Fixups for golang-based entrypoint

Makefile

@@ -0,0 +1,5 @@
+LDFLAGS=-w -extldflags
+
+build: ## Runs go build on repo
+	# Run go build and generate scorecard executable
+	CGO_ENABLED=0 go build -o scorecard-action -trimpath -a -tags netgo -ldflags '$(LDFLAGS)'

entrypoint/entrypoint.go

@@ -58,13 +58,15 @@ func New() (*cobra.Command, error) {
 			return fmt.Errorf("validating options: %w", err)
 		}
 
+		// TODO: the results file should be completed and validated by the time we get it.
 		if scOpts.ResultsFile != "" {
 			var err error
-			out, err = os.Create(scOpts.ResultsFile)
+			resultsFilePath := fmt.Sprintf("%v/%v", opts.GithubWorkspace, scOpts.ResultsFile)
+			out, err = os.Create(resultsFilePath)
 			if err != nil {
 				return fmt.Errorf(
 					"creating output file (%s): %w",
-					scOpts.ResultsFile,
+					resultsFilePath,
 					err,
 				)
 			}

options/env.go

@@ -32,11 +32,15 @@ const (
 	EnvGithubRef               = "GITHUB_REF"
 	EnvGithubWorkspace         = "GITHUB_WORKSPACE"
 	EnvGithubAuthToken         = "GITHUB_AUTH_TOKEN" //nolint:gosec
-	EnvInputResultsFile        = "INPUT_RESULTS_FILE"
-	EnvInputResultsFormat      = "INPUT_RESULTS_FORMAT"
-	EnvInputPublishResults     = "INPUT_PUBLISH_RESULTS"
 	EnvScorecardFork           = "SCORECARD_IS_FORK"
 	EnvScorecardPrivateRepo    = "SCORECARD_PRIVATE_REPOSITORY"
+
+	// TODO(input): INPUT_ constants should be removed in a future release once
+	//              they have replacements in upstream scorecard.
+	EnvInputRepoToken      = "INPUT_REPO_TOKEN" //nolint:gosec
+	EnvInputResultsFile    = "INPUT_RESULTS_FILE"
+	EnvInputResultsFormat  = "INPUT_RESULTS_FORMAT"
+	EnvInputPublishResults = "INPUT_PUBLISH_RESULTS"
 )
 
 // Errors

options/options.go

@@ -64,6 +64,11 @@ type Options struct {
 	IsForkStr string `env:"SCORECARD_IS_FORK"`
 	// TODO(options): This may be better as a bool
 	PrivateRepoStr string `env:"SCORECARD_PRIVATE_REPOSITORY"`
+
+	// Input parameters
+	InputResultsFile    string `env:"INPUT_RESULTS_FILE"`
+	InputResultsFormat  string `env:"INPUT_RESULTS_FORMAT"`
+	InputPublishResults string `env:"INPUT_PUBLISH_RESULTS"`
 }
 
 const (
@@ -91,7 +96,12 @@ func New() (*Options, error) {
 	}
 
 	// TODO(options): Move this set-or-default logic to its own function.
+	opts.ScorecardOpts.Format = formatSarif
 	opts.ScorecardOpts.EnableSarif = true
+	if opts.InputResultsFormat != "" {
+		opts.ScorecardOpts.Format = opts.InputResultsFormat
+	}
+
 	if opts.ScorecardOpts.Format == formatSarif {
 		if opts.ScorecardOpts.PolicyFile == "" {
 			// TODO(policy): Should we default or error here?
@@ -107,7 +117,13 @@ func New() (*Options, error) {
 	}
 
 	opts.SetPublishResults()
+
 	if opts.ScorecardOpts.ResultsFile == "" {
+		opts.ScorecardOpts.ResultsFile = opts.InputResultsFile
+	}
+
+	if opts.ScorecardOpts.ResultsFile == "" {
+		// TODO(test): Reassess test case for this code path
 		return opts, errResultsPathEmpty
 	}
 
@@ -133,6 +149,12 @@ func (o *Options) Initialize() error {
 	// o.EnableLicense = "1"
 	// o.EnableDangerousWorkflow = "1"
 
+	_, tokenSet := os.LookupEnv(EnvGithubAuthToken)
+	if !tokenSet {
+		inputToken := os.Getenv(EnvInputRepoToken)
+		os.Setenv(EnvGithubAuthToken, inputToken)
+	}
+
 	return o.SetRepoInfo()
 }
 
