From da95e0c1a2f7d7693f9a316173a6884cc3bdf948 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Sun, 15 May 2022 14:37:11 -0400 Subject: [PATCH 01/13] install: Move action installation into a separate package Signed-off-by: Stephen Augustus --- go.mod | 10 +- go.sum | 1 - .../org-workflow-add.go => install/install.go | 4 +- multi-repo-action/go.mod | 20 - multi-repo-action/go.sum | 387 ------------------ multi-repo-action/main.go | 23 ++ 6 files changed, 32 insertions(+), 413 deletions(-) rename multi-repo-action/org-workflow-add.go => install/install.go (99%) delete mode 100644 multi-repo-action/go.mod delete mode 100644 multi-repo-action/go.sum create mode 100644 multi-repo-action/main.go diff --git a/go.mod b/go.mod index 5da85656..a155fd43 100644 --- a/go.mod +++ b/go.mod @@ -107,7 +107,6 @@ require ( github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 // indirect github.com/google/go-github/v38 v38.1.0 // indirect github.com/google/go-github/v41 v41.0.0 // indirect - github.com/google/go-github/v42 v42.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/trillian v1.4.0 // indirect @@ -163,6 +162,7 @@ require ( github.com/rhysd/actionlint v1.6.12 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/robfig/cron v1.2.0 // indirect + github.com/rogpeppe/go-internal v1.8.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74 // indirect github.com/secure-systems-lab/go-securesystemslib v0.3.1 // indirect @@ -171,7 +171,6 @@ require ( github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa // indirect github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 // indirect - github.com/sigstore/rekor v0.5.0 // indirect github.com/sigstore/sigstore v1.2.1-0.20220424143412-3d41663116d5 // indirect github.com/sirupsen/logrus v1.8.1 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect @@ -225,7 +224,6 @@ require ( golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/net v0.0.0-20220412020605-290c469a71a5 // indirect - golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect @@ -259,3 +257,9 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) + +require ( + github.com/google/go-github/v42 v42.0.0 + github.com/sigstore/rekor v0.5.0 // indirect + golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 +) diff --git a/go.sum b/go.sum index 9e0e74e6..fa335fdc 100644 --- a/go.sum +++ b/go.sum @@ -2231,7 +2231,6 @@ github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= -github.com/rogpeppe/go-internal v1.8.1-0.20210923151022-86f73c517451 h1:d1PiN4RxzIFXCJTvRkvSkKqwtRAl5ZV4lATKtQI0B7I= github.com/rogpeppe/go-internal v1.8.1-0.20210923151022-86f73c517451/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= diff --git a/multi-repo-action/org-workflow-add.go b/install/install.go similarity index 99% rename from multi-repo-action/org-workflow-add.go rename to install/install.go index 86188909..51fed983 100644 --- a/multi-repo-action/org-workflow-add.go +++ b/install/install.go @@ -1,4 +1,4 @@ -package main +package install import ( "context" @@ -18,7 +18,7 @@ var RepoList = []string{} // Optional, leave empty to process all repos under or // ************************************** // Adds the OpenSSF Scorecard workflow to all repositores under the given organization. -func main() { +func Run() { // Get github user client. context := context.Background() tokenService := oauth2.StaticTokenSource( diff --git a/multi-repo-action/go.mod b/multi-repo-action/go.mod deleted file mode 100644 index e037a24f..00000000 --- a/multi-repo-action/go.mod +++ /dev/null @@ -1,20 +0,0 @@ -module github.com/ossf/scorecard-actions/cli - -go 1.17 - -require ( - github.com/google/go-github/v42 v42.0.0 - github.com/migueleliasweb/go-github-mock v0.0.6 - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 -) - -require ( - github.com/golang/protobuf v1.4.2 // indirect - github.com/google/go-github/v41 v41.0.0 // indirect - github.com/google/go-querystring v1.1.0 // indirect - github.com/gorilla/mux v1.8.0 // indirect - golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect - golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.25.0 // indirect -) diff --git a/multi-repo-action/go.sum b/multi-repo-action/go.sum deleted file mode 100644 index 3da4eef9..00000000 --- a/multi-repo-action/go.sum +++ /dev/null @@ -1,387 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/bradleyfalzon/ghinstallation/v2 v2.0.3/go.mod h1:tlgi+JWCXnKFx/Y4WtnDbZEINo31N5bcvnCoqieefmk= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= -github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= -github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-github/v39 v39.0.0/go.mod h1:C1s8C5aCC9L+JXIYpJM5GYytdX52vC1bLvHEF1IhBrE= -github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= -github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= -github.com/google/go-github/v42 v42.0.0 h1:YNT0FwjPrEysRkLIiKuEfSvBPCGKphW5aS5PxwaoLec= -github.com/google/go-github/v42 v42.0.0/go.mod h1:jgg/jvyI0YlDOM1/ps6XYh04HNQ3vKf0CVko62/EhRg= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/migueleliasweb/go-github-mock v0.0.6 h1:JYB8HK7PvchVaCpO4YbstTaaZz8WFwqAQ2UT7ugjiOU= -github.com/migueleliasweb/go-github-mock v0.0.6/go.mod h1:mD5w+9J3oBBMLr7uD6owEYlYBAL8tZd+BA7iGjI4EU8= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/multi-repo-action/main.go b/multi-repo-action/main.go new file mode 100644 index 00000000..18dcbaa0 --- /dev/null +++ b/multi-repo-action/main.go @@ -0,0 +1,23 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +package main + +import "github.com/ossf/scorecard-action/install" + +func main() { + install.Run() +} From 4b4094af3b0c9663f0585917fdbc69346f1028c4 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Sun, 15 May 2022 14:48:53 -0400 Subject: [PATCH 02/13] Add missing license headers Signed-off-by: Stephen Augustus --- codeql.js | 18 ++++++++++++++++++ install/install.go | 16 ++++++++++++++++ multi-repo-action/main_test.go | 16 ++++++++++++++++ multi-repo-action/scorecards-analysis.yml | 16 ++++++++++++++++ signing/signing.go | 16 ++++++++++++++++ signing/signing_test.go | 16 ++++++++++++++++ starter-workflows/code-scanning/scorecards.yml | 16 ++++++++++++++++ 7 files changed, 114 insertions(+) diff --git a/codeql.js b/codeql.js index a0b70d65..fda7d451 100644 --- a/codeql.js +++ b/codeql.js @@ -1 +1,19 @@ +/** + * Copyright 2022 OpenSSF Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + */ + console.log("codeql") diff --git a/install/install.go b/install/install.go index 51fed983..65245e4d 100644 --- a/install/install.go +++ b/install/install.go @@ -1,3 +1,19 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + package install import ( diff --git a/multi-repo-action/main_test.go b/multi-repo-action/main_test.go index e34d3496..b70f30bb 100644 --- a/multi-repo-action/main_test.go +++ b/multi-repo-action/main_test.go @@ -1,3 +1,19 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + package main import ( diff --git a/multi-repo-action/scorecards-analysis.yml b/multi-repo-action/scorecards-analysis.yml index cc20b337..602a6e54 100644 --- a/multi-repo-action/scorecards-analysis.yml +++ b/multi-repo-action/scorecards-analysis.yml @@ -1,3 +1,19 @@ +# Copyright 2022 OpenSSF Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + name: Scorecards supply-chain security on: # Only the default branch is supported. diff --git a/signing/signing.go b/signing/signing.go index a80291fd..feca6b10 100644 --- a/signing/signing.go +++ b/signing/signing.go @@ -1,3 +1,19 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + package signing import ( diff --git a/signing/signing_test.go b/signing/signing_test.go index 359d1b3b..b885f6c3 100644 --- a/signing/signing_test.go +++ b/signing/signing_test.go @@ -1,3 +1,19 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + package signing import ( diff --git a/starter-workflows/code-scanning/scorecards.yml b/starter-workflows/code-scanning/scorecards.yml index 23dc0c1a..e80dbc77 100644 --- a/starter-workflows/code-scanning/scorecards.yml +++ b/starter-workflows/code-scanning/scorecards.yml @@ -1,3 +1,19 @@ +# Copyright 2022 OpenSSF Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + name: Scorecards supply-chain security on: # Only the default branch is supported. From 133989713d842cc1970f6d690e98c1d1ddfd4a68 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Sun, 15 May 2022 14:59:04 -0400 Subject: [PATCH 03/13] install: Fix unrecognized variables Signed-off-by: Stephen Augustus --- install/install.