dependabot[bot]
3ad35e3661
🌱 Bump actions/github-script from v3 to v4.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from v3 to v4.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v3...85e88a66eaa831097093a3d278536947f2984d20 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-22 08:37:01 -04:00
Oliver Chang
158c2cdbde
Fix typo in scorecard date format. ( #353 )
2021-04-21 21:16:26 -07:00
Azeem Shaikh
bd3eff1fcf
✨ Cron job uses line-delimited JSON ( #344 )
...
* ✨ Refactor to reduce code duplication
* ✨
* Move lib/ back to checker/
* Move lib/ back to checker/
* Move lib/ back to checker/
* Address PR comments.
* Addressing PR comments.
* Separate out ReposURL nito repos/
* Add TODO in gitcache module.
* Add RepoRequest/Response types.
* Avoid printing `ShouldRetry` and `Error` in output JSON.
* Fix JSON output.
* Simplify cmd package.
* Make cron/ a package instead of module.
* Fix TODO.
* Remove binary file.
* go.mod file.
* go.mod updates.
* Refactor cron to use in-memory JSON.
* Fix JSON output.
* Fix go.mod
* Address PR comments.
* Change %w -> %v.
* Address PR comments.
* Fix err.
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-19 12:49:51 -07:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) ( #348 )
...
* Fix lint issues: whitespace linter
* Fix lint issues: wrapcheck linter
* Fix lint issues: errcheck linter
* Fix lint issues: paralleltest linter
* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
2021-04-19 12:18:34 -07:00
Oliver Chang
df27afd3b3
✨ Make checks documentation machine readable. ( #345 )
...
* ✨ Make checks documentation machine readable.
Make checks.yaml as a machine and human readable source of truth of
checks documentation.
A tiny Python script is also added to generate checks.json and checks.md
from this file.
* move checks scripts and files
2021-04-16 11:15:56 -07:00
naveen
1d3821e08c
🌱 Fix concurrent cronjob execution
...
* With the increased scans the cronjob is running longer than expected
which was causing the multiple jobs to be executing concurrently.
* Changed the concurrent policy to "Forbid" to avoid it.
2021-04-14 09:35:26 -05:00
Naveen
8e352e408a
🌱 Included make targets for update binary ( #340 )
...
* Include the build and go mod verify targets to the update binary.
2021-04-13 01:36:45 +00:00
naveen
9397708318
✨ Handle vendored repos dependency
...
*Handle vendored repos for go dependency
* Add additional repositories for projects.txt
2021-04-12 15:50:10 -05:00
Naveen
f02df30b61
✨ Included dependency parsing for go ( #337 )
...
* Included dependency parsing of go.mod files.
* Parse vanity URL in go.mod to add dependencies
* Updated dependencies for scorecard and cosign based on the vanity URL's.
2021-04-10 12:21:51 -05:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring ( #338 )
...
* ✨ Refactor to reduce code duplication
* ✨
* Move lib/ back to checker/
* Move lib/ back to checker/
* Move lib/ back to checker/
* Address PR comments.
* Addressing PR comments.
* Avoid printing `ShouldRetry` and `Error` in output JSON.
* Fix JSON output.
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-10 07:26:56 -05:00
naveen
6aad826067
🌱 Included dependencies for k8s
...
* Included the k8s dependencies.
2021-04-08 14:17:56 -05:00
naveen
c2236f68f8
🌱 Updated commit message for dependabot
...
* Updated commit message to have 🌱 prefix in dependabot PR.
2021-04-08 14:13:44 -05:00
dependabot[bot]
4b997019d5
Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 in /gitcache
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.16.0 to 1.16.1.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.0...v1.16.1 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-08 10:52:04 -05:00
dependabot[bot]
fc0eac922a
Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.16.0 to 1.16.1.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.0...v1.16.1 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-08 09:27:08 -05:00
dependabot[bot]
f8fdccb478
Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 in /gitcache
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.2...v1.16.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-05 12:22:30 -05:00
dependabot[bot]
e0cd796b7f
Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.2...v1.16.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-05 12:12:04 -05:00
asraa
8a5f9a8ea7
zero pad dates ( #328 )
...
Signed-off-by: Asra Ali <asraa@google.com>
2021-04-05 07:57:37 -07:00
Abhishek Arya
f15a6bfbf0
Dont retry and log http get failures. ( #324 )
2021-04-04 10:24:14 -07:00
Asra Ali
ed8d5801bc
Add updater to collect deps in project files and add to projects.txt
...
Signed-off-by: Asra Ali <asraa@google.com>
2021-04-02 12:57:57 -05:00
dependabot[bot]
3f70d82ce0
Bump golang from 1.16.2 to 1.16.3
...
Bumps golang from 1.16.2 to 1.16.3.
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-02 12:03:43 -05:00
nathannaveen
f5185e4bd6
🌱 included copyright headers.
2021-04-01 21:36:10 -05:00
naveen
6d9463bf60
🌱 Upgrade golang docker container
...
Golang docker container upgrade.
2021-04-01 19:43:30 -05:00
Chris McGehee
7432e5e6f9
using make targets in docker builds
2021-03-30 14:12:24 -04:00
dependabot[bot]
8ef259d250
Bump github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0 in /gitcache
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.2.0 to 5.3.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.2.0...v5.3.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-03-30 13:04:31 -04:00
naveen
2f62126a3e
🐛 Fix docker buildx syntax
...
