[SUPERSEDED] Action migrate #1961
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
justaugustus
requested review from
olivekl,
azeemshaikh38 and
laurentsimon
as code owners
* starter workflows * add EOL * change msg * add EOL * comment * comment * update msg * commments
* rem policy * badge support
Porting the shellscript to go Signed-off-by: naveen <[email protected]>
- Porting the shell script to go - Including additional tests - Code cleanup for the linter. Signed-off-by: naveen <[email protected]>
More porting of shell script to go. Tests associated with the new changes.
- Final bits of porting the shell script to `go` - Tests included for the commandline args to Scorecard.
* enable workflow at organization level * added more error checking * added README, minor fixes * added support for specifying repo list * skip repo checks, started writing test * dynamically pull latest workflow file * cleanup * test file resources * reverted to statically storing workflow file * removed token * updated readme * skip repo upon failure instead of exiting * renamed global var Co-authored-by: Naveen <[email protected]>
…recard-action#122) * Move entrypoint logic to separate package * options: env var-mapped structs via github.com/caarlos0/env/v6 * go.mod: Update scorecard to v4.1.1-0.20220306220811-4b9f0389c6f6 * entrypoint: Wrap scorecard with additional flags and hide unused * entrypoint: Add `print-config` command * options: Process GitHub info together * options: Cleanups and defaulting for action-specific settings * github: Move GitHub logic to a separate package * entrypoint: Support outputting to file * Rewrite unit tests * Allow options tests to pass in GitHub Actions environments Signed-off-by: Stephen Augustus <[email protected]>
- (Makefile) Created a makefile for building scorecard-action - (entrypoint.go) Changed resultsFilePath so that it is under the GithubWorkspace dir to fix file permission errors - (options.go) Properly pull & set EnvInputResultsFormat, EnvInputResultsFile, and EnvGithubAuthToken env vars - (options_test.go) Set EnvInputResultsFormat and EnvInputResultsFile before calling options.New() to see if it properly picks up env vars. Co-authored-by: Stephen Augustus <[email protected]>
…f/scorecard-action#129) The remediation section states that only a passing score is required for this check to pass: > We give full credit to projects that meet the passing criteria, which is a significant achievement for many projects. A passing score currently equals 5. https://github.com/ossf/scorecard/blob/e128c3de82607e1b285185da9c76a5262255b180/checks/cii_best_practices.go See #110 for more details. Co-authored-by: laurentsimon <[email protected]>
* fixed Dockerfile * / before policy filepath
* test action * sign test data * func to sign and upload workflow result * added signScorecardResult func and test * added signScorecardResult func and test * moved signing code into main.go * added call to signScorecardResult at the end of main * added err checking * comments and added global vars * style changes * updated test to use randomized payload * check publish_results * error logging for signScorecardResult call * error logging * entrypoint * updated dockerfile * dockerfile * dockerfile * EnvInputsResults vars added to Options * resultsfile env var * set PAT * create results file with sudo * sudo create resultsfile * try os.Openfile * fixed fileapth * changed Distroless to debian * get output format from env var * fixed defaultpolicyfile path * policy filepath * copy policy.yml in dockerfile * policyfile * moved signing code to separate file * dockerfile * generate results.json file in preRun * revert dockerfile to main * json file creation check * run scorecard again to produce json output * testing * entrypointJson * print cmd * alter env vars in main for json * opts * dockerfile uses entrypoint.go * renamed make build * produce both sarif and json * sign json result * sig verification api call * go mod tidy * readfile fix * sign sarif instead of json * http response code checking * moved api call func into signing.go * dont hardcode repo paths * finalized signing + verif * renamed sign test * Bump debian from d5cd7e5 to 40f90ea * removed unnecessary slash * comments * policy.yml -> /policy.yml * refractored signing * more refractoring + sig processing test * fixed func call * fixed sign test * style + error fmt * reverted dockerfile * style fixes * lint fixes * linting errs * test workflow permissions * debug print * commented out signing test * linting errors Co-authored-by: Azeem Shaikh <[email protected]>
* test action * fixed Dockerfile * / before policy filepath * default branch checking + log * revert logging * remove lookupenv * Dockerfile use golang entrypoint * fixed test githubRef env * revert dockerfile * revert dockerfile
…action#197) * test action * sign test data * func to sign and upload workflow result * added signScorecardResult func and test * added signScorecardResult func and test * moved signing code into main.go * added call to signScorecardResult at the end of main * added err checking * comments and added global vars * style changes * updated test to use randomized payload * check publish_results * error logging for signScorecardResult call * error logging * entrypoint * updated dockerfile * dockerfile * dockerfile * EnvInputsResults vars added to Options * resultsfile env var * set PAT * create results file with sudo * sudo create resultsfile * try os.Openfile * fixed fileapth * changed Distroless to debian * get output format from env var * fixed defaultpolicyfile path * policy filepath * copy policy.yml in dockerfile * policyfile * moved signing code to separate file * dockerfile * generate results.json file in preRun * revert dockerfile to main * json file creation check * run scorecard again to produce json output * testing * entrypointJson * print cmd * alter env vars in main for json * opts * dockerfile uses entrypoint.go * renamed make build * produce both sarif and json * sign json result * sig verification api call * go mod tidy * readfile fix * sign sarif instead of json * http response code checking * moved api call func into signing.go * dont hardcode repo paths * finalized signing + verif * renamed sign test * Bump debian from d5cd7e5 to 40f90ea * removed unnecessary slash * comments * policy.yml -> /policy.yml * refractored signing * more refractoring + sig processing test * fixed func call * fixed sign test * style + error fmt * reverted dockerfile * style fixes * lint fixes * linting errs * test workflow permissions * debug print * commented out signing test * linting errors Co-authored-by: Azeem Shaikh <[email protected]>
* set GITHUB_TOKEN as default token * updates * Update doc * Update doc * updates * updates * update * update * update * update * updates
- install: Move action installation into a separate package - Add missing license headers - install: Fix unrecognized variables - lint: Fix warnings and attempt to auto-fix issues (where supported) - install: Parameterize config - install: Borrow GitHub client pattern from sigs.k8s.io/release-sdk - install: Use package-internal GitHub interface - install: Provide installation options as struct - install: Initial error/log handling cleanups - install: Use cobra for CLI - Remove inaccurate instances of workflow configuration file - multi-repo-action: Disable incomplete tests - install: Retrieve the correct action configuration from local path Signed-off-by: Stephen Augustus <[email protected]>
Signed-off-by: Stephen Augustus <[email protected]>
Signed-off-by: Stephen Augustus <[email protected]>
justaugustus
force-pushed
the
action-migrate
branch
from
c89b61b to
f60ac6d
Compare
2 tasks
|
Superseded by #1962. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Superseded by #1962.