@@ -151,9 +173,9 @@ func (o *Options) Validate() error {
 		return errEmptyGitHubAuthToken
 	}
 
-	if strings.Contains(os.Getenv(o.GithubEventName), "pull_request") &&
-		os.Getenv(o.GithubRef) == o.DefaultBranch {
-		fmt.Printf("%s not supported with %s event.\n", os.Getenv(o.GithubRef), os.Getenv(o.GithubEventName))
+	if strings.Contains(o.GithubEventName, "pull_request") &&
+		o.GithubRef == o.DefaultBranch {
+		fmt.Printf("%s not supported with %s event.\n", o.GithubRef, o.GithubEventName)
 		fmt.Printf("Only the default branch %s is supported.\n", o.DefaultBranch)
 
 		return errOnlyDefaultBranchSupported

options/options_test.go

@@ -45,15 +45,16 @@ func TestNew(t *testing.T) {
 		LogLevel    string
 	}
 	tests := []struct {
-		name            string
-		githubEventPath string
-		repo            string
-		resultsFile     string
-		resultsFormat   string
-		publishResults  string
-		want            fields
-		unsetToken      bool
-		wantErr         bool
+		name             string
+		githubEventPath  string
+		repo             string
+		resultsFile      string
+		resultsFormat    string
+		publishResults   string
+		want             fields
+		unsetResultsPath bool
+		unsetToken       bool
+		wantErr          bool
 	}{
 		{
 			name:            "SuccessFormatSARIF",
@@ -103,12 +104,40 @@ func TestNew(t *testing.T) {
 			unsetToken: true,
 			wantErr:    true,
 		},
+		{
+			name:            "FailureResultsPathNotSet",
+			githubEventPath: githubEventPathNonFork,
+			want: fields{
+				EnableSarif: true,
+				Format:      formatSarif,
+				PolicyFile:  defaultScorecardPolicyFile,
+				Commit:      options.DefaultCommit,
+				LogLevel:    options.DefaultLogLevel,
+			},
+			unsetResultsPath: true,
+			wantErr:          true,
+		},
+		{
+			name:            "FailureResultsPathEmpty",
+			githubEventPath: githubEventPathNonFork,
+			resultsFile:     "",
+			want: fields{
+				EnableSarif: true,
+				Format:      formatSarif,
+				PolicyFile:  defaultScorecardPolicyFile,
+				ResultsFile: "",
+				Commit:      options.DefaultCommit,
+				LogLevel:    options.DefaultLogLevel,
+			},
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			_, tokenEnvExists := os.LookupEnv(EnvGithubAuthToken)
 			if !tokenEnvExists {
 				os.Setenv(EnvGithubAuthToken, testToken)
+				defer os.Unsetenv(EnvGithubAuthToken)
 			}
 			if tt.unsetToken {
 				os.Unsetenv(EnvGithubAuthToken)
@@ -118,21 +147,26 @@ func TestNew(t *testing.T) {
 			if !pathEnvExists {
 				if tt.githubEventPath != "" {
 					os.Setenv(EnvGithubEventPath, tt.githubEventPath)
+					defer os.Unsetenv(EnvGithubEventPath)
 				}
 			}
 
 			_, repoEnvExists := os.LookupEnv(EnvGithubRepository)
 			if !repoEnvExists {
 				if tt.repo != "" {
 					os.Setenv(EnvGithubRepository, tt.repo)
+					defer os.Unsetenv(EnvGithubRepository)
 				}
 			}
 
-			if tt.resultsFile != "" {
-				os.Setenv("SCORECARD_RESULTS_FILE", tt.resultsFile)
-			}
-			if tt.resultsFormat != "" {
-				os.Setenv("SCORECARD_RESULTS_FORMAT", tt.resultsFormat)
+			os.Setenv(EnvInputResultsFormat, tt.resultsFormat)
+			defer os.Unsetenv(EnvInputResultsFormat)
+
+			if tt.unsetResultsPath {
+				os.Unsetenv(EnvInputResultsFile)
+			} else {
+				os.Setenv(EnvInputResultsFile, tt.resultsFile)
+				defer os.Unsetenv(EnvInputResultsFile)
 			}
 
 			opts, err := New()