scorecard/options/flags.go
Raghav Kaul bfaa9febc2
probe: releases with verified provenance (#4141)
* add projectpackageversions to signed releases raw results

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* finding: add NewNot* helpers, fix error msg

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* probe: releasesHaveVerifiedProvenance

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* logging

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* fix tests and lint

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* address comments

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* remove unused

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* fix merge conflict

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-06-07 10:15:20 -07:00

228 lines
5.2 KiB
Go

// Copyright 2022 OpenSSF Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package options
import (
"fmt"
"strings"
"github.com/spf13/cobra"
"github.com/ossf/scorecard/v5/checks"
)
const (
// FlagRepo is the flag name for specifying a repository.
FlagRepo = "repo"
// FlagLocal is the flag name for specifying a local run.
FlagLocal = "local"
// FlagCommit is the flag name for specifying a commit.
FlagCommit = "commit"
// FlagLogLevel is the flag name for specifying the log level.
FlagLogLevel = "verbosity"
// FlagNPM is the flag name for specifying a NPM repository.
FlagNPM = "npm"
// FlagPyPI is the flag name for specifying a PyPI repository.
FlagPyPI = "pypi"
// FlagRubyGems is the flag name for specifying a RubyGems repository.
FlagRubyGems = "rubygems"
// FlagNuget is the flag name for specifying a Nuget repository.
FlagNuget = "nuget"
// FlagMetadata is the flag name for specifying metadata for the project.
FlagMetadata = "metadata"
// FlagShowDetails is the flag name for outputting additional check info.
FlagShowDetails = "show-details"
// FlagShowAnnotations is the flag name for outputting annotations on checks.
FlagShowAnnotations = "show-annotations"
// FlagChecks is the flag name for specifying which checks to run.
FlagChecks = "checks"
// FlagPolicyFile is the flag name for specifying a policy file.
FlagPolicyFile = "policy"
// FlagFormat is the flag name for specifying output format.
FlagFormat = "format"
// FlagResultsFile is the flag name for specifying output file.
FlagResultsFile = "output"
// ShorthandFlagResultsFile is the shorthand flag name for specifying output file.
ShorthandFlagResultsFile = "o"
FlagCommitDepth = "commit-depth"
FlagProbes = "probes"
)
// Command is an interface for handling options for command-line utilities.
type Command interface {
// AddFlags adds this options' flags to the cobra command.
AddFlags(cmd *cobra.Command)
}
// AddFlags adds this options' flags to the cobra command.
func (o *Options) AddFlags(cmd *cobra.Command) {
cmd.Flags().StringVar(
&o.Repo,
FlagRepo,
o.Repo,
"repository to check (valid inputs: \"owner/repo\", \"github.com/owner/repo\", \"https://github.com/repo\")",
)
cmd.Flags().StringVar(
&o.Local,
FlagLocal,
o.Local,
"local folder to check",
)
cmd.Flags().StringVar(
&o.Commit,
FlagCommit,
o.Commit,
"commit to analyze",
)
cmd.Flags().StringVar(
&o.LogLevel,
FlagLogLevel,
o.LogLevel,
"Set the log level. Possible values are: 'info', 'debug', 'warn'. Add --show-details to see the results.",
)
cmd.Flags().StringVar(
&o.NPM,
FlagNPM,
o.NPM,
"npm package to check, given that the npm package has a GitHub repository",
)
cmd.Flags().StringVar(
&o.PyPI,
FlagPyPI,
o.PyPI,
"pypi package to check, given that the pypi package has a GitHub repository",
)
cmd.Flags().StringVar(
&o.RubyGems,
FlagRubyGems,
o.RubyGems,
"rubygems package to check, given that the rubygems package has a GitHub repository",
)
cmd.Flags().StringVar(
&o.Nuget,
FlagNuget,
o.Nuget,
"nuget package to check, given that the nuget package has a GitHub repository",
)
cmd.Flags().StringSliceVar(
&o.Metadata,
FlagMetadata,
o.Metadata,
"metadata for the project. It can be multiple separated by commas",
)
cmd.Flags().BoolVar(
&o.ShowDetails,
FlagShowDetails,
o.ShowDetails,
"show extra details about each check",
)
if o.isExperimentalEnabled() {
cmd.Flags().BoolVar(
&o.ShowAnnotations,
FlagShowAnnotations,
o.ShowAnnotations,
"show maintainers annotations for checks",
)
}
cmd.Flags().IntVar(
&o.CommitDepth,
FlagCommitDepth,
o.CommitDepth,
"number of commits to check, commits begin backwards from the HEAD",
)
checkNames := []string{}
for checkName := range checks.GetAll() {
checkNames = append(checkNames, checkName)
}
cmd.Flags().StringSliceVar(
&o.ChecksToRun,
FlagChecks,
o.ChecksToRun,
fmt.Sprintf("Checks to run. Possible values are: %s", strings.Join(checkNames, ",")),
)
cmd.Flags().StringSliceVar(
&o.ProbesToRun,
FlagProbes,
o.ProbesToRun,
"Probes to run.",
)
// TODO(options): Extract logic
allowedFormats := []string{
FormatDefault,
FormatJSON,
FormatProbe,
}
if o.isSarifEnabled() {
cmd.Flags().StringVar(
&o.PolicyFile,
FlagPolicyFile,
o.PolicyFile,
"policy to enforce",
)
allowedFormats = append(allowedFormats, FormatSarif)
}
cmd.Flags().StringVar(
&o.Format,
FlagFormat,
o.Format,
fmt.Sprintf(
"output format. Possible values are: %s",
strings.Join(allowedFormats, ", "),
),
)
cmd.Flags().StringVarP(
&o.ResultsFile,
FlagResultsFile,
ShorthandFlagResultsFile,
o.ResultsFile,
"output file",
)
}