Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.
Update the contributing doc with scopes of the personal access token.
Updated the workflow to include the e2e tests.
Included the codeowners for enabling branch protection "Require review from Code Owners"
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
* feat - nonroot docker container
Changed the docker container to nonroot
* Feat - New Dockerfile for non-cron job
Created a new Dockerfile for non-cron job.
Moved the existing Dockerfile into cron folder for cron specific.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
* Fix - The Docker version information in the README
Updated the README to include docker version information required for
Dockerfile.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
* Updated the contributing guidelines with Environment Setup,
Contributing steps, How to build scorecard locally, What to do before
submitting a pull request and Where the CI Tests are configured.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Implemented e2e tests using ginkgo for validating signed tags and signed
releases.
ginkgo is utilized as a standard BDD testing framework in other
projects like kubebuilder.
Use the release TagName instead of Name when reporting found releases.
An example of the problem using Name:
$ go run . --repo=github.com/magefile/mage --show-details --checks=Signed-Releases
Starting [Signed-Releases]
Finished [Signed-Releases]
RESULTS
-------
Signed-Releases: Fail 10
release found: Colors, working directory, some better errors
!! release Colors, working directory, some better errors has no signed artifacts
release found: Modules and go1.13 Fixes
!! release Modules and go1.13 Fixes has no signed artifacts
release found: v1.8.0 - Papercuts and Bug Fixes
!! release v1.8.0 - Papercuts and Bug Fixes has no signed artifacts
release found: v1.7.1
!! release v1.7.1 has no signed artifacts
release found: v1.7.0 Mage Imports
!! release v1.7.0 Mage Imports has no signed artifacts
release found: v1.6.2 Bug Fixes
!! release v1.6.2 Bug Fixes has no signed artifacts
found signed artifacts for 0 out of 6 releases
With this commit:
Signed-Releases: Fail 10
release found: v1.10.0
!! release v1.10.0 has no signed artifacts
release found: v1.9.0
!! release v1.9.0 has no signed artifacts
release found: v1.8.0
!! release v1.8.0 has no signed artifacts
release found: v1.7.1
!! release v1.7.1 has no signed artifacts
release found: v1.7.0
!! release v1.7.0 has no signed artifacts
release found: v1.6.2
!! release v1.6.2 has no signed artifacts
found signed artifacts for 0 out of 6 releases
Add negative check results to the CI-Tests output.
Assuming that a repo will only support one CI system, GithubStatuses and
GithubCheckRuns are merged into a single CITests function. Since both
GithubStatuses and GithubCheckRuns were essentially validating the same
PRs, it makes more sense to keep all of that state together in a single
check.
Additionaly, a single check can reduce the number of API queries once we
detect the CI system in use.
Fixes#96
Updates #95
Negative results logged with a "!!" prefix.
Updates #95
$ go run . --repo=github.com/gohugoio/hugo --show-details --checks=Signed-Releases
Starting [Signed-Releases]
Finished [Signed-Releases]
RESULTS
-------
Signed-Releases: Fail 10
release found: v0.79.1
!! release v0.79.1 has no signed artifacts
release found: v0.79.0
!! release v0.79.0 has no signed artifacts
release found: v0.78.2
!! release v0.78.2 has no signed artifacts
release found: v0.78.1
!! release v0.78.1 has no signed artifacts
release found: v0.78.0
!! release v0.78.0 has no signed artifacts
release found: v0.77.0
!! release v0.77.0 has no signed artifacts
found signed artifacts for 0 of 6 releases
Negative results logged with a "!!" prefix.
Updates #95
$ go run . --repo=github.com/ossf/scorecard --show-details --checks=Pull-Requests
Starting [Pull-Requests]
Finished [Pull-Requests]
RESULTS
-------
Pull-Requests: Pass 9
!! found commit without PR: 71dace54e3, committer: dlorenc
found PRs for 29 out of 30 commits