diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 15a2f73f3f26..729dedd0477c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -61,6 +61,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL + uses: github/codeql-action/init@678fc3afe258fb2e0cdc165ccf77b85719de7b3c # v1 with: languages: ${{ matrix.language }} diff --git a/Makefile b/Makefile index d1dcddeb4236..046756513575 100644 --- a/Makefile +++ b/Makefile @@ -243,6 +243,7 @@ build-attestor: ## Runs go build on scorecard attestor # Run go build on scorecard attestor cd attestor/; CGO_ENABLED=0 go build -trimpath -a -tags netgo -ldflags '$(LDFLAGS)' -o scorecard-attestor + build-attestor-docker: ## Build scorecard-attestor Docker image build-attestor-docker: DOCKER_BUILDKIT=1 docker build . --file attestor/Dockerfile \ diff --git a/attestor/command/check.go b/attestor/command/check.go index 7185c4594b6f..c8c234f042e3 100644 --- a/attestor/command/check.go +++ b/attestor/command/check.go @@ -97,6 +97,7 @@ func runCheck() (policy.PolicyResult, error) { ctx, repo, commitSHA, + 0, enabledChecks, repoClient, ossFuzzRepoClient, diff --git a/attestor/e2e/command_test.go b/attestor/e2e/command_test.go index 1be27a2a3d89..e90fc3112788 100644 --- a/attestor/e2e/command_test.go +++ b/attestor/e2e/command_test.go @@ -18,6 +18,7 @@ import ( "strings" "testing" + "github.com/spf13/cobra" "github.com/ossf/scorecard-attestor/command" diff --git a/checks/binary_artifact_test.go b/checks/binary_artifact_test.go index d36979451158..94b4c8cee04f 100644 --- a/checks/binary_artifact_test.go +++ b/checks/binary_artifact_test.go @@ -71,7 +71,7 @@ func TestBinaryArtifacts(t *testing.T) { ctx := context.Background() client := localdir.CreateLocalDirClient(ctx, logger) - if err := client.InitRepo(repo, clients.HeadSHA); err != nil { + if err := client.InitRepo(repo, clients.HeadSHA, 0); err != nil { t.Errorf("InitRepo: %v", err) } diff --git a/checks/license_test.go b/checks/license_test.go index 450b86262512..bb2b63192942 100644 --- a/checks/license_test.go +++ b/checks/license_test.go @@ -75,7 +75,7 @@ func TestLicenseFileSubdirectory(t *testing.T) { ctx := context.Background() client := localdir.CreateLocalDirClient(ctx, logger) - if err := client.InitRepo(repo, clients.HeadSHA); err != nil { + if err := client.InitRepo(repo, clients.HeadSHA, 0); err != nil { t.Errorf("InitRepo: %v", err) } diff --git a/checks/raw/security_policy.go b/checks/raw/security_policy.go index b0c8977c6f8c..1fb2fa4ac4b0 100644 --- a/checks/raw/security_policy.go +++ b/checks/raw/security_policy.go @@ -72,10 +72,10 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error) if err != nil { return checker.SecurityPolicyData{}, fmt.Errorf("unable to create gitlab client: %w", err) } - err = client.InitRepo(c.Repo, clients.HeadSHA) + err = client.InitRepo(c.Repo, clients.HeadSHA, 0) } else { client = githubrepo.CreateGithubRepoClient(c.Ctx, logger) - err = client.InitRepo(c.Repo.Org(), clients.HeadSHA) + err = client.InitRepo(c.Repo.Org(), clients.HeadSHA, 0) } switch { case err == nil: diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 18288f9b0a38..bd2c1e74ad91 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -55,10 +55,11 @@ type Client struct { languages *languagesHandler ctx context.Context tarball tarballHandler + commitDepth int } // InitRepo sets up the GitHub repo in local storage for improving performance and GitHub token usage efficiency. -func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error { +func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitDepth int) error { ghRepo, ok := inputRepo.(*repoURL) if !ok { return fmt.Errorf("%w: %v", errInputRepoType, inputRepo) @@ -69,7 +70,11 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error { if err != nil { return sce.WithMessage(sce.ErrRepoUnreachable, err.Error()) } - + if commitDepth <= 0 { + client.commitDepth = 30 // default + } else { + client.commitDepth = commitDepth + } client.repo = repo client.repourl = &repoURL{ owner: repo.Owner.GetLogin(), @@ -82,7 +87,7 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error { client.tarball.init(client.ctx, client.repo, commitSHA) // Setup GraphQL. - client.graphClient.init(client.ctx, client.repourl) + client.graphClient.init(client.ctx, client.repourl, client.commitDepth) // Setup contributorsHandler. client.contributors.init(client.ctx, client.repourl) @@ -138,6 +143,7 @@ func (client *Client) ListCommits() ([]clients.Commit, error) { // ListIssues implements RepoClient.ListIssues. func (client *Client) ListIssues() ([]clients.Issue, error) { + // here you would need to pass commitDepth or something return client.graphClient.getIssues() } @@ -295,7 +301,7 @@ func CreateOssFuzzRepoClient(ctx context.Context, logger *log.Logger) (clients.R } ossFuzzRepoClient := CreateGithubRepoClient(ctx, logger) - if err := ossFuzzRepoClient.InitRepo(ossFuzzRepo, clients.HeadSHA); err != nil { + if err := ossFuzzRepoClient.InitRepo(ossFuzzRepo, clients.HeadSHA, 0); err != nil { return nil, fmt.Errorf("error during InitRepo: %w", err) } return ossFuzzRepoClient, nil diff --git a/clients/githubrepo/graphql.go b/clients/githubrepo/graphql.go index 18254a12b0e4..7b0477ddbbe5 100644 --- a/clients/githubrepo/graphql.go +++ b/clients/githubrepo/graphql.go @@ -36,7 +36,6 @@ const ( issueCommentsToAnalyze = 30 reviewsToAnalyze = 30 labelsToAnalyze = 30 - commitsToAnalyze = 30 ) var errNotCached = errors.New("result not cached") @@ -100,7 +99,12 @@ type graphqlData struct { } } `graphql:"associatedPullRequests(first: $pullRequestsToAnalyze)"` } - } `graphql:"history(first: $commitsToAnalyze)"` + PageInfo struct { + StartCursor githubv4.String + EndCursor githubv4.String + HasNextPage bool + } + } `graphql:"history(first: $commitsToAnalyze, after: $historyCursor)"` } `graphql:"... on Commit"` } `graphql:"object(expression: $commitExpression)"` Issues struct { @@ -183,9 +187,10 @@ type graphqlHandler struct { commits []clients.Commit issues []clients.Issue archived bool + commitDepth int } -func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL) { +func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL, commitDepth int) { handler.ctx = ctx handler.repourl = repourl handler.data = new(graphqlData) @@ -195,6 +200,32 @@ func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL) { handler.setupCheckRunsOnce = new(sync.Once) handler.checkRuns = checkRunCache{} handler.logger = log.NewLogger(log.DefaultLevel) + handler.commitDepth = commitDepth +} + +func populateCommits(handler *graphqlHandler, vars map[string]interface{}) ([]clients.Commit, error) { + var allCommits []clients.Commit + var commitsLeft githubv4.Int + commitsLeft, ok := vars["commitsToAnalyze"].(githubv4.Int) + if !ok { + return nil, nil + } + for vars["commitsToAnalyze"] = githubv4.Int(100); commitsLeft > 0; commitsLeft = commitsLeft - 100 { + if commitsLeft < 100 { + vars["commitsToAnalyze"] = commitsLeft + } + err := handler.client.Query(handler.ctx, handler.data, vars) + if err != nil { + return nil, fmt.Errorf("failed to populate commits: %w", err) + } + vars["historyCursor"] = handler.data.Repository.Object.Commit.History.PageInfo.EndCursor + tmp, err := commitsFrom(handler.data, handler.repourl.owner, handler.repourl.repo) + if err != nil { + return nil, fmt.Errorf("failed to populate commits: %w", err) + } + allCommits = append(allCommits, tmp...) + } + return allCommits, nil } func (handler *graphqlHandler) setup() error { @@ -208,19 +239,24 @@ func (handler *graphqlHandler) setup() error { "issueCommentsToAnalyze": githubv4.Int(issueCommentsToAnalyze), "reviewsToAnalyze": githubv4.Int(reviewsToAnalyze), "labelsToAnalyze": githubv4.Int(labelsToAnalyze), - "commitsToAnalyze": githubv4.Int(commitsToAnalyze), + "commitsToAnalyze": githubv4.Int(handler.commitDepth), "commitExpression": githubv4.String(commitExpression), + "historyCursor": (*githubv4.String)(nil), + } + // if NumberOfCommits set to < 99 we are required by the graphql to page by 100 commits. + if handler.commitDepth > 99 { + handler.commits, handler.errSetup = populateCommits(handler, vars) + handler.issues = issuesFrom(handler.data) + handler.archived = bool(handler.data.Repository.IsArchived) + return } if err := handler.client.Query(handler.ctx, handler.data, vars); err != nil { handler.errSetup = sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("githubv4.Query: %v", err)) return } - handler.archived = bool(handler.data.Repository.IsArchived) handler.commits, handler.errSetup = commitsFrom(handler.data, handler.repourl.owner, handler.repourl.repo) - if handler.errSetup != nil { - return - } handler.issues = issuesFrom(handler.data) + handler.archived = bool(handler.data.Repository.IsArchived) }) return handler.errSetup } @@ -232,10 +268,16 @@ func (handler *graphqlHandler) setupCheckRuns() error { "owner": githubv4.String(handler.repourl.owner), "name": githubv4.String(handler.repourl.repo), "pullRequestsToAnalyze": githubv4.Int(pullRequestsToAnalyze), - "commitsToAnalyze": githubv4.Int(commitsToAnalyze), + "commitsToAnalyze": githubv4.Int(handler.commitDepth), "commitExpression": githubv4.String(commitExpression), "checksToAnalyze": githubv4.Int(checksToAnalyze), } + // TODO(#2224): + // sast and ci checks causes cache miss if commits dont match number of check runs. + // paging for this needs to be implemented if using higher than 100 --number-of-commits + if handler.commitDepth > 99 { + vars["commitsToAnalyze"] = githubv4.Int(99) + } if err := handler.client.Query(handler.ctx, handler.checkData, vars); err != nil { // quit early without setting crsErrSetup for "Resource not accessible by integration" error // for whatever reason, this check doesn't work with a GITHUB_TOKEN, only