mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-21 05:57:42 +03:00
2e1059bb76
* 🌱 Add probes for Branch Protection
Signed-off-by: AdamKorcz <adam@adalogics.com>
* specify that Scorecard only considers default and releases branches
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* reduce duplication in blocksDeleteOnBranches
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* use helper to test for boolean values
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Fix typo, mention OutcomeNotAvailable
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix typo and elaborate on effort
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix typo. Specify which branches the probe considers
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Fix copy paste typo
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove '/en' from url
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix remediation level
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Change probe package name
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* improve probe definitions
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* refactor test names
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Change motivation of two probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* downgrade effort of runsStatusChecksBeforeMerging
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* reduce complexity of blocksForcePushOnBranches
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* simplify requiresCodeOwnersReview logic
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix linter issues
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix copy paste error
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* differentiate trueMsg and falseMsg in requiresApproversForPullRequests
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix text in requiresCodeOwnersReview
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change outcome in utils
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix lint issues
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix nit in text
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* use standardized messages
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove 'Uint32LargerThan0'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add number of required reviewers to values. Refactor to avoid nil-dereference
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix nit log message
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Adam Korczynski <adam@adalogics.com>
60 lines
1.7 KiB
Go
60 lines
1.7 KiB
Go
// Copyright 2023 OpenSSF Scorecard Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
//nolint:stylecheck
|
|
package requiresLastPushApproval
|
|
|
|
import (
|
|
"embed"
|
|
"fmt"
|
|
|
|
"github.com/ossf/scorecard/v4/checker"
|
|
"github.com/ossf/scorecard/v4/finding"
|
|
"github.com/ossf/scorecard/v4/probes/internal/utils/branchprotection"
|
|
"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
|
|
)
|
|
|
|
//go:embed *.yml
|
|
var fs embed.FS
|
|
|
|
const Probe = "requiresLastPushApproval"
|
|
|
|
func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
|
|
if raw == nil {
|
|
return nil, "", fmt.Errorf("%w: raw", uerror.ErrNil)
|
|
}
|
|
|
|
r := raw.BranchProtectionResults
|
|
var findings []finding.Finding
|
|
|
|
for i := range r.Branches {
|
|
branch := &r.Branches[i]
|
|
|
|
p := branch.BranchProtectionRule.RequireLastPushApproval
|
|
text, outcome, err := branchprotection.GetTextOutcomeFromBool(p, "last push approval", *branch.Name)
|
|
if err != nil {
|
|
return nil, Probe, fmt.Errorf("create finding: %w", err)
|
|
}
|
|
f, err := finding.NewWith(fs, Probe, text, nil, outcome)
|
|
if err != nil {
|
|
return nil, Probe, fmt.Errorf("create finding: %w", err)
|
|
}
|
|
f = f.WithValues(map[string]int{
|
|
*branch.Name: 1,
|
|
})
|
|
findings = append(findings, *f)
|
|
}
|
|
return findings, Probe, nil
|
|
}
|