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install/install.go b/install/install.go index 65245e4d..a840d4ae 100644 --- a/install/install.go +++ b/install/install.go @@ -44,14 +44,14 @@ func Run() { client := github.NewClient(tokenClient) // If not provided, get all repositories under organization. - if len(REPO_LIST) == 0 { + if len(RepoList) == 0 { lops := &github.RepositoryListByOrgOptions{Type: "all"} repos, _, err := client.Repositories.ListByOrg(context, orgName, lops) err_check(err, "Error listing organization's repos.") // Convert to list of repository names. for _, repo := range repos { - REPO_LIST = append(REPO_LIST, *repo.Name) + RepoList = append(RepoList, *repo.Name) } } @@ -60,7 +60,7 @@ func Run() { err_check(err, "Error reading in scorecard workflow file.") // Process each repository. - for _, repoName := range REPO_LIST { + for _, repoName := range RepoList { // Get repo metadata. repo, _, err := client.Repositories.Get(context, orgName, repoName) From 2ec5c8345dc9a8c38435138271eda875fb3ee1e3 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Sun, 15 May 2022 15:10:23 -0400 Subject: [PATCH 04/13] lint: Fix warnings and attempt to auto-fix issues (where supported) Signed-off-by: Stephen Augustus --- .golangci.yml | 12 ++- install/install.go | 132 +++++++++++++++++++++++++-------- main.go | 2 +- multi-repo-action/main_test.go | 7 +- 4 files changed, 115 insertions(+), 38 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index bf7e1884..673c0370 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -3,13 +3,23 @@ run: concurrency: 6 deadline: 5m issues: - new-from-rev: "" include: # revive `package-comments` and `exported` rules. - EXC0012 - EXC0013 - EXC0014 - EXC0015 + # Maximum issues count per one linter. + # Set to 0 to disable. + # Default: 50 + max-issues-per-linter: 0 + # Maximum count of issues with the same text. + # Set to 0 to disable. + # Default: 3 + max-same-issues: 0 + new-from-rev: "" + # Fix found issues (if it's supported by the linter). + fix: true linters: disable-all: true enable: diff --git a/install/install.go b/install/install.go index a840d4ae..bd373aec 100644 --- a/install/install.go +++ b/install/install.go @@ -25,29 +25,32 @@ import ( "golang.org/x/oauth2" ) -// ************************************** -// Set these parameters. -const orgName string = "organization name" -const pat string = "personal access token" +const ( + orgName = "organization name" + pat = "personal access token" +) -var RepoList = []string{} // Optional, leave empty to process all repos under org. -// ************************************** +// RepoList leave empty to process all repos under org (optional). +var RepoList = []string{} -// Adds the OpenSSF Scorecard workflow to all repositores under the given organization. +// Run adds the OpenSSF Scorecard workflow to all repositories under the given +// organization. +// TODO(install): Improve description. func Run() { // Get github user client. - context := context.Background() + ctx := context.Background() tokenService := oauth2.StaticTokenSource( &oauth2.Token{AccessToken: pat}, ) - tokenClient := oauth2.NewClient(context, tokenService) + + tokenClient := oauth2.NewClient(ctx, tokenService) client := github.NewClient(tokenClient) // If not provided, get all repositories under organization. if len(RepoList) == 0 { lops := &github.RepositoryListByOrgOptions{Type: "all"} - repos, _, err := client.Repositories.ListByOrg(context, orgName, lops) - err_check(err, "Error listing organization's repos.") + repos, _, err := client.Repositories.ListByOrg(ctx, orgName, lops) + errCheck(err, "Error listing organization's repos.") // Convert to list of repository names. for _, repo := range repos { @@ -57,38 +60,75 @@ func Run() { // Get yml file into byte array. workflowContent, err := ioutil.ReadFile("scorecards-analysis.yml") - err_check(err, "Error reading in scorecard workflow file.") + errCheck(err, "Error reading in scorecard workflow file.") // Process each repository. for _, repoName := range RepoList { - // Get repo metadata. - repo, _, err := client.Repositories.Get(context, orgName, repoName) + repo, _, err := client.Repositories.Get(ctx, orgName, repoName) if err != nil { - fmt.Println("Skipped repo", repoName, "because it does not exist or could not be accessed.") + fmt.Println( + "Skipped repo", + repoName, + "because it does not exist or could not be accessed.", + ) + continue } // Get head commit SHA of default branch. - defaultBranch, _, err := client.Repositories.GetBranch(context, orgName, repoName, *repo.DefaultBranch, true) - + defaultBranch, _, err := client.Repositories.GetBranch( + ctx, + orgName, + repoName, + *repo.DefaultBranch, + true, + ) if err != nil { - fmt.Println("Skipped repo", repoName, "because it's default branch could not be accessed.") + fmt.Println( + "Skipped repo", + repoName, + "because it's default branch could not be accessed.", + ) + continue } + defaultBranchSHA := defaultBranch.Commit.SHA // Skip if scorecard file already exists in workflows folder. - scoreFileContent, _, _, err := client.Repositories.GetContents(context, orgName, repoName, ".github/workflows/scorecards-analysis.yml", &github.RepositoryContentGetOptions{}) + scoreFileContent, _, _, err := client.Repositories.GetContents( + ctx, + orgName, + repoName, + ".github/workflows/scorecards-analysis.yml", + &github.RepositoryContentGetOptions{}, + ) if scoreFileContent != nil || err == nil { - fmt.Println("Skipped repo", repoName, "since scorecard workflow already exists.") + fmt.Println( + "Skipped repo", + repoName, + "since scorecard workflow already exists.", + ) + continue } // Skip if branch scorecard already exists. - scorecardBranch, _, err := client.Repositories.GetBranch(context, orgName, repoName, "scorecard", true) + scorecardBranch, _, err := client.Repositories.GetBranch( + ctx, + orgName, + repoName, + "scorecard", + true, + ) if scorecardBranch != nil || err == nil { - fmt.Println("Skipped repo", repoName, "since branch scorecard already exists.") + fmt.Println( + "Skipped repo", + repoName, + "since branch scorecard already exists.", + ) + continue } @@ -97,21 +137,37 @@ func Run() { Ref: github.String("refs/heads/scorecard"), Object: &github.GitObject{SHA: defaultBranchSHA}, } - _, _, err = client.Git.CreateRef(context, orgName, repoName, ref) + _, _, err = client.Git.CreateRef(ctx, orgName, repoName, ref) if err != nil { - fmt.Println("Skipped repo", repoName, "because new branch could not be created.") + fmt.Println( + "Skipped repo", + repoName, + "because new branch could not be created.", + ) + continue } // Create file in repository. opts := &github.RepositoryContentFileOptions{ Message: github.String("Adding scorecard workflow"), - Content: []byte(workflowContent), + Content: workflowContent, Branch: github.String("scorecard"), } - _, _, err = client.Repositories.CreateFile(context, orgName, repoName, ".github/workflows/scorecards-analysis.yml", opts) + _, _, err = client.Repositories.CreateFile( + ctx, + orgName, + repoName, + ".github/workflows/scorecards-analysis.yml", + opts, + ) if err != nil { - fmt.Println("Skipped repo", repoName, "because new file could not be created.") + fmt.Println( + "Skipped repo", + repoName, + "because new file could not be created.", + ) + continue } @@ -120,22 +176,34 @@ func Run() { Title: github.String("Added Scorecard Workflow"), Head: github.String("scorecard"), Base: github.String(*defaultBranch.Name), - Body: github.String("Added the workflow for OpenSSF's Security Scorecard"), + Body: github.String( + "Added the workflow for OpenSSF's Security Scorecard", + ), Draft: github.Bool(false), } - _, _, err = client.PullRequests.Create(context, orgName, repoName, pr) + _, _, err = client.PullRequests.Create(ctx, orgName, repoName, pr) if err != nil { - fmt.Println("Skipped repo", repoName, "because pull request could not be created.") + fmt.Println( + "Skipped repo", + repoName, + "because pull request could not be created.", + ) + continue } // Logging. - fmt.Println("Successfully added scorecard workflow PR from scorecard to", *defaultBranch.Name, "branch of repo", repoName) + fmt.Println( + "Successfully added scorecard workflow PR from scorecard to", + *defaultBranch.Name, + "branch of repo", + repoName, + ) } } -func err_check(err error, msg string) { +func errCheck(err error, msg string) { if err != nil { fmt.Println(msg, err) } diff --git a/main.go b/main.go index d917a6d7..9cb6b59d 100644 --- a/main.go +++ b/main.go @@ -33,7 +33,7 @@ func main() { log.Fatalf("error during command execution: %v", err) } - if os.Getenv(options.EnvInputPublishResults) == "true" { //nolint + if os.Getenv(options.EnvInputPublishResults) == "true" { // Get json results by re-running scorecard. jsonPayload, err := signing.GetJSONScorecardResults() if err != nil { diff --git a/multi-repo-action/main_test.go b/multi-repo-action/main_test.go index b70f30bb..f4c17d86 100644 --- a/multi-repo-action/main_test.go +++ b/multi-repo-action/main_test.go @@ -14,6 +14,8 @@ // // SPDX-License-Identifier: Apache-2.0 +//nolint +// TODO(lint): Remove nolint directive and fix lint warnings package main import ( @@ -25,9 +27,7 @@ import ( "github.com/google/go-github/v42/github" ) -var ( - client *github.Client -) +var client *github.Client // Currently incomplete // Good reference: https://github.com/google/go-github/blob/887f605dd1f81715a4d4e3983e38450b29833639/github/repos_contents_test.go @@ -66,7 +66,6 @@ func Test_OrgWorkflowAdd(t *testing.T) { if err != nil && resp.StatusCode != http.StatusNotFound { t.Fatalf("Repositories.Get() returned error: %v", err) } - } func createRandomTestRepository(owner string, autoinit bool) (*github.Repository, error) { From b18a594d8c69a5a71625e72a1a17d0a0e65ce1fd Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Sun, 15 May 2022 15:13:44 -0400 Subject: [PATCH 05/13] [WIP] install: Parameterize config Signed-off-by: Stephen Augustus --- install/install.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/install/install.go b/install/install.go index bd373aec..256d4679 100644 --- a/install/install.go +++ b/install/install.go @@ -26,8 +26,9 @@ import ( ) const ( - orgName = "organization name" - pat = "personal access token" + orgName = "organization name" + pat = "personal access token" + workflowFile = ".github/workflows/scorecards-analysis.yml" ) // RepoList leave empty to process all repos under org (optional). @@ -101,7 +102,7 @@ func Run() { ctx, orgName, repoName, - ".github/workflows/scorecards-analysis.yml", + workflowFile, &github.RepositoryContentGetOptions{}, ) if scoreFileContent != nil || err == nil { @@ -158,7 +159,7 @@ func Run() { ctx, orgName, repoName, - ".github/workflows/scorecards-analysis.yml", + workflowFile, opts, ) if err != nil { From e1d3f97f728d462123d2789f70d90f3c53376ed1 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Tue, 17 May 2022 02:32:14 -0400 Subject: [PATCH 06/13] install: Borrow GitHub client pattern from sigs.k8s.io/release-sdk Signed-off-by: Stephen Augustus --- go.mod | 20 ++++- go.sum | 42 ++++++++- install/github/github.go | 183 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 242 insertions(+), 3 deletions(-) create mode 100644 install/github/github.go diff --git a/go.mod b/go.mod index a155fd43..95bcdfa9 100644 --- a/go.mod +++ b/go.mod @@ -5,9 +5,13 @@ go 1.17 require ( github.com/caarlos0/env/v6 v6.9.2 github.com/google/go-cmp v0.5.8 + github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 github.com/ossf/scorecard/v4 v4.2.0 github.com/sigstore/cosign v1.8.0 + github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.4.0 + sigs.k8s.io/release-sdk v0.8.0 + sigs.k8s.io/release-utils v0.6.1-0.20220405215325-d4a2a2f0e8fd ) require ( @@ -25,11 +29,14 @@ require ( github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/Microsoft/go-winio v0.5.1 // indirect github.com/PaesslerAG/gval v1.0.0 // indirect github.com/PaesslerAG/jsonpath v0.1.1 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/ThalesIgnite/crypto11 v1.2.5 // indirect + github.com/acomagu/bufpipe v1.0.3 // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/aws/aws-sdk-go-v2 v1.16.2 // indirect github.com/aws/aws-sdk-go-v2/config v1.15.3 // indirect @@ -71,6 +78,7 @@ require ( github.com/docker/docker v20.10.12+incompatible // indirect github.com/docker/docker-credential-helpers v0.6.4 // indirect github.com/dustin/go-humanize v1.0.0 // indirect + github.com/emirpasic/gods v1.12.0 // indirect github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 // indirect github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect github.com/fatih/color v1.13.0 // indirect @@ -79,6 +87,9 @@ require ( github.com/fullstorydev/grpcurl v1.8.2 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-chi/chi v4.1.2+incompatible // indirect + github.com/go-git/gcfg v1.5.0 // indirect + github.com/go-git/go-billy/v5 v5.3.1 // indirect + github.com/go-git/go-git/v5 v5.4.2 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/analysis v0.21.2 // indirect github.com/go-openapi/errors v0.20.2 // indirect @@ -106,6 +117,7 @@ require ( github.com/google/certificate-transparency-go v1.1.2 // indirect github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 // indirect github.com/google/go-github/v38 v38.1.0 // indirect + github.com/google/go-github/v39 v39.2.0 // indirect github.com/google/go-github/v41 v41.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -126,12 +138,14 @@ require ( github.com/imdario/mergo v0.3.12 // indirect github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect github.com/jhump/protoreflect v1.9.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect github.com/klauspost/compress v1.15.1 // indirect github.com/leodido/go-urn v1.2.1 // indirect github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e // indirect @@ -154,6 +168,7 @@ require ( github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pelletier/go-toml v1.9.4 // indirect github.com/pelletier/go-toml/v2 v2.0.0-beta.8 // indirect + github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.12.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect @@ -167,12 +182,12 @@ require ( github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74 // indirect github.com/secure-systems-lab/go-securesystemslib v0.3.1 // indirect github.com/segmentio/ksuid v1.0.4 // indirect + github.com/sergi/go-diff v1.2.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa // indirect github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 // indirect github.com/sigstore/sigstore v1.2.1-0.20220424143412-3d41663116d5 // indirect - github.com/sirupsen/logrus v1.8.1 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/soheilhy/cmux v0.1.5 // indirect github.com/spf13/afero v1.8.2 // indirect @@ -191,6 +206,7 @@ require ( github.com/urfave/cli v1.22.5 // indirect github.com/vbatts/tar-split v0.11.2 // indirect github.com/xanzy/go-gitlab v0.64.0 // indirect + github.com/xanzy/ssh-agent v0.3.0 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect github.com/zeebo/errs v1.2.2 // indirect go.etcd.io/bbolt v1.3.6 // indirect @@ -241,6 +257,7 @@ require ( gopkg.in/ini.v1 v1.66.4 // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect + gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect gotest.tools/v3 v3.1.0 // indirect @@ -253,7 +270,6 @@ require ( knative.dev/pkg v0.0.0-20220325200448-1f7514acd0c2 // indirect mvdan.cc/sh/v3 v3.4.3 // indirect sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect - sigs.k8s.io/release-utils v0.6.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index fa335fdc..64e89eb8 100644 --- a/go.sum +++ b/go.sum @@ -122,6 +122,7 @@ contrib.go.opencensus.io/exporter/zipkin v0.1.2/go.mod h1:mP5xM3rrgOjpn79MM8fZbj contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/integrations/ocsql v0.1.7/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= +cuelang.org/go v0.4.2/go.mod h1:P09/R4UfAEzLkV9DXxwlxQnIZbkaT4uIhiEgs6Vsz2Q= cuelang.org/go v0.4.3/go.mod h1:7805vR9H+VoBNdWFdI7jyDR3QLUPp4+naHfbcgp55HI= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -152,6 +153,7 @@ github.com/Azure/azure-sdk-for-go v59.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v60.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v60.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v63.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v63.3.0+incompatible h1:INepVujzUrmArRZjDLHbtER+FkvCoEwyRCXGqOlmDII= github.com/Azure/azure-sdk-for-go v63.