a PAT @@ -325,7 +367,7 @@ func parseCheckRuns(data *checkRunsGraphqlData) checkRunCache { return checkCache } -//nolint +// nolint func commitsFrom(data *graphqlData, repoOwner, repoName string) ([]clients.Commit, error) { ret := make([]clients.Commit, 0) for _, commit := range data.Repository.Object.Commit.History.Nodes { diff --git a/clients/githubrepo/graphql_e2e_test.go b/clients/githubrepo/graphql_e2e_test.go index ea0aa9b44d07..a47d6531f3d7 100644 --- a/clients/githubrepo/graphql_e2e_test.go +++ b/clients/githubrepo/graphql_e2e_test.go @@ -16,11 +16,15 @@ package githubrepo import ( "context" + "net/http" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + "github.com/shurcooL/githubv4" "github.com/ossf/scorecard/v4/clients" + "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" + "github.com/ossf/scorecard/v4/log" ) var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() { @@ -32,6 +36,108 @@ var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() { } }) + Context("E2E TEST: Confirm Paging Commits Works", func() { + It("Should only have 1 commit", func() { + _repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + _vars := map[string]interface{}{ + "owner": githubv4.String("ossf"), + "name": githubv4.String("scorecard"), + "pullRequestsToAnalyze": githubv4.Int(1), + "issuesToAnalyze": githubv4.Int(30), + "issueCommentsToAnalyze": githubv4.Int(30), + "reviewsToAnalyze": githubv4.Int(30), + "labelsToAnalyze": githubv4.Int(30), + "commitsToAnalyze": githubv4.Int(1), + "commitExpression": githubv4.String("heads/main"), + "historyCursor": (*githubv4.String)(nil), + } + _ctx := context.Background() + _logger := log.NewLogger(log.DebugLevel) + _rt := roundtripper.NewTransport(_ctx, _logger) + _httpClient := &http.Client{ + Transport: _rt, + } + _graphClient := githubv4.NewClient(_httpClient) + _handler := &graphqlHandler{ + client: _graphClient, + } + _handler.init(context.Background(), _repourl, 1) + commits, err := populateCommits(_handler, _vars) + Expect(err).To(BeNil()) + Expect(len(commits)).Should(BeEquivalentTo(1)) + }) + It("Should have 30 commits", func() { + _repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + _vars := map[string]interface{}{ + "owner": githubv4.String("ossf"), + "name": githubv4.String("scorecard"), + "pullRequestsToAnalyze": githubv4.Int(1), + "issuesToAnalyze": githubv4.Int(30), + "issueCommentsToAnalyze": githubv4.Int(30), + "reviewsToAnalyze": githubv4.Int(30), + "labelsToAnalyze": githubv4.Int(30), + "commitsToAnalyze": githubv4.Int(30), + "commitExpression": githubv4.String("heads/main"), + "historyCursor": (*githubv4.String)(nil), + } + _ctx := context.Background() + _logger := log.NewLogger(log.DebugLevel) + _rt := roundtripper.NewTransport(_ctx, _logger) + _httpClient := &http.Client{ + Transport: _rt, + } + _graphClient := githubv4.NewClient(_httpClient) + _handler := &graphqlHandler{ + client: _graphClient, + } + _handler.init(context.Background(), _repourl, 30) + commits, err := populateCommits(_handler, _vars) + Expect(err).To(BeNil()) + Expect(len(commits)).Should(BeEquivalentTo(30)) + }) + It("Should have 101 commits", func() { + _repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + _vars := map[string]interface{}{ + "owner": githubv4.String("ossf"), + "name": githubv4.String("scorecard"), + "pullRequestsToAnalyze": githubv4.Int(1), + "issuesToAnalyze": githubv4.Int(30), + "issueCommentsToAnalyze": githubv4.Int(30), + "reviewsToAnalyze": githubv4.Int(30), + "labelsToAnalyze": githubv4.Int(30), + "commitsToAnalyze": githubv4.Int(101), + "commitExpression": githubv4.String("heads/main"), + "historyCursor": (*githubv4.String)(nil), + } + _ctx := context.Background() + _logger := log.NewLogger(log.DebugLevel) + _rt := roundtripper.NewTransport(_ctx, _logger) + _httpClient := &http.Client{ + Transport: _rt, + } + _graphClient := githubv4.NewClient(_httpClient) + _handler := &graphqlHandler{ + client: _graphClient, + } + _handler.init(context.Background(), _repourl, 101) + commits, err := populateCommits(_handler, _vars) + Expect(err).To(BeNil()) + Expect(len(commits)).Should(BeEquivalentTo(101)) + }) + }) + Context("E2E TEST: Validate query cost", func() { It("Should not have increased for HEAD query", func() { repourl := &repoURL{ @@ -39,7 +145,7 @@ var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() { repo: "scorecard", commitSHA: clients.HeadSHA, } - graphqlhandler.init(context.Background(), repourl) + graphqlhandler.init(context.Background(), repourl, 30) Expect(graphqlhandler.setup()).Should(BeNil()) Expect(graphqlhandler.data).ShouldNot(BeNil()) Expect(graphqlhandler.data.RateLimit.Cost).ShouldNot(BeNil()) @@ -51,7 +157,7 @@ var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() { repo: "scorecard", commitSHA: "de5224bbc56eceb7a25aece55d2d53bbc561ed2d", } - graphqlhandler.init(context.Background(), repourl) + graphqlhandler.init(context.Background(), repourl, 