The docker build syntax was in incorrect location which was causing the
builds to fail.
https://github.com/docker/buildx/issues/348#issuecomment-709155842
2021-03-29 23:59:21 -04:00
Naveen
3e4432ceea
Update PULL_REQUEST_TEMPLATE.md
2021-03-24 17:11:02 -04:00
Naveen
0e5b8e63f2
Eating your own dog food
...
Eating your own dog food
2021-03-22 18:00:20 -04:00
naveen
775a83a2f7
🌱 update dependabot for cron and scripts
...
The cron and scripts are based on go.mod. The dependabot settings are
updated to watch those folders.
2021-03-22 11:50:01 -04:00
naveen
7622cea5a6
🌱 updated the makefile to include scripts and cron
...
Updated the makefile to include scripts and cron.
2021-03-22 11:42:18 -04:00
naveen
688dc5e6c7
✨ Refactor cron job
...
* Refactored cron job from shell script to go.
* Included metadata to the projects.txt for envoy
* Included checks for duplicate item in projects.txt
* Sorted the projects.txt so that it is easier for someone to look for a
project
2021-03-21 22:31:07 -04:00
naveen
52e742cce9
📖 Instructions on PR process
...
* Included instructions in the PR process.
2021-03-21 11:11:30 -04:00
naveen
ba42e1ab7b
🌱 Changed cron to run everyday
...
With the latest fix for roundrobin token usage, the cron can run
everyday.
2021-03-19 11:50:26 -04:00
Asra Ali
7a2675532a
add envoy deps statically
...
Signed-off-by: Asra Ali <asraa@google.com>
2021-03-19 10:07:33 -04:00
Naveen
1a81741624
🌱 Remove branch protection check from cron ( #290 )
...
The branch protection check needs an admin access to the repository. All
of the checks from cron would fail and uses another call to the API.
This will reduce usage of the API.
2021-03-19 07:27:09 -04:00
naveen
8427362772
🌱 verifier to generate release notes
...
The verifier helps release notes generation.
https://github.com/kubernetes-sigs/kubebuilder-release-tools
https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/verify/main.go
2021-03-18 12:19:06 -04:00
naveen
5b9991e3c4
chore - remove debug log for roundtripper
...
Remove the debug log for the roundtripper which is flooding.
2021-03-18 10:49:13 -04:00
Naveen
7ff09db2ed
Fix-Using Roundrobin tokens across multiple calls ( #284 )
...
The GitHub tokens are picked from a list for each call using Roundrobin approach.
2021-03-17 21:41:29 +00:00
dependabot[bot]
8333f1e328
Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.15.1 to 1.15.2.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.1...v1.15.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-03-17 15:18:13 -04:00
dependabot[bot]
5b4723b13e
Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 in /gitcache
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.15.1 to 1.15.2.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.1...v1.15.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-03-17 08:59:32 -04:00
naveen
c62e667f7c
Docs - Included instructions for deploying cron
...
Included instructions for deployment of the k8s cron job for the daily
score.
2021-03-16 10:15:14 -04:00
naveen
27ec7fff8d
Docs - Updated the docs for cron
...
Included a section within the CONTRIBUTING.md about the dailyscore and
cron job.
2021-03-15 12:38:58 -04:00
Naveen
4b4d0f0a01
Fix - out of memory error for large repository ( #276 )
...
The httpcache client caches everything in memory and if the repository
is large then the process gets evicted with oom.
Changed the implementation to use the standard http client to fetch the
tarball.
2021-03-14 21:50:17 -04:00
NirmalaY12
6a224d1693
Update projects.txt
...
Scan on github.com/mwiede/jsch
2021-03-14 21:37:18 -04:00
naveen
88de2df279
Feat-Use synk to check cron-job security settings
...
Use synk to check for cron-job yaml for secuity misconfiguration.
2021-03-12 21:03:29 -05:00
naveen
3489c83404
Feat - Include synk check for k8s yaml
...
Synk has set of rules to validate the k8s yaml for insecure
configuration.
This action will validate the k8s yaml for insecure configuration.
2021-03-12 20:56:00 -05:00
naveen
3d6b080241
Doc - Included gitcache documentation
...
Included documentation for gitcache.
2021-03-12 19:24:29 -05:00
naveen
0eaa4ff3d0
Fix - Made the results.json wellformed from cron
...
Fixed the results.json to be wellformed from the cron job.
Changed the docker image from gsutil to cloudsdk:slim to `sed` binary
which is being used with the cron.sh
2021-03-11 21:58:54 -05:00
naveen
b8768a0eb3
Fix - Set resource limits for the cron pod
2021-03-11 12:03:14 -05:00
Naveen
cccf74cb60
Fix - yaml string quotes. ( #266 )
...
The `yaml` string was missing quotes.
2021-03-11 16:06:46 +00:00
naveen
2978ae550a
Fix - signed-tags e2e tests.
...
The signed tags e2e tests were failing because apache/airflow pushed
tags without signing.
Changed from apache/airflow to bitcoin/bitcoin.
2021-03-11 10:59:03 -05:00