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= @@ -184,6 +186,7 @@ github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgq github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.22/go.mod h1:BAWYUWGPEtKPzjVkp0Q6an0MJcJDsoh5Z1BFAEFs4Xs= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= +github.com/Azure/go-autorest/autorest v0.11.25/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= @@ -271,6 +274,7 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.1 h1:aPJp2QD7OOrhO5tQXqQoGSJc+DjDtWTGLOmNyAm6FgY= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= @@ -294,6 +298,7 @@ github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= +github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -315,6 +320,7 @@ github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9 github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E= github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= +github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= @@ -332,6 +338,7 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo github.com/andybalholm/brotli v1.0.0/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -355,6 +362,7 @@ github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= @@ -386,6 +394,7 @@ github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zK github.com/aws/aws-sdk-go v1.42.8/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.42.22/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.42.25/go.mod h1:gyRszuZ/icHmHAVE4gc/r+cfCmhA1AD+vqfWbgI+eHs= +github.com/aws/aws-sdk-go v1.43.30/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.43.45 h1:2708Bj4uV+ym62MOtBnErm/CDX61C4mFe9V2gXy1caE= github.com/aws/aws-sdk-go v1.43.45/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= @@ -534,6 +543,7 @@ github.com/caarlos0/env/v6 v6.9.2 h1:vYTmP7KPtHf3LqaQH5Z2AkUY8GmanDrTelXnFzxSK44 github.com/caarlos0/env/v6 v6.9.2/go.mod h1:hvp/ryKXKipEkcuYjs9mI4bBCg+UI0Yhgm5Zu0ddvwc= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/carolynvs/magex v0.7.0/go.mod h1:vZB3BkRfkd5ZMtkxJkCGbdFyWGoZiuNPKhx6uEQARmY= +github.com/carolynvs/magex v0.7.1/go.mod h1:vZB3BkRfkd5ZMtkxJkCGbdFyWGoZiuNPKhx6uEQARmY= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/badio v0.0.0-20160213150051-ce5280129e9e/go.mod h1:V284PjgVwSk4ETmz84rpu9ehpGg7swlIH8npP9k2bGw= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= @@ -821,6 +831,7 @@ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkg github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/proto v1.6.15/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A= +github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -905,6 +916,7 @@ github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwv github.com/gin-gonic/gin v1.7.1/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gin-gonic/gin v1.7.3/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= @@ -914,10 +926,14 @@ github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxm github.com/go-critic/go-critic v0.4.1/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= github.com/go-critic/go-critic v0.4.3/go.mod h1:j4O3D4RoIwRqlZw5jJpx0BNfXWWbpcJoKu5cYSe4YmQ= github.com/go-critic/go-critic v0.6.1/go.mod h1:SdNCfU0yF3UBjtaZGw6586/WocupMOJuiqgom5DsQxM= +github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8= github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= +github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -1075,6 +1091,7 @@ github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8w github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-redis/redis/v8 v8.11.4/go.mod h1:2Z2wHZXdQpCDXEGzqMockDpNyYvi2l4Pxt6RJr792+w= github.com/go-rod/rod v0.101.8/go.mod h1:N/zlT53CfSpq74nb6rOR0K8UF0SPUPBmzBnArrms+mY= +github.com/go-rod/rod v0.104.4/go.mod h1:trmrxxg+qUodIIQiYeyJbW5ZMo0FSajmdEGw2tHzlM4= github.com/go-rod/rod v0.106.1 h1:+9YdoTT56KI3KrFfWVr3I13wh0qbhm/Aq+7JvCBA6AQ= github.com/go-rod/rod v0.106.1/go.mod h1:+YLe2X+nAuEGpYWs7rKPZr9SMX100FbxYZaeU1Dofpc= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -1312,6 +1329,8 @@ github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv3 github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= github.com/google/go-github/v39 v39.0.0/go.mod h1:C1s8C5aCC9L+JXIYpJM5GYytdX52vC1bLvHEF1IhBrE= +github.com/google/go-github/v39 v39.2.0 h1:rNNM311XtPOz5rDdsJXAp2o8F67X9FnROXTvto3aSnQ= +github.com/google/go-github/v39 v39.2.0/go.mod h1:C1s8C5aCC9L+JXIYpJM5GYytdX52vC1bLvHEF1IhBrE= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= github.com/google/go-github/v42 v42.0.0 h1:YNT0FwjPrEysRkLIiKuEfSvBPCGKphW5aS5PxwaoLec= @@ -1440,6 +1459,7 @@ github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod github.com/gostaticanalysis/testutil v0.4.0/go.mod h1:bLIoPefWXrRi/ssLFWX1dx7Repi5x3CuviD3dgAZaBU= github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= @@ -1517,6 +1537,7 @@ github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmk github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.2/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.3/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.4 h1:hrIH/qrOTHfG9a1Jz6Z2jQf7Xe77AaD464W1fCFLwPQ= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.4/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= @@ -1647,6 +1668,7 @@ github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv github.com/jackc/puddle v1.2.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jaguilar/vt100 v0.0.0-20150826170717-2703a27b14ea/go.mod h1:QMdK4dGB3YhEW2BmA1wgGpPYI3HZy/5gD705PXKUVSg= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= @@ -1720,6 +1742,7 @@ github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1q github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck= github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= @@ -1796,6 +1819,7 @@ github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQ github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magefile/mage v1.11.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= +github.com/magefile/mage v1.13.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.4/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= @@ -1822,6 +1846,7 @@ github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHef github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/matoous/godox v0.0.0-20210227103229-6504466cf951/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= +github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= @@ -2104,6 +2129,7 @@ github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml/v2 v2.0.0-beta.8 h1:dy81yyLYJDwMTifq24Oi/IslOslRrDSb3jwDggjz3Z0= github.com/pelletier/go-toml/v2 v2.0.0-beta.8/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= +github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw= @@ -2283,6 +2309,7 @@ github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002/go.mod h1:/yeG0My1xr/u+HZrFQ1tOQQQQrOawfyMUH13ai5brBc= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs= @@ -2300,6 +2327,7 @@ github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOms github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a h1:KikTa6HtAK8cS1qjvUvvq4QO21QnwC+EfvB+OAuZ/ZU= github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a/go.mod h1:AuYgA5Kyo4c7HfUmvRGs/6rGlMMV/6B1bVnB9JxJEEg= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sigstore/cosign v1.7.1/go.mod h1:+W72sINOHqxxXFdBcI2tS52Uk1lQ7FtxkCCAISpABcc= github.com/sigstore/cosign v1.8.0 h1:wFUGt8ijnZ5xngLawNghotsDlNb4DJGaiN7Yl8roUCk= github.com/sigstore/cosign v1.8.0/go.mod h1:lYUOnjD6Blysi5CBFYUN8ZRV489ku+/VvDmbdI9zoFQ= github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 h1:XE7A9lJ+wYhmUFBWYTaw3Ph943zHB4iBYd5R0SX0ZOA= @@ -2309,6 +2337,7 @@ github.com/sigstore/rekor v0.5.0 h1:YAVIdOLHTuzqV7XfZvlASxbkgylxaeThzusV5Tx8XeE= github.com/sigstore/rekor v0.5.0/go.mod h1:nTpOwCPKuazkGfW/3Dp3iGWkgZL2Ogb2kBesAwz83eQ= github.com/sigstore/sigstore v1.0.2-0.20211210190220-04746d994282/go.mod h1:SuM+QIHtnnR9eGsURRLv5JfxM6KeaU0XKA1O7FmLs4Q= github.com/sigstore/sigstore v1.1.0/go.mod h1:gDpcHw4VwpoL5C6N1Ud1YtBsc+ikRDwDelDlWRyYoE8= +github.com/sigstore/sigstore v1.2.1-0.20220401110139-0e610e39782f/go.mod h1:9wYagRiKz/8KgK/YFPM6FA8WrNjv3Y6rQUQWBLqJXs0= github.com/sigstore/sigstore v1.2.1-0.20220424143412-3d41663116d5 h1:8OL06Knchax4CMtdfquC3ASWQPtYMJgyeQImWQPw6XE= github.com/sigstore/sigstore v1.2.1-0.20220424143412-3d41663116d5/go.mod h1:OvpZniSE9oRPnW7+mhxljRt2RAQU+TwcnhYbqQsPwPc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -2350,6 +2379,7 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.4.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/afero v1.8.0/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo= github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -2526,9 +2556,11 @@ github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr github.com/withfig/autocomplete-tools/packages/cobra v0.0.0-20220122124547-31d3821a6898/go.mod h1:cKObXQ6PVFO7bHUd5jpApXvMIt55Ewz7UdMiC05ONxI= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/go-gitlab v0.32.