30) Expect(graphqlhandler.setup()).Should(BeNil()) Expect(graphqlhandler.data).ShouldNot(BeNil()) Expect(graphqlhandler.data.RateLimit.Cost).ShouldNot(BeNil()) @@ -63,7 +169,7 @@ var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() { repo: "scorecard", commitSHA: clients.HeadSHA, } - graphqlhandler.init(context.Background(), repourl) + graphqlhandler.init(context.Background(), repourl, 30) Expect(graphqlhandler.setupCheckRuns()).Should(BeNil()) Expect(graphqlhandler.checkData).ShouldNot(BeNil()) Expect(graphqlhandler.checkData.RateLimit.Cost).ShouldNot(BeNil()) diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go index ce38f5fa7cef..0a8fa552f305 100644 --- a/clients/gitlabrepo/client.go +++ b/clients/gitlabrepo/client.go @@ -52,10 +52,11 @@ type Client struct { languages *languagesHandler ctx context.Context tarball tarballHandler + commitDepth int } // InitRepo sets up the GitLab project in local storage for improving performance and GitLab token usage efficiency. -func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error { +func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitDepth int) error { glRepo, ok := inputRepo.(*repoURL) if !ok { return fmt.Errorf("%w: %v", errInputRepoType, inputRepo) @@ -66,9 +67,12 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error { if err != nil { return sce.WithMessage(sce.ErrRepoUnreachable, err.Error()) } - + if commitDepth <= 0 { + client.commitDepth = 30 // default + } else { + client.commitDepth = commitDepth + } client.repo = repo - client.repourl = &repoURL{ hostname: inputRepo.URI(), projectID: fmt.Sprint(repo.ID), diff --git a/clients/localdir/client.go b/clients/localdir/client.go index c36152953d47..dea9455ff0a9 100644 --- a/clients/localdir/client.go +++ b/clients/localdir/client.go @@ -39,21 +39,26 @@ var ( //nolint:govet type localDirClient struct { - logger *log.Logger - ctx context.Context - path string - once sync.Once - errFiles error - files []string + logger *log.Logger + ctx context.Context + path string + once sync.Once + errFiles error + files []string + commitDepth int } // InitRepo sets up the local repo. -func (client *localDirClient) InitRepo(inputRepo clients.Repo, commitSHA string) error { +func (client *localDirClient) InitRepo(inputRepo clients.Repo, commitSHA string, commitDepth int) error { localRepo, ok := inputRepo.(*repoLocal) if !ok { return fmt.Errorf("%w: %v", errInputRepoType, inputRepo) } - + if commitDepth <= 0 { + client.commitDepth = 30 // default + } else { + client.commitDepth = commitDepth + } client.path = strings.TrimPrefix(localRepo.URI(), "file://") return nil diff --git a/clients/localdir/client_test.go b/clients/localdir/client_test.go index 233bef5a8d01..53a28220bb09 100644 --- a/clients/localdir/client_test.go +++ b/clients/localdir/client_test.go @@ -76,7 +76,7 @@ func TestClient_CreationAndCaching(t *testing.T) { } client := CreateLocalDirClient(ctx, logger) - if err := client.InitRepo(repo, clients.HeadSHA); err != nil { + if err := client.InitRepo(repo, clients.HeadSHA, 30); err != nil { t.Errorf("InitRepo: %v", err) } diff --git a/clients/mockclients/repo_client.go b/clients/mockclients/repo_client.go index d518c9a0c099..d29882bfb2de 100644 --- a/clients/mockclients/repo_client.go +++ b/clients/mockclients/repo_client.go @@ -140,17 +140,17 @@ func (mr *MockRepoClientMockRecorder) GetFileContent(filename interface{}) *gomo } // InitRepo mocks base method. -func (m *MockRepoClient) InitRepo(repo clients.Repo, commitSHA string) error { +func (m *MockRepoClient) InitRepo(repo clients.Repo, commitSHA string, commitDepth int) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "InitRepo", repo, commitSHA) + ret := m.ctrl.Call(m, "InitRepo", repo, commitSHA, commitDepth) ret0, _ := ret[0].(error) return ret0 } // InitRepo indicates an expected call of InitRepo. -func (mr *MockRepoClientMockRecorder) InitRepo(repo, commitSHA interface{}) *gomock.Call { +func (mr *MockRepoClientMockRecorder) InitRepo(repo, commitSHA, commitDepth interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "InitRepo", reflect.TypeOf((*MockRepoClient)(nil).InitRepo), repo, commitSHA) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "InitRepo", reflect.TypeOf((*MockRepoClient)(nil).InitRepo), repo, commitSHA, commitDepth) } // IsArchived mocks base method. diff --git a/clients/repo_client.go b/clients/repo_client.go index 20784ae45f54..607ebb64a471 100644 --- a/clients/repo_client.go +++ b/clients/repo_client.go @@ -28,7 +28,7 @@ const HeadSHA = "HEAD" // RepoClient interface is used by Scorecard checks to access a repo. type RepoClient interface { - InitRepo(repo Repo, commitSHA string) error + InitRepo(repo Repo, commitSHA string, commitDepth int) error URI() string IsArchived() (bool, error) ListFiles(predicate func(string) (bool, error)) ([]string, error) diff --git a/cmd/root.go b/cmd/root.go index 86711d268900..1979880e0435 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -90,10 +90,11 @@ func rootCmd(o *options.Options) error { ctx := context.Background() logger := sclog.NewLogger(sclog.ParseLevel(o.LogLevel)) repoURI, repoClient, ossFuzzRepoClient, ciiClient, vulnsClient, err := checker.GetClients( - ctx, o.Repo, o.Local, logger) + ctx, o.Repo, o.Local, logger) // MODIFIED if err != nil { return fmt.Errorf("GetClients: %w", err) } + defer repoClient.Close() if ossFuzzRepoClient != nil { defer ossFuzzRepoClient.Close() @@ -127,6 +128,7 @@ func rootCmd(o *options.Options) error { ctx, repoURI, o.Commit, + o.CommitDepth, enabledChecks, repoClient, ossFuzzRepoClient, diff --git a/cmd/serve.go b/cmd/serve.go index 078451e53a21..e0a516618252 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -70,7 +70,7 @@ func serveCmd(o *options.Options) *cobra.Command { ciiClient := clients.DefaultCIIBestPracticesClient() checksToRun := checks.GetAll() repoResult, err := pkg.RunScorecards( - ctx, repo, clients.HeadSHA /*commitSHA*/, checksToRun, repoClient, + ctx, repo, clients.HeadSHA /*commitSHA*/, o.CommitDepth, checksToRun, repoClient, ossFuzzRepoClient, ciiClient, vulnsClient) if err != nil { logger.Error(err, "running enabled scorecard checks on repo") diff --git a/cron/internal/worker/main.go b/cron/internal/worker/main.go index 1bc8a3be115d..593019ec49e5 100644 --- a/cron/internal/worker/main.go +++ b/cron/internal/worker/main.go @@ -164,7 +164,7 @@ func processRequest(ctx context.Context, delete(checksToRun, check) } - result, err := pkg.RunScorecards(ctx, repo, commitSHA, checksToRun, + result, err := pkg.RunScorecards(ctx, repo, commitSHA, 0, checksToRun, repoClient, ossFuzzRepoClient, ciiClient, vulnsClient) if errors.Is(err, sce.ErrRepoUnreachable) { // Not accessible repo - continue. diff --git a/dependencydiff/dependencydiff.go b/dependencydiff/dependencydiff.go index 637073a12f91..20723ad9e89a 100644 --- a/dependencydiff/dependencydiff.go +++ b/dependencydiff/dependencydiff.go @@ -92,8 +92,7 @@ func GetDependencyDiffResults( func initRepoAndClientByChecks(dCtx *dependencydiffContext, dSrcRepo string) error { repo, repoClient, ossFuzzClient, ciiClient, vulnsClient, err := checker.GetClients( - dCtx.ctx, dSrcRepo, "", dCtx.logger, - ) + dCtx.ctx, dSrcRepo, "", dCtx.logger) if err != nil { return fmt.Errorf("error getting the github repo and clients: %w", err) } @@ -162,6 +161,7 @@ func getScorecardCheckResults(dCtx *dependencydiffContext) error { // TODO (#2065): In future versions, ideally, this should be // the commitSHA corresponding to d.Version instead of HEAD. clients.HeadSHA, + 0, checksToRun, dCtx.ghRepoClient, dCtx.ossFuzzClient, diff --git a/e2e/binary_artifacts_test.go b/e2e/binary_artifacts_test.go index 0bbeec7c0bf5..1a25df156cc7 100644 --- a/e2e/binary_artifacts_test.go +++ b/e2e/binary_artifacts_test.go @@ -40,7 +40,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -66,7 +66,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-binary-artifacts-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -93,7 +93,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-binary-artifacts-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "5b48dea88825662d67ed94b609b45cf7705333b6") + err = repoClient.InitRepo(repo, "5b48dea88825662d67ed94b609b45cf7705333b6", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -120,7 +120,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-binary-artifacts-e2e-4-binaries") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -148,7 +148,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-binary-artifacts-e2e-4-binaries") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "d994b3e1a8912283f9958a7c1e0aa480ca24a7ce") + err = repoClient.InitRepo(repo, "d994b3e1a8912283f9958a7c1e0aa480ca24a7ce", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -187,7 +187,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Expect(err).Should(BeNil()) x := localdir.CreateLocalDirClient(context.Background(), logger) - err = x.InitRepo(repo, clients.HeadSHA) + err = x.