laurentsimon
e4f3ede843
✨ fix/enhance pinned-dependencies ( #806 )
...
* commit
* e2e tests
* typo
2021-08-03 23:32:34 +00:00
Azeem Shaikh
790a7778e7
Handle tarballs that cannot be downloaded. ( #809 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-03 15:31:32 -07:00
Johan Brandhorst-Satzkorn
a3ae21f7c0
Fix minisign file ending example ( #807 )
...
The minisign project uses *.minisig signature files, which
is correctly searched for by the implementation logic
in signed_releases.go, however, the docs use
"*.minisign", which will confuse users.
Correct the docs to use the "*.minisig" file extension.
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-08-03 21:35:13 +00:00
Azeem Shaikh
08cc3c6202
Rollout worker whenever controller starts ( #808 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-03 20:50:30 +00:00
Naveen
254f316ce5
🌱 Fix the e2e fixes for signedtags ( #805 )
2021-08-03 16:02:06 +00:00
naveen
f2b4d07c33
🌱 Updated e2e signed releases
...
Updated the e2e signed releases to the new repository.
2021-08-03 09:05:16 -05:00
laurentsimon
b2b37161f3
✨ Improve token permission check ( #800 )
...
* draft
* draft 2
* draft3
* fix e2e
* comment
* comment
* check codeql
* missing files
* comments
* nit
* update msg
* msg
* nit
* nit
* msg
* e2e
* update doc
2021-08-03 00:56:45 +00:00
Naveen
91d3d82348
🌱 Fix the protobuf GitHub runner issue ( #801 )
...
Fixes the protobuf GitHub runner issue by cloning the repository and
installing it locally.
Source https://lukasjoswiak.com/github-actions-protobuf/
2021-08-02 23:52:57 +00:00
laurentsimon
6718939a08
✨ Cleanup errors and log ( #782 )
...
* cleanup
* text
* add errors
* fixes
* more
* fixes
* linnter
* comments
* name
2021-08-02 22:38:42 +00:00
laurentsimon
9b2f3f5270
✨ broken link to doc ( #799 )
...
* broken link
* main doc link
2021-08-02 14:33:17 -07:00
Azeem Shaikh
30bb11965a
Update Packaging
check to use new APIs ( #796 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-02 17:17:38 +00:00
laurentsimon
1bee125ab3
fix message ( #798 )
2021-08-02 16:00:22 +00:00
dependabot[bot]
0a7e1515ef
🌱 Bump mvdan.cc/sh/v3 from 3.3.0 to 3.3.1 ( #797 )
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.3.0...v3.3.1 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-02 09:19:22 -04:00
Azeem Shaikh
388c3aeaad
Add a BQ transfer job for releasetest ( #790 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-01 16:45:57 +00:00
naveen
33a63ff6b9
🌱 Fixed the failing lint check
2021-08-01 10:57:22 -05:00
Oliver Chang
7c2117342c
fix tests
2021-08-01 10:57:22 -05:00
Oliver Chang
cf9c860441
Replace personal test repo with ossf-tests repo.
2021-08-01 10:57:22 -05:00
Azeem Shaikh
251a6c4ac8
Linter fix ( #795 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-01 10:59:30 -04:00
Azeem Shaikh
6368c25f54
More linter issues ( #794 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-01 03:42:14 +00:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 ( #793 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-31 22:31:34 +00:00
dependabot[bot]
a66b53ebe4
🌱 Bump peter-evans/slash-command-dispatch from 2.1.3 to 2.2.1 ( #735 )
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.1.3 to 2.2.1.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](72ab5a2e41...fc430081ad
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-07-31 11:12:20 +00:00
Azeem Shaikh
d045a6655f
Catch RuntimeErrors in release testing ( #791 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-30 19:13:17 +00:00
laurentsimon
577061b5e3
✨ enable score results by default ( #788 )
...
* enable v2
* linnter
2021-07-30 15:21:09 +00:00
laurentsimon
29594d4294
✨ change signature of FileIfExist and FileContent ( #787 )
...
* draft
* add pinning
* remove functions
* typo
* commment
* name
2021-07-30 15:09:52 +00:00
laurentsimon
b35cbdcdcf
✨ Make Branch-Protection score more granular ( #777 )
...
* commit
* uni tests
* full score
* typos
* update msg
* remove function
* comments
* linter
* comments
2021-07-30 01:54:19 +00:00
laurentsimon
c48fe4f9ed
✨ Make Token-Permission check more granular ( #773 )
...