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= +github.com/xanzy/go-gitlab v0.61.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= github.com/xanzy/go-gitlab v0.64.0 h1:rMgQdW9S1w3qvNAH2LYpFd2xh7KNLk+JWJd7sorNuTc= github.com/xanzy/go-gitlab v0.64.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= +github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= @@ -2552,13 +2584,17 @@ github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mo github.com/yeya24/promlinter v0.1.0/go.mod h1:rs5vtZzeBHqqMwXqFScncpCF6u06lezhZepno9AB1Oc= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/ysmood/goob v0.3.0/go.mod h1:S3lq113Y91y1UBf1wj1pFOxeahvfKkCk6mTWTWbDdWs= +github.com/ysmood/goob v0.3.1/go.mod h1:S3lq113Y91y1UBf1wj1pFOxeahvfKkCk6mTWTWbDdWs= github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ= github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18= github.com/ysmood/got v0.15.1/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY= +github.com/ysmood/got v0.19.1/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY= github.com/ysmood/got v0.23.3/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY= github.com/ysmood/gotrace v0.2.2/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM= +github.com/ysmood/gotrace v0.4.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM= github.com/ysmood/gotrace v0.6.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM= github.com/ysmood/gson v0.6.4/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= +github.com/ysmood/gson v0.7.0/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= github.com/ysmood/gson v0.7.1 h1:zKL2MTGtynxdBdlZjyGsvEOZ7dkxaY5TH6QhAbTgz0Q= github.com/ysmood/gson v0.7.1/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= github.com/ysmood/leakless v0.7.0 h1:XCGdaPExyoreoQd+H5qgxM3ReNbSPFsEXpSKwbXbwQw= @@ -3643,6 +3679,7 @@ gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQb gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -3795,8 +3832,11 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0 sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= -sigs.k8s.io/release-utils v0.6.0 h1:wJDuzWJqPH4a5FAxAXE2aBvbB6UMIW7iYMhsKnIMQkA= +sigs.k8s.io/release-sdk v0.8.0 h1:pBFoQMc8hZpXhptBPX2hEkh9Je3/Pt95JfPFamtFoDA= +sigs.k8s.io/release-sdk v0.8.0/go.mod h1:ERXAwkYpWgdhnx/6R0tH54bFZPY7I8ztUeChU5FEWcM= sigs.k8s.io/release-utils v0.6.0/go.mod h1:kR1/DuYCJ4covppUasYNcA11OixC9O37B/E0ejRfb+c= +sigs.k8s.io/release-utils v0.6.1-0.20220405215325-d4a2a2f0e8fd h1:HUAAyjpYEZCn9+yZxLmCSp0zVZPjGd3vk89E3CxenpQ= +sigs.k8s.io/release-utils v0.6.1-0.20220405215325-d4a2a2f0e8fd/go.mod h1:KpxSx7wcASB1Rk430h8XRd6f8mWdptpMCy8fZA/taik= sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06 h1:zD2IemQ4LmOcAumeiyDWXKUI2SO0NYDe3H6QGvPOVgU= sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= diff --git a/install/github/github.go b/install/github/github.go new file mode 100644 index 00000000..2f1a2c78 --- /dev/null +++ b/install/github/github.go @@ -0,0 +1,183 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +package github + +import ( + "context" + "fmt" + "net/http" + "os" + "path/filepath" + "strings" + + "github.com/google/go-github/v42/github" + "github.com/gregjones/httpcache" + "github.com/gregjones/httpcache/diskcache" + "github.com/sirupsen/logrus" + "golang.org/x/oauth2" + kgh "sigs.k8s.io/release-sdk/github" + "sigs.k8s.io/release-utils/env" +) + +// From https://github.com/kubernetes-sigs/release-sdk/blob/e23d2c82bbb41a007cdf019c30930e8fd2649c01/github/github.go //nolint:lll + +// GitHub is a wrapper around GitHub related functionality +type GitHub struct { + client Client + options *Options +} + +// Client is an interface modeling supported GitHub operations +type Client interface { + // TODO(install): Populate interface + GetRepositoriesByOrg( + context.Context, string, + ) ([]*github.Repository, *github.Response, error) +} + +// Options is a set of options to configure the behavior of the GitHub package +type Options struct { + // How many items to request in calls to the github API + // that require pagination. + ItemsPerPage int +} + +func (o *Options) GetItemsPerPage() int { + return o.ItemsPerPage +} + +// DefaultOptions return an options struct with commonly used settings +func DefaultOptions() *Options { + return &Options{ + ItemsPerPage: 50, + } +} + +// SetClient can be used to manually set the internal GitHub client +func (g *GitHub) SetClient(client Client) { + g.client = client +} + +// Client can be used to retrieve the Client type +func (g *GitHub) Client() Client { + return g.client +} + +// SetOptions gets an options set for the GitHub object +func (g *GitHub) SetOptions(opts *Options) { + g.options = opts +} + +// Options return a pointer to the options struct +func (g *GitHub) Options() *Options { + return g.options +} + +// TODO: we should clean up the functions listed below and agree on the same +// return type (with or without error): +// - New +// - NewWithToken +// - NewEnterprise +// - NewEnterpriseWithToken + +// New creates a new default GitHub client. Tokens set via the $GITHUB_TOKEN +// environment variable will result in an authenticated client. +// If the $GITHUB_TOKEN is not set, then the client will do unauthenticated +// GitHub requests. +func New() *GitHub { + token := env.Default(kgh.TokenEnvKey, "") + client, _ := NewWithToken(token) // nolint: errcheck + return client +} + +// NewWithToken can be used to specify a GitHub token through parameters. +// Empty string will result in unauthenticated client, which makes +// unauthenticated requests. +func NewWithToken(token string) (*GitHub, error) { + ctx := context.Background() + client := http.DefaultClient + state := "unauthenticated" + if token != "" { + state = strings.TrimPrefix(state, "un") + client = oauth2.NewClient(ctx, oauth2.StaticTokenSource( + &oauth2.Token{AccessToken: token}, + )) + } + cacheDir, err := os.UserCacheDir() + if err != nil { + logrus.Infof("Unable to retrieve user cache dir: %v", err) + cacheDir = os.TempDir() + } + dir := filepath.Join(cacheDir, "kubernetes", "release-sdk", "github") + logrus.Debugf("Caching GitHub responses in %v", dir) + t := httpcache.NewTransport(diskcache.New(dir)) + client.Transport = t.Transport + + logrus.Debugf("Using %s GitHub client", state) + return &GitHub{ + client: &githubClient{github.NewClient(client)}, + options: DefaultOptions(), + }, nil +} + +func NewEnterprise(baseURL, uploadURL string) (*GitHub, error) { + token := env.Default(kgh.TokenEnvKey, "") + return NewEnterpriseWithToken(baseURL, uploadURL, token) +} + +func NewEnterpriseWithToken(baseURL, uploadURL, token string) (*GitHub, error) { + ctx := context.Background() + client := http.DefaultClient + state := "unauthenticated" + if token != "" { + state = strings.TrimPrefix(state, "un") + client = oauth2.NewClient(ctx, oauth2.StaticTokenSource( + &oauth2.Token{AccessToken: token}, + )) + } + logrus.Debugf("Using %s Enterprise GitHub client", state) + ghclient, err := github.NewEnterpriseClient(baseURL, uploadURL, client) + if err != nil { + return nil, fmt.Errorf("failed to new github client: %s", err) + } + return &GitHub{ + client: &githubClient{ghclient}, + options: DefaultOptions(), + }, nil +} + +type githubClient struct { + *github.Client +} + +func (g *githubClient) GetRepositoriesByOrg( + ctx context.Context, owner string, +) ([]*github.Repository, *github.Response, error) { + repos, resp, err := g.Repositories.ListByOrg( + ctx, + owner, + // TODO(install): Does this need to parameterized? + &github.RepositoryListByOrgOptions{ + Type: "all", + }, + ) + if err != nil { + return repos, resp, fmt.Errorf("getting repositories: %w", err) + } + + return repos, resp, nil +} From 101ac57fb17e8e4583de5c0837fffc65f70a7837 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Mon, 23 May 2022 21:03:05 -0400 Subject: [PATCH 07/13] install: Use package-internal GitHub interface Signed-off-by: Stephen Augustus --- install/github/github.go | 149 ++++++++++++++++++++++++++++++++++++--- install/install.go | 47 ++++++------ 2 files changed, 159 insertions(+), 37 deletions(-) diff --git a/install/github/github.go b/install/github/github.go index 2f1a2c78..8a84e02b 100644 --- a/install/github/github.go +++ b/install/github/github.go @@ -33,56 +33,75 @@ import ( "sigs.k8s.io/release-utils/env" ) -// From https://github.com/kubernetes-sigs/release-sdk/blob/e23d2c82bbb41a007cdf019c30930e8fd2649c01/github/github.go //nolint:lll +// From https://github.com/kubernetes-sigs/release-sdk/blob/e23d2c82bbb41a007cdf019c30930e8fd2649c01/github/github.go -// GitHub is a wrapper around GitHub related functionality +// GitHub is a wrapper around GitHub related functionality. type GitHub struct { client Client options *Options } -// Client is an interface modeling supported GitHub operations +// Client is an interface modeling supported GitHub operations. type Client interface { // TODO(install): Populate interface + CreateFile( + context.Context, string, string, string, *github.RepositoryContentFileOptions, + ) (*github.RepositoryContentResponse, *github.Response, error) + CreateGitRef( + context.Context, string, string, *github.Reference, + ) (*github.Reference, *github.Response, error) + CreatePullRequest( + context.Context, string, string, string, string, string, string, + ) (*github.PullRequest, error) + GetBranch( + context.Context, string, string, string, bool, + ) (*github.Branch, *github.Response, error) + GetContents( + context.Context, string, string, string, *github.RepositoryContentGetOptions, + ) (*github.RepositoryContent, []*github.RepositoryContent, *github.Response, error) GetRepositoriesByOrg( context.Context, string, ) ([]*github.Repository, *github.Response, error) + GetRepository( + context.Context, string, string, + ) (*github.Repository, *github.Response, error) } -// Options is a set of options to configure the behavior of the GitHub package +// Options is a set of options to configure the behavior of the GitHub package. type Options struct { // How many items to request in calls to the github API // that require pagination. ItemsPerPage int } +// GetItemsPerPage // TODO(github): needs comment. func (o *Options) GetItemsPerPage() int { return o.ItemsPerPage } -// DefaultOptions return an options struct with commonly used settings +// DefaultOptions return an options struct with commonly used settings. func DefaultOptions() *Options { return &Options{ ItemsPerPage: 50, } } -// SetClient can be used to manually set the internal GitHub client +// SetClient can be used to manually set the internal GitHub client. func (g *GitHub) SetClient(client Client) { g.client = client } -// Client can be used to retrieve the Client type +// Client can be used to retrieve the Client type. func (g *GitHub) Client() Client { return g.client } -// SetOptions gets an options set for the GitHub object +// SetOptions gets an options set for the GitHub object. func (g *GitHub) SetOptions(opts *Options) { g.options = opts } -// Options return a pointer to the options struct +// Options return a pointer to the options struct. func (g *GitHub) Options() *Options { return g.options } @@ -134,11 +153,13 @@ func NewWithToken(token string) (*GitHub, error) { }, nil } +// NewEnterprise // TODO(github): needs comment. func NewEnterprise(baseURL, uploadURL string) (*GitHub, error) { token := env.Default(kgh.TokenEnvKey, "") return NewEnterpriseWithToken(baseURL, uploadURL, token) } +// NewEnterpriseWithToken // TODO(github): needs comment. func NewEnterpriseWithToken(baseURL, uploadURL, token string) (*GitHub, error) { ctx := context.Background() client := http.DefaultClient @@ -152,7 +173,7 @@ func NewEnterpriseWithToken(baseURL, uploadURL, token string) (*GitHub, error) { logrus.Debugf("Using %s Enterprise GitHub client", state) ghclient, err := github.NewEnterpriseClient(baseURL, uploadURL, client) if err != nil { - return nil, fmt.Errorf("failed to new github client: %s", err) + return nil, fmt.Errorf("failed to new github client: %w", err) } return &GitHub{ client: &githubClient{ghclient}, @@ -165,7 +186,8 @@ type githubClient struct { } func (g *githubClient) GetRepositoriesByOrg( - ctx context.Context, owner string, + ctx context.Context, + owner string, ) ([]*github.Repository, *github.Response, error) { repos, resp, err := g.Repositories.ListByOrg( ctx, @@ -181,3 +203,108 @@ func (g *githubClient) GetRepositoriesByOrg( return repos, resp, nil } + +func (g *githubClient) GetRepository( + ctx context.Context, + owner, + repo string, +) (*github.Repository, *github.Response, error) { + pr, resp, err := g.Repositories.Get(ctx, owner, repo) + if err != nil { + return pr, resp, fmt.Errorf("getting repository: %w", err) + } + + return pr, resp, nil +} + +func (g *githubClient) GetBranch( + ctx context.Context, + owner, + repo, + branch string, + followRedirects bool, +) (*github.Branch, *github.Response, error) { + // TODO: Populate + return g.Repositories.GetBranch( + ctx, + owner, + repo, + branch, + followRedirects, + ) +} + +func (g *githubClient) GetContents( + ctx context.Context, + owner, + repo, + path string, + opts *github.RepositoryContentGetOptions, +) (*github.RepositoryContent, []*github.RepositoryContent, *github.Response, error) { + // TODO: Populate + return g.Repositories.GetContents( + ctx, + owner, + repo, + path, + opts, + ) +} + +func (g *githubClient) CreateGitRef( + ctx context.Context, + owner, + repo string, + ref *github.Reference, +) (*github.Reference, *github.Response, error) { + // TODO: Populate + return g.Git.CreateRef( + ctx, + owner, + repo, + ref, + ) +} + +func (g *githubClient) CreateFile( + ctx context.Context, + owner, + repo, + path string, + opts *github.RepositoryContentFileOptions, +) (*github.RepositoryContentResponse, *github.Response, error) { + // TODO: Populate + return g.Repositories.CreateFile( + ctx, + owner, + repo, + path, + opts, + ) +} + +func (g *githubClient) CreatePullRequest( + ctx context.Context, + owner, + repo, + baseBranchName, + headBranchName, + title, + body string, +) (*github.PullRequest, error) { + newPullRequest := &github.NewPullRequest{ + Title: &title, + Head: &headBranchName, + Base: &baseBranchName, + Body: &body, + MaintainerCanModify: github.Bool(true), + } + + pr, _, err := g.PullRequests.Create(ctx, owner, repo, newPullRequest) + if err != nil { + return pr, fmt.Errorf("creating pull request: %w", err) + } + + logrus.Infof("Successfully created PR #%d", pr.GetNumber()) + return pr, nil +} diff --git a/install/install.go b/install/install.go index 256d4679..38182fec 100644 --- a/install/install.go +++ b/install/install.go @@ -22,7 +22,8 @@ import ( "io/ioutil" "github.com/google/go-github/v42/github" - "golang.org/x/oauth2" + + scagh "github.com/ossf/scorecard-action/install/github" ) const ( @@ -37,20 +38,16 @@ var RepoList = []string{} // Run adds the OpenSSF Scorecard workflow to all repositories under the given // organization. // TODO(install): Improve description. +// TODO(install): Accept a context instead of setting one. func Run() { // Get github user client. ctx := context.Background() - tokenService := oauth2.StaticTokenSource( - &oauth2.Token{AccessToken: pat}, - ) - - tokenClient := oauth2.NewClient(ctx, tokenService) - client := github.NewClient(tokenClient) + gh := scagh.New() + client := gh.Client() // If not provided, get all repositories under organization. if len(RepoList) == 0 { - lops := &github.RepositoryListByOrgOptions{Type: "all"} - repos, _, err := client.Repositories.ListByOrg(ctx, orgName, lops) + repos, _, err := client.GetRepositoriesByOrg(ctx, orgName) errCheck(err, "Error listing organization's repos.") // Convert to list of repository names. @@ -66,7 +63,7 @@ func Run() { // Process each repository. for _, repoName := range RepoList { // Get repo metadata. - repo, _, err := client.Repositories.Get(ctx, orgName, repoName) + repo, _, err := client.GetRepository(ctx, orgName, repoName) if err != nil { fmt.Println( "Skipped repo", @@ -78,7 +75,7 @@ func Run() { } // Get head commit SHA of default branch. - defaultBranch, _, err := client.Repositories.GetBranch( + defaultBranch, _, err := client.GetBranch( ctx, orgName, repoName, @@ -98,7 +95,7 @@ func Run() { defaultBranchSHA := defaultBranch.Commit.SHA // Skip if scorecard file already exists in workflows folder. - scoreFileContent, _, _, err := client.Repositories.GetContents( + scoreFileContent, _, _, err := client.GetContents( ctx, orgName, repoName, @@ -116,7 +113,7 @@ func Run() { } // Skip if branch scorecard already exists. - scorecardBranch, _, err := client.Repositories.GetBranch( + scorecardBranch, _, err := client.GetBranch( ctx, orgName, repoName, @@ -138,7 +135,7 @@ func Run() { Ref: github.String("refs/heads/scorecard"), Object: &github.GitObject{SHA: defaultBranchSHA}, } - _, _, err = client.Git.CreateRef(ctx, orgName, repoName, ref) + _, _, err = client.CreateGitRef(ctx, orgName, repoName, ref) if err != nil { fmt.Println( "Skipped repo", @@ -155,7 +152,7 @@ func Run() { Content: workflowContent, Branch: github.String("scorecard"), } - _, _, err = client.Repositories.CreateFile( + _, _, err = client.CreateFile( ctx, orgName, repoName, @@ -173,17 +170,15 @@ func Run() { } // Create Pull request. - pr := &github.NewPullRequest{ - Title: github.String("Added Scorecard Workflow"), - Head: github.String("scorecard"), - Base: github.String(*defaultBranch.Name), - Body: github.String( - "Added the workflow for OpenSSF's Security Scorecard", - ), - Draft: github.Bool(false), - } - - _, _, err = client.PullRequests.Create(ctx, orgName, repoName, pr) + _, err = client.CreatePullRequest( + ctx, + orgName, + repoName, + *defaultBranch.Name, + "scorecard", + "Added Scorecard Workflow", + "Added the workflow for OpenSSF's Security Scorecard", + ) if err != nil { fmt.Println( "Skipped repo", From 48ca3f3163952f2fd0903daa94f8c275bfa5fbb2 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Tue, 24 May 2022 13:03:45 -0400 Subject: [PATCH 08/13] install: Provide installation options as struct Signed-off-by: Stephen Augustus --- install/install.go | 44 ++++++++++++++++++++++----------------- multi-repo-action/main.go | 4 +++- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/install/install.go b/install/install.go index 38182fec..a6b1521f 100644 --- a/install/install.go +++ b/install/install.go @@ -26,33 +26,39 @@ import ( scagh "github.com/ossf/scorecard-action/install/github" ) -const ( - orgName = "organization name" - pat = "personal access token" - workflowFile = ".github/workflows/scorecards-analysis.yml" -) +const workflowFile = ".github/workflows/scorecards-analysis.yml" + +// Options are installation options for the scorecard action. +type Options struct { + Owner string -// RepoList leave empty to process all repos under org (optional). -var RepoList = []string{} + // Repositories + Repositories []string +} + +// NewOptions creates a new instance of installation options. +func NewOptions() *Options { + return &Options{} +} // Run adds the OpenSSF Scorecard workflow to all repositories under the given // organization. // TODO(install): Improve description. // TODO(install): Accept a context instead of setting one. -func Run() { +func Run(o *Options) { // Get github user client. ctx := context.Background() gh := scagh.New() client := gh.Client() // If not provided, get all repositories under organization. - if len(RepoList) == 0 { - repos, _, err := client.GetRepositoriesByOrg(ctx, orgName) + if len(o.Repositories) == 0 { + repos, _, err := client.GetRepositoriesByOrg(ctx, o.Owner) errCheck(err, "Error listing organization's repos.") // Convert to list of repository names. for _, repo := range repos { - RepoList = append(RepoList, *repo.Name) + o.Repositories = append(o.Repositories, *repo.Name) } } @@ -61,9 +67,9 @@ func Run() { errCheck(err, "Error reading in scorecard workflow file.") // Process each repository. - for _, repoName := range RepoList { + for _, repoName := range o.Repositories { // Get repo metadata. - repo, _, err := client.GetRepository(ctx, orgName, repoName) + repo, _, err := client.GetRepository(ctx, o.Owner, repoName) if err != nil { fmt.Println( "Skipped repo", @@ -77,7 +83,7 @@ func Run() { // Get head commit SHA of default branch. defaultBranch, _, err := client.GetBranch( ctx, - orgName, + o.Owner, repoName, *repo.DefaultBranch, true, @@ -97,7 +103,7 @@ func Run() { // Skip if scorecard file already exists in workflows folder. scoreFileContent, _, _, err := client.GetContents( ctx, - orgName, + o.Owner, repoName, workflowFile, &github.RepositoryContentGetOptions{}, @@ -115,7 +121,7 @@ func Run() { // Skip if branch scorecard already exists. scorecardBranch, _, err := client.GetBranch( ctx, - orgName, + o.Owner, repoName, "scorecard", true, @@ -135,7 +141,7 @@ func Run() { Ref: github.String("refs/heads/scorecard"), Object: &github.GitObject{SHA: defaultBranchSHA}, } - _, _, err = client.CreateGitRef(ctx, orgName, repoName, ref) + _, _, err = client.CreateGitRef(ctx, o.Owner, repoName, ref) if err != nil { fmt.Println( "Skipped repo", @@ -154,7 +160,7 @@ func Run() { } _, _, err = client.CreateFile( ctx, - orgName, + o.Owner, repoName, workflowFile, opts, @@ -172,7 +178,7 @@ func Run() { // Create Pull request. _, err = client.CreatePullRequest( ctx, - orgName, + o.Owner, repoName, *defaultBranch.Name, "scorecard", diff --git a/multi-repo-action/main.go b/multi-repo-action/main.go index 18dcbaa0..9d798dd4 100644 --- a/multi-repo-action/main.go +++ b/multi-repo-action/main.go @@ -19,5 +19,7 @@ package main import "github.com/ossf/scorecard-action/install" func main() { - install.Run() + // TODO: Supply options via command line arguments. + opts := install.NewOptions() + install.Run(opts) } From 83894748fb8b399da4fc51fe9e4da654ce94bb1c Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Tue, 24 May 2022 13:20:53 -0400 Subject: [PATCH 09/13] install: Initial error/log handling cleanups Signed-off-by: Stephen Augustus --- install/github/github.go | 36 ++++++++++++---- install/install.go | 88 +++++++++++++++++++++++---------------- multi-repo-action/main.go | 12 +++++- 3 files changed, 91 insertions(+), 45 deletions(-) diff --git a/install/github/github.go b/install/github/github.go index 8a84e02b..403bff7c 100644 --- a/install/github/github.go +++ b/install/github/github.go @@ -224,14 +224,19 @@ func (g *githubClient) GetBranch( branch string, followRedirects bool, ) (*github.Branch, *github.Response, error) { - // TODO: Populate - return g.Repositories.GetBranch( + // TODO: Revisit logic and simplify returns, where possible. + b, resp, err := g.Repositories.GetBranch( ctx, owner, repo, branch, followRedirects, ) + if err != nil { + return b, resp, fmt.Errorf("getting branch: %w", err) + } + + return b, resp, nil } func (g *githubClient) GetContents( @@ -241,14 +246,19 @@ func (g *githubClient) GetContents( path string, opts *github.RepositoryContentGetOptions, ) (*github.RepositoryContent, []*github.RepositoryContent, *github.Response, error) { - // TODO: Populate - return g.Repositories.GetContents( + // TODO: Revisit logic and simplify returns, where possible. + file, dir, resp, err := g.Repositories.GetContents( ctx, owner, repo, path, opts, ) + if err != nil { + return file, dir, resp, fmt.Errorf("getting repo content: %w", err) + } + + return file, dir, resp, nil } func (g *githubClient) CreateGitRef( @@ -257,13 +267,18 @@ func (g *githubClient) CreateGitRef( repo string, ref *github.Reference, ) (*github.Reference, *github.Response, error) { - // TODO: Populate - return g.Git.CreateRef( + // TODO: Revisit logic and simplify returns, where possible. + gRef, resp, err := g.Git.CreateRef( ctx, owner, repo, ref, ) + if err != nil { + return gRef, resp, fmt.Errorf("creating git reference: %w", err) + } + + return gRef, resp, nil } func (g *githubClient) CreateFile( @@ -273,14 +288,19 @@ func (g *githubClient) CreateFile( path string, opts *github.RepositoryContentFileOptions, ) (*github.RepositoryContentResponse, *github.Response, error) { - // TODO: Populate - return g.Repositories.CreateFile( + // TODO: Revisit logic and simplify returns, where possible. + repoContentResp, resp, err := g.Repositories.CreateFile( ctx, owner, repo, path, opts, ) + if err != nil { + return repoContentResp, resp, fmt.Errorf("creating file: %w", err) + } + + return repoContentResp, resp, nil } func (g *githubClient) CreatePullRequest( diff --git a/install/install.go b/install/install.go index a6b1521f..c372e779 100644 --- a/install/install.go +++ b/install/install.go @@ -18,8 +18,10 @@ package install import ( "context" + "errors" "fmt" "io/ioutil" + "log" "github.com/google/go-github/v42/github" @@ -28,6 +30,8 @@ import ( const workflowFile = ".github/workflows/scorecards-analysis.yml" +var errOwnerNotSpecified = errors.New("owner not specified") + // Options are installation options for the scorecard action. type Options struct { Owner string @@ -41,11 +45,25 @@ func NewOptions() *Options { return &Options{} } +// Validate checks if the installation options specified are valid. +func (o *Options) Validate() error { + if o.Owner == "" { + return errOwnerNotSpecified + } + + return nil +} + // Run adds the OpenSSF Scorecard workflow to all repositories under the given // organization. // TODO(install): Improve description. // TODO(install): Accept a context instead of setting one. -func Run(o *Options) { +func Run(o *Options) error { + err := o.Validate() + if err != nil { + return fmt.Errorf("validating installation options: %w", err) + } + // Get