem Shaikh
3cbe7b26f7
Consistent -ldflags across go build (#1070) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-27 14:42:39 -05:00
Naveen
91eb41e235
🌱 Check for OSV for a go.mod changes (#1053) 
At present we don't have a way to identify any new dependencies to go.mod that have osv/cve.
With this it will query the osv.dev for any vulnerabilities and report if it found any.

It also has an option to ignore any vulnerabilities if we chose to ignore.

This is ignoring 3 osv that are in our dependencies.
 2021-09-22 20:41:56 +00:00
laurentsimon
6fb92a3df5
add version for cron (#1011) 2021-09-14 15:00:32 +00:00
Azeem Shaikh
1cb8c06001
Bug in Makefile generate-docs (#996) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 15:26:27 +00:00
laurentsimon
870db56814
Cleanup documentation code (#981) 
* draft 1

* unit tests

* fix

* fixes

* fix

* mod

* comments

* fixes

* rename

* fix

* linter
 2021-09-09 22:09:39 +00:00
naveen
2b15b1353b 🌱 Moving tools dependencies to separate go.mod 
* Moving the tools dependencies to a separate go.mod to reduce the
dependencies on scorecard.

* This is also increases the security posture by having less dependencies
on the main go.mod
 2021-09-07 18:23:41 -05:00
neil465
fda87a45bb Fixed typo reepo to repo 2021-09-04 10:53:19 -05:00
Azeem Shaikh
830c4f57db
100k cron job repos (#958) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-02 19:31:55 +00:00
Azeem Shaikh
9a1978a051
Use RefUpdateRule in BranchProtection check (#936) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 23:14:42 +00:00
Naveen
f40fa63826
🌱 Included race flag to tests (#921) 
Included the `-race` flag to tests to detect any race conditions.
Especially now that we are using the `sync` package.
 2021-08-27 14:17:14 +00:00
Azeem Shaikh
cc30d54db2
Use arduino/setup-protoc for installing Protoc (#903) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 09:31:04 -04:00
Azeem Shaikh
3f9431d08c
Update SignedReleases to use RepoClient API (#844) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 20:46:06 +00:00
Azeem Shaikh
bc67dd306a
Create a webhook for tagging Docker images (#828) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 01:45:01 +00:00
Appu
8534836923
Also add version info to goreleaser (#822) 
- shared configuration generation in ./scripts/version-ldflags

Signed-off-by: Appu Goundan <appu@google.com>
 2021-08-09 18:22:30 +00:00
Azeem Shaikh
7f71928daa
Generate .shard_metadata file in cron job shard (#814) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-06 18:07:42 +00:00
Azeem Shaikh
59e14eef80
Add validation for checks.yaml (#781) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:29:12 +00:00
Azeem Shaikh
851646d4db
Disable e2e tests temporarily (#785) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 19:39:39 +00:00
Appu
f9e9865fd6
Add version cli subcommand (#764) 
`scorecard version` will print out something like

```
GitVersion:     v2.0.0-73-g7fd331a-dirty
GitCommit:      7fd331adf2
GitTreeState:   dirty
BuildDate:      2021-07-27T14:14:34Z
GoVersion:      go1.16.4
Compiler:       gc
Platform:       linux/amd64
```

Signed-off-by: Appu Goundan <appu@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-27 17:37:27 +00:00
Azeem Shaikh
35267c2514
PubSub integration test framework (#706) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-18 17:33:45 -07:00