* draft
* add tests
* add e2e2 tests
* typos
* typo
* fixes
* linter
* use named value
* comments
* comment
2021-07-30 00:13:01 +00:00
dependabot[bot]
564b10946f
🌱 Bump goreleaser/goreleaser-action from 2.6.1 to 2.7.0 ( #762 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](ac067437f5...5a54d7e660
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-29 21:51:16 +00:00
dependabot[bot]
fae54a6af4
🌱 Bump cloud.google.com/go/pubsub from 1.12.2 to 1.13.0 ( #723 )
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.12.2 to 1.13.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.12.2...pubsub/v1.13.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-07-29 21:28:39 +00:00
Azeem Shaikh
1d1e799f84
Add ListCommits and IsArchived API ( #772 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 14:18:58 -07:00
Azeem Shaikh
d19d436294
Update release test cron job ( #778 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 21:08:48 +00:00
Azeem Shaikh
1e6d99eb20
Remove PullRequest check ( #771 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 20:58:36 +00:00
Azeem Shaikh
59e14eef80
Add validation for checks.yaml ( #781 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 20:29:12 +00:00
Azeem Shaikh
df89767c35
Fix bug in SecurityPolicy ( #761 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 20:09:56 +00:00
Azeem Shaikh
851646d4db
Disable e2e tests temporarily ( #785 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 19:39:39 +00:00
laurentsimon
492d9cd29b
disable license check ( #784 )
2021-07-29 19:30:26 +00:00
laurentsimon
8432a82bc4
✨ Add e2e tests using dedicated repo for pinned-dependencies check ( #766 )
...
* fix
* e2e
* add e2e test from dedicated repo
* e2e update
* linter
* merge
2021-07-29 11:55:25 -07:00
laurentsimon
578c71b03e
text ( #776 )
2021-07-28 15:49:28 -07:00
laurentsimon
24955d62a0
text change ( #775 )
2021-07-28 14:34:20 -07:00
laurentsimon
6536d393f3
remove functions ( #770 )
2021-07-28 08:32:00 -07:00
evalphobia
a4f7d4b5b4
🐛 Fix panic error when RequiredPullRequestReviews is nil ( #768 )
...
* Fix panic error when RequiredPullRequestReviews is nil
* add test
2021-07-28 09:57:26 -04:00
laurentsimon
9edfe2a292
✨ rename Frozen-Deps to Pinned-Dependencies ( #765 )
...
* fix
* more tests
* e2e
* comments
* change name
* linnter
* rename
* lint
2021-07-27 16:32:24 -07:00
Appu
f9e9865fd6
Add version cli subcommand ( #764 )
...
`scorecard version` will print out something like
```
GitVersion: v2.0.0-73-g7fd331a-dirty
GitCommit: 7fd331adf2
GitTreeState: dirty
BuildDate: 2021-07-27T14:14:34Z
GoVersion: go1.16.4
Compiler: gc
Platform: linux/amd64
```
Signed-off-by: Appu Goundan <appu@google.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-07-27 17:37:27 +00:00
Appu
782edb7c18
Update local install instructions to use v2 ( #763 )
...
Signed-off-by: Appu Goundan <appu@google.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
2021-07-27 16:48:47 +00:00
laurentsimon
b8825d8e34
✨ sast cleanup ( #760 )
...
* cleanup
* typo
* typos
* linter
* comments
* msg
* score
* comments
2021-07-27 16:16:44 +00:00
laurentsimon
c044105e33
✨ rename var ( #756 )
...
* rename var
* linter
2021-07-26 17:24:34 -07:00
laurentsimon
2ffeff2dad
cleanup ( #758 )
2021-07-27 08:45:56 +10:00
laurentsimon
a004ffb107
✨ cleanup Frozen-Deps MakeResultAnd
( #742 )
...
* draft
* fixes
* commi 1
* delete file
* clean
* clean 2
* linter
* fix score
* handle err
* in-proress score
* fixes
2021-07-26 22:02:46 +00:00
laurentsimon
8128f9fe68
divide by 0 ( #755 )
2021-07-26 21:37:17 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade ( #716 )
...
The go.mod and the related files weren't t updated with the v2 upgrade.
https://github.com/ossf/scorecard/issues/711
This fix will address the issue.
2021-07-26 13:01:25 -05:00
dependabot[bot]
d6cf4b36bf
🌱 Bump distroless/base from 38778ff
to ccbc79c
( #722 )
...
Bumps distroless/base from `38778ff` to `ccbc79c`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-07-26 12:00:10 -05:00