Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add scorecard workflow and badge #72

Merged
merged 2 commits into from
Jan 10, 2024
Merged

add scorecard workflow and badge #72

merged 2 commits into from
Jan 10, 2024

Conversation

Jdubrick
Copy link
Contributor

@Jdubrick Jdubrick commented Jan 8, 2024

Please specify the area for this PR
This is for the CNCF Cleaner badge as part of our effort to increase adherence to open source best practices.

What does does this PR do / why we need it:
This PR implements the GitHub workflow for code scanning for the OpenSSF scorecard. This tracks security vulnerabilities in the repository and gives the repo a score based off its findings. A similar issue to this was merged here: devfile/library#195

Which issue(s) this PR fixes:

fixes devfile/api#1386

PR acceptance criteria:

  • Test Coverage
    • Are your changes sufficiently tested, and are any applicable test cases added or updated to cover your changes?
  • Gosec scans

Documentation

  • Does the registry operator documentation need to be updated with your changes?

How to test changes / Special notes to the reviewer:

@Jdubrick
add scorecard workflow and badge
316e2b8 
Signed-off-by: Jordan Dubrick <[email protected]>
@openshift-ci openshift-ci bot requested review from elsony and johnmcollier January 8, 2024 19:16
@openshift-ci openshift-ci bot added the approved label Jan 8, 2024
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@codecov Codecov
Copy link

codecov bot commented Jan 8, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (224f878) 25.86% compared to head (316e2b8) 25.86%.

❗ Current head 316e2b8 differs from pull request most recent head bc859ca. Consider uploading reports for the commit bc859ca to get more accurate results

Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #72   +/-   ##
=======================================
  Coverage   25.86%   25.86%           
=======================================
  Files          25       25           
  Lines        1415     1415           
=======================================
  Hits          366      366           
  Misses       1026     1026           
  Partials       23       23

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

thepetk
thepetk reviewed Jan 9, 2024
View reviewed changes
Copy link
Contributor

@thepetk thepetk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a minor comment :)

.github/workflows/scorecard.yml Outdated Show resolved Hide resolved
@Jdubrick
remove irrelevant info
bc859ca 
Signed-off-by: Jordan Dubrick <[email protected]>
@thepetk thepetk self-requested a review January 10, 2024 11:49
thepetk
thepetk approved these changes Jan 10, 2024
View reviewed changes
Copy link
Contributor

@thepetk thepetk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jan 10, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 10, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Jdubrick, thepetk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Jdubrick Jdubrick merged commit f55ab8e into devfile:main Jan 10, 2024
9 checks passed
michael-valdron pushed a commit to michael-valdron/devfile-registry-operator that referenced this pull request Jan 24, 2024
@Jdubrick @michael-valdron
add scorecard workflow and badge (devfile#72)
7b8be77 
* add scorecard workflow and badge

Signed-off-by: Jordan Dubrick <[email protected]>

* remove irrelevant info

Signed-off-by: Jordan Dubrick <[email protected]>

---------

Signed-off-by: Jordan Dubrick <[email protected]>
thepetk pushed a commit to thepetk/devfile-registry-operator that referenced this pull request Aug 20, 2024
@Jdubrick @thepetk
add scorecard workflow and badge (devfile#72)
334aba8 
* add scorecard workflow and badge

Signed-off-by: Jordan Dubrick <[email protected]>

* remove irrelevant info

Signed-off-by: Jordan Dubrick <[email protected]>

---------

Signed-off-by: Jordan Dubrick <[email protected]>
Signed-off-by: thepetk <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thepetk thepetk thepetk approved these changes

@elsony elsony Awaiting requested review from elsony

@johnmcollier johnmcollier Awaiting requested review from johnmcollier

Assignees

@thepetk thepetk

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CNCF Cleaner Tasks for devfile/registry-operator
2 participants
@Jdubrick @thepetk