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/branch_protection_test.go b/e2e/branch_protection_test.go index 8b62e6afe620..3f5d4ce3a29f 100644 --- a/e2e/branch_protection_test.go +++ b/e2e/branch_protection_test.go @@ -38,7 +38,7 @@ var _ = Describe("E2E TEST PAT:"+checks.CheckBranchProtection, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-branch-protection-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -68,7 +68,7 @@ var _ = Describe("E2E TEST PAT:"+checks.CheckBranchProtection, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-branch-protection-e2e-none") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -96,7 +96,7 @@ var _ = Describe("E2E TEST PAT:"+checks.CheckBranchProtection, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-branch-protection-e2e-patch-1") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -220,7 +220,7 @@ var _ = Describe("E2E TEST GITHUB_TOKEN:"+checks.CheckBranchProtection, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-branch-protection-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index 31580968fc90..ddd86ab597e3 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -36,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -60,7 +60,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "0a6850647e531b08f68118ff8ca20577a5b4062c") + err = repoClient.InitRepo(repo, "0a6850647e531b08f68118ff8ca20577a5b4062c", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -84,7 +84,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { repo, err := githubrepo.MakeGithubRepo("duo-labs/parliament") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "1ead655ec85bdbe0739e4a4125ce36eb48a329bc") + err = repoClient.InitRepo(repo, "1ead655ec85bdbe0739e4a4125ce36eb48a329bc", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index 7ff879a8231b..c039e977451e 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -42,7 +42,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -67,7 +67,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "0a6850647e531b08f68118ff8ca20577a5b4062c") + err = repoClient.InitRepo(repo, "0a6850647e531b08f68118ff8ca20577a5b4062c", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -91,7 +91,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { repo, err := githubrepo.MakeGithubRepo("spring-projects/spring-framework") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "ca5e453f87f7e84033bb90a2fb54ee9f7fc94d61") + err = repoClient.InitRepo(repo, "ca5e453f87f7e84033bb90a2fb54ee9f7fc94d61", 0) Expect(err).Should(BeNil()) reviewData, err := raw.CodeReview(repoClient) diff --git a/e2e/contributors_test.go b/e2e/contributors_test.go index b0c1068209f4..e8f4b1afbcf2 100644 --- a/e2e/contributors_test.go +++ b/e2e/contributors_test.go @@ -36,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckContributors, func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/dangerous_workflow_test.go b/e2e/dangerous_workflow_test.go index e57a250c6905..bf8929e49d99 100644 --- a/e2e/dangerous_workflow_test.go +++ b/e2e/dangerous_workflow_test.go @@ -36,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-dangerous-workflow-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -60,7 +60,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-dangerous-workflow-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "8db326e9ba20517feeefd157524a89184ed41f7f") + err = repoClient.InitRepo(repo, "8db326e9ba20517feeefd157524a89184ed41f7f", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -95,7 +95,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { Expect(err).Should(BeNil()) x := localdir.CreateLocalDirClient(context.Background(), logger) - err = x.InitRepo(repo, clients.HeadSHA) + err = x.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/dependency_update_tool_test.go b/e2e/dependency_update_tool_test.go index 9b6ab593059c..baf8686eafcf 100644 --- a/e2e/dependency_update_tool_test.go +++ b/e2e/dependency_update_tool_test.go @@ -36,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckDependencyUpdateTool, func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -63,7 +63,7 @@ var _ = Describe("E2E TEST:"+checks.CheckDependencyUpdateTool, func() { repo, err := githubrepo.MakeGithubRepo("netlify/netlify-cms") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/fuzzing_test.go b/e2e/fuzzing_test.go index eadab88a29d3..7f83d684a4da 100644 --- a/e2e/fuzzing_test.go +++ b/e2e/fuzzing_test.go @@ -35,7 +35,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) Expect(err).Should(BeNil()) @@ -63,7 +63,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-fuzzing-cflite") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) Expect(err).Should(BeNil()) @@ -91,7 +91,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-fuzzing-golang") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) Expect(err).Should(BeNil()) @@ -119,7 +119,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-fuzzing-golang") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) Expect(err).Should(BeNil()) @@ -139,7 +139,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-packaging-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) Expect(err).Should(BeNil()) diff --git a/e2e/license_test.go b/e2e/license_test.go index f81d40974b76..68d384195e86 100644 --- a/e2e/license_test.go +++ b/e2e/license_test.go @@ -37,7 +37,7 @@ var _ = Describe("E2E TEST:"+checks.CheckLicense, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-license-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -62,7 +62,7 @@ var _ = Describe("E2E TEST:"+checks.CheckLicense, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-license-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "c3a8778e73ea95f937c228a34ee57d5e006f7304") + err = repoClient.InitRepo(repo, "c3a8778e73ea95f937c228a34ee57d5e006f7304", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -98,7 +98,7 @@ var _ = Describe("E2E TEST:"+checks.CheckLicense, func() { Expect(err).Should(BeNil()) x := localdir.CreateLocalDirClient(context.Background(), logger) - err = x.InitRepo(repo, clients.HeadSHA) + err = x.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/maintained_test.go b/e2e/maintained_test.go index 3717018d7eaf..33e1456d4b0f 100644 --- a/e2e/maintained_test.go +++ b/e2e/maintained_test.go @@ -34,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckMaintained, func() { repo, err := githubrepo.MakeGithubRepo("apache/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/packaging_test.go b/e2e/packaging_test.go index 0f797ef456ac..1f6d4bcc18ab 100644 --- a/e2e/packaging_test.go +++ b/e2e/packaging_test.go @@ -36,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPackaging, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-packaging-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/permissions_test.go b/e2e/permissions_test.go index 4bed2107e19a..66f04eb8422b 100644 --- a/e2e/permissions_test.go +++ b/e2e/permissions_test.go @@ -36,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-token-permissions-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -61,7 +61,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-token-permissions-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "35a3425d1e682c32946b7d36adcfd772cf772e63") + err = repoClient.InitRepo(repo, "35a3425d1e682c32946b7d36adcfd772cf772e63", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -97,7 +97,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { Expect(err).Should(BeNil()) x := localdir.CreateLocalDirClient(context.Background(), logger) - err = x.InitRepo(repo, clients.HeadSHA) + err = x.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/pinned_dependencies_test.go b/e2e/pinned_dependencies_test.go index 638b5803701a..0a99884b19ab 100644 --- a/e2e/pinned_dependencies_test.go +++ b/e2e/pinned_dependencies_test.go @@ -39,7 +39,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-pinned-dependencies-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -64,7 +64,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-pinned-dependencies-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "c8bfd7cf04ea7af741e1d07af98fabfcc1b6ffb1") + err = repoClient.InitRepo(repo, "c8bfd7cf04ea7af741e1d07af98fabfcc1b6ffb1", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -100,7 +100,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { Expect(err).Should(BeNil()) x := localdir.CreateLocalDirClient(context.Background(), logger) - err = x.InitRepo(repo, clients.HeadSHA) + err = x.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/sast_test.go b/e2e/sast_test.go index 074d5ef00ed7..4d7131423b38 100644 --- a/e2e/sast_test.go +++ b/e2e/sast_test.go @@ -36,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSAST, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/security_policy_test.go b/e2e/security_policy_test.go index 856ad474a7a7..5b434a6fe85b 100644 --- a/e2e/security_policy_test.go +++ b/e2e/security_policy_test.go @@ -37,7 +37,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -63,7 +63,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "e0cb70344e46276b37d65824f95eca478080de4a") + err = repoClient.InitRepo(repo, "e0cb70344e46276b37d65824f95eca478080de4a", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -89,7 +89,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { repo, err := githubrepo.MakeGithubRepo("randombit/botan") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -115,7 +115,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { repo, err := githubrepo.MakeGithubRepo("randombit/botan") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "bab40cdd29d19e0638cf1301dfd355c52b94d1c0") + err = repoClient.InitRepo(repo, "bab40cdd29d19e0638cf1301dfd355c52b94d1c0", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -152,7 +152,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { Expect(err).Should(BeNil()) x := localdir.CreateLocalDirClient(context.Background(), logger) - err = x.InitRepo(repo, clients.HeadSHA) + err = x.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/signedreleases_test.go b/e2e/signedreleases_test.go index 87a1b7e03f6b..947bb9b05969 100644 --- a/e2e/signedreleases_test.go +++ b/e2e/signedreleases_test.go @@ -36,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSignedReleases, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-signed-releases-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/vulnerabilities_test.go b/e2e/vulnerabilities_test.go index 44bd1a51f768..8a5ec3ae3f86 100644 --- a/e2e/vulnerabilities_test.go +++ b/e2e/vulnerabilities_test.go @@ -35,7 +35,7 @@ var _ = Describe("E2E TEST:"+checks.CheckVulnerabilities, func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) dl := scut.TestDetailLogger{} @@ -64,7 +64,7 @@ var _ = Describe("E2E TEST:"+checks.CheckVulnerabilities, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-vulnerabilities-open62541") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) dl := scut.TestDetailLogger{} @@ -91,7 +91,7 @@ var _ = Describe("E2E TEST:"+checks.CheckVulnerabilities, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-vulnerabilities-open62541") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "de6367caa31b59e2156f83b04c2f30611b7ac393") + err = repoClient.InitRepo(repo, "de6367caa31b59e2156f83b04c2f30611b7ac393", 0) Expect(err).Should(BeNil()) dl := scut.TestDetailLogger{} diff --git a/options/flags.go b/options/flags.go index f9b3b2812392..a9b103d9a08d 100644 --- a/options/flags.go +++ b/options/flags.go @@ -59,6 +59,8 @@ const ( // FlagFormat is the flag name for specifying output format. FlagFormat = "format" + + FlagCommitDepth = "commit-depth" ) // Command is an interface for handling options for command-line utilities. @@ -132,6 +134,13 @@ func (o *Options) AddFlags(cmd *cobra.Command) { "show extra details about each check", ) + cmd.Flags().IntVar( + &o.CommitDepth, + FlagCommitDepth, + o.CommitDepth, + "number of commits to check, commits begin backwards from the HEAD", + ) + checkNames := []string{} for checkName := range checks.GetAll() { checkNames = append(checkNames, checkName) diff --git a/options/options.go b/options/options.go index 4424f2e7bf5b..25fafc0b212e 100644 --- a/options/options.go +++ b/options/options.go @@ -41,8 +41,8 @@ type Options struct { ResultsFile string ChecksToRun []string Metadata []string + CommitDepth int ShowDetails bool - // Feature flags. EnableSarif bool `env:"ENABLE_SARIF"` EnableScorecardV6 bool `env:"SCORECARD_V6"` @@ -54,7 +54,6 @@ func New() *Options { if err := env.Parse(opts); err != nil { fmt.Printf("could not parse env vars, using default options: %v", err) } - // Defaulting. // TODO(options): Consider moving this to a separate function/method. if opts.Commit == "" { @@ -66,7 +65,6 @@ func New() *Options { if opts.LogLevel == "" { opts.LogLevel = DefaultLogLevel } - return opts } @@ -75,7 +73,6 @@ const ( DefaultCommit = clients.HeadSHA // Formats. - // FormatJSON specifies that results should be output in JSON format. FormatJSON = "json" // FormatSarif specifies that results should be output in SARIF format. @@ -86,7 +83,6 @@ const ( FormatRaw = "raw" // Environment variables. - // EnvVarEnableSarif is the environment variable which controls enabling // SARIF logging. EnvVarEnableSarif = "ENABLE_SARIF" diff --git a/pkg/scorecard.go b/pkg/scorecard.go index ae1eacc02376..5563e5d1be4b 100644 --- a/pkg/scorecard.go +++ b/pkg/scorecard.go @@ -84,13 +84,14 @@ func getRepoCommitHash(r clients.RepoClient) (string, error) { func RunScorecards(ctx context.Context, repo clients.Repo, commitSHA string, + commitDepth int, checksToRun checker.CheckNameToFnMap, repoClient clients.RepoClient, ossFuzzRepoClient clients.RepoClient, ciiClient clients.CIIBestPracticesClient, vulnsClient clients.VulnerabilitiesClient, ) (ScorecardResult, error) { - if err := repoClient.InitRepo(repo, commitSHA); err != nil { + if err := repoClient.InitRepo(repo, commitSHA, commitDepth); err != nil { // No need to call sce.WithMessage() since InitRepo will do that for us. //nolint:wrapcheck return ScorecardResult{}, err diff --git a/pkg/scorecard_test.go b/pkg/scorecard_test.go index 0c4f283b1078..74b9ddd0866b 100644 --- a/pkg/scorecard_test.go +++ b/pkg/scorecard_test.go @@ -101,7 +101,7 @@ func Test_getRepoCommitHashLocal(t *testing.T) { t.Errorf("MakeLocalDirRepo: %v", err) return } - if err := localDirClient.InitRepo(localRepo, clients.HeadSHA); err != nil { + if err := localDirClient.InitRepo(localRepo, clients.HeadSHA, 0); err != nil { t.Errorf("InitRepo: %v", err) return } @@ -146,7 +146,7 @@ func TestRunScorecards(t *testing.T) { mockRepoClient := mockrepo.NewMockRepoClient(ctrl) repo := mockrepo.NewMockRepo(ctrl) - mockRepoClient.EXPECT().InitRepo(repo, tt.args.commitSHA).Return(nil) + mockRepoClient.EXPECT().InitRepo(repo, tt.args.commitSHA, 0).Return(nil) mockRepoClient.EXPECT().Close().DoAndReturn(func() error { return nil @@ -163,8 +163,7 @@ func TestRunScorecards(t *testing.T) { }, nil }) defer ctrl.Finish() - got, err := RunScorecards(context.Background(), repo, tt.args.commitSHA, nil, - mockRepoClient, nil, nil, nil) + got, err := RunScorecards(context.Background(), repo, tt.args.commitSHA, 0, nil, mockRepoClient, nil, nil, nil) if (err != nil) != tt.wantErr { t.Errorf("RunScorecards() error = %v, wantErr %v", err, tt.wantErr) return