github user client. ctx := context.Background() gh := scagh.New() @@ -54,7 +72,9 @@ func Run(o *Options) { // If not provided, get all repositories under organization. if len(o.Repositories) == 0 { repos, _, err := client.GetRepositoriesByOrg(ctx, o.Owner) - errCheck(err, "Error listing organization's repos.") + if err != nil { + return fmt.Errorf("getting repos for owner (%s): %w", o.Owner, err) + } // Convert to list of repository names. for _, repo := range repos { @@ -64,23 +84,27 @@ func Run(o *Options) { // Get yml file into byte array. workflowContent, err := ioutil.ReadFile("scorecards-analysis.yml") - errCheck(err, "Error reading in scorecard workflow file.") + if err != nil { + return fmt.Errorf("reading scorecard workflow file: %w", err) + } // Process each repository. + // TODO: Capture repo access errors for _, repoName := range o.Repositories { // Get repo metadata. repo, _, err := client.GetRepository(ctx, o.Owner, repoName) if err != nil { - fmt.Println( - "Skipped repo", + log.Printf( + "skipped repo (%s) because it does not exist or could not be accessed: %+v", repoName, - "because it does not exist or could not be accessed.", + err, ) continue } // Get head commit SHA of default branch. + // TODO: Capture branch access errors defaultBranch, _, err := client.GetBranch( ctx, o.Owner, @@ -89,10 +113,10 @@ func Run(o *Options) { true, ) if err != nil { - fmt.Println( - "Skipped repo", + log.Printf( + "skipped repo (%s) because its default branch could not be accessed: %+v", repoName, - "because it's default branch could not be accessed.", + err, ) continue @@ -109,10 +133,9 @@ func Run(o *Options) { &github.RepositoryContentGetOptions{}, ) if scoreFileContent != nil || err == nil { - fmt.Println( - "Skipped repo", + log.Printf( + "skipped repo (%s) since scorecard workflow already exists", repoName, - "since scorecard workflow already exists.", ) continue @@ -127,32 +150,33 @@ func Run(o *Options) { true, ) if scorecardBranch != nil || err == nil { - fmt.Println( - "Skipped repo", + log.Printf( + "skipped repo (%s) since the scorecard branch already exists", repoName, - "since branch scorecard already exists.", ) continue } // Create new branch using a reference that stores the new commit hash. + // TODO: Capture ref creation errors ref := &github.Reference{ Ref: github.String("refs/heads/scorecard"), Object: &github.GitObject{SHA: defaultBranchSHA}, } _, _, err = client.CreateGitRef(ctx, o.Owner, repoName, ref) if err != nil { - fmt.Println( - "Skipped repo", + log.Printf( + "skipped repo (%s) because new branch could not be created: %+v", repoName, - "because new branch could not be created.", + err, ) continue } // Create file in repository. + // TODO: Capture file creation errors opts := &github.RepositoryContentFileOptions{ Message: github.String("Adding scorecard workflow"), Content: workflowContent, @@ -166,16 +190,17 @@ func Run(o *Options) { opts, ) if err != nil { - fmt.Println( - "Skipped repo", + log.Printf( + "skipped repo (%s) because new file could not be created: %+v", repoName, - "because new file could not be created.", + err, ) continue } - // Create Pull request. + // Create pull request. + // TODO: Capture pull request creation errors _, err = client.CreatePullRequest( ctx, o.Owner, @@ -186,27 +211,20 @@ func Run(o *Options) { "Added the workflow for OpenSSF's Security Scorecard", ) if err != nil { - fmt.Println( - "Skipped repo", + log.Printf( + "skipped repo (%s) because pull request could not be created: %+v", repoName, - "because pull request could not be created.", + err, ) continue } - // Logging. - fmt.Println( - "Successfully added scorecard workflow PR from scorecard to", - *defaultBranch.Name, - "branch of repo", + log.Printf( + "Created a pull request to add the scorecard workflow to %s", repoName, ) } -} -func errCheck(err error, msg string) { - if err != nil { - fmt.Println(msg, err) - } + return nil } diff --git a/multi-repo-action/main.go b/multi-repo-action/main.go index 9d798dd4..a1f804b3 100644 --- a/multi-repo-action/main.go +++ b/multi-repo-action/main.go @@ -16,10 +16,18 @@ package main -import "github.com/ossf/scorecard-action/install" +import ( + "log" + + "github.com/ossf/scorecard-action/install" +) func main() { // TODO: Supply options via command line arguments. opts := install.NewOptions() - install.Run(opts) + + err := install.Run(opts) + if err != nil { + log.Fatalf("running scorecard action installation: %+v", err) + } } From 502112a96ac3b55a83d7304505a770e9a86832d8 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Tue, 24 May 2022 16:21:53 -0400 Subject: [PATCH 10/13] install: Use cobra for CLI Signed-off-by: Stephen Augustus --- install/cli/cli.go | 67 ++++++++++++++++++++++++++++++++++++++ install/install.go | 28 ++-------------- install/options/flags.go | 52 +++++++++++++++++++++++++++++ install/options/options.go | 43 ++++++++++++++++++++++++ multi-repo-action/main.go | 12 +++---- 5 files changed, 169 insertions(+), 33 deletions(-) create mode 100644 install/cli/cli.go create mode 100644 install/options/flags.go create mode 100644 install/options/options.go diff --git a/install/cli/cli.go b/install/cli/cli.go new file mode 100644 index 00000000..2bc76553 --- /dev/null +++ b/install/cli/cli.go @@ -0,0 +1,67 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +package cli + +import ( + "fmt" + + "github.com/spf13/cobra" + + "github.com/ossf/scorecard-action/install" + "github.com/ossf/scorecard-action/install/options" +) + +const ( + cmdUsage = `--owner example_org [--repos ]` + cmdDescShort = "Scorecard GitHub Action installer" + cmdDescLong = ` +The Scorecard GitHub Action installer simplifies the installation of the +scorecard GitHub Action by creating pull requests through the command line.` +) + +// New creates a new instance of the scorecard action installation command. +func New(o *options.Options) *cobra.Command { + cmd := &cobra.Command{ + Use: cmdUsage, + Short: cmdDescShort, + Long: cmdDescLong, + PreRunE: func(cmd *cobra.Command, args []string) error { + err := o.Validate() + if err != nil { + return fmt.Errorf("validating options: %w", err) + } + + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { + return rootCmd(o) + }, + } + + o.AddFlags(cmd) + return cmd +} + +// rootCmd runs scorecard checks given a set of arguments. +func rootCmd(o *options.Options) error { + err := install.Run(o) + if err != nil { + return fmt.Errorf("running scorecard installation: %w", err) + } + + return nil +} diff --git a/install/install.go b/install/install.go index c372e779..4c935936 100644 --- a/install/install.go +++ b/install/install.go @@ -18,7 +18,6 @@ package install import ( "context" - "errors" "fmt" "io/ioutil" "log" @@ -26,39 +25,16 @@ import ( "github.com/google/go-github/v42/github" scagh "github.com/ossf/scorecard-action/install/github" + "github.com/ossf/scorecard-action/install/options" ) const workflowFile = ".github/workflows/scorecards-analysis.yml" -var errOwnerNotSpecified = errors.New("owner not specified") - -// Options are installation options for the scorecard action. -type Options struct { - Owner string - - // Repositories - Repositories []string -} - -// NewOptions creates a new instance of installation options. -func NewOptions() *Options { - return &Options{} -} - -// Validate checks if the installation options specified are valid. -func (o *Options) Validate() error { - if o.Owner == "" { - return errOwnerNotSpecified - } - - return nil -} - // Run adds the OpenSSF Scorecard workflow to all repositories under the given // organization. // TODO(install): Improve description. // TODO(install): Accept a context instead of setting one. -func Run(o *Options) error { +func Run(o *options.Options) error { err := o.Validate() if err != nil { return fmt.Errorf("validating installation options: %w", err) diff --git a/install/options/flags.go b/install/options/flags.go new file mode 100644 index 00000000..6a1f5235 --- /dev/null +++ b/install/options/flags.go @@ -0,0 +1,52 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +package options + +import ( + "github.com/spf13/cobra" +) + +const ( + // FlagOwner is the flag name for specifying an repository owner. + FlagOwner = "owner" + + // FlagRepos is the flag name for specifying a set of repositories. + FlagRepos = "repos" +) + +// Command is an interface for handling options for command-line utilities. +type Command interface { + // AddFlags adds this options' flags to the cobra command. + AddFlags(cmd *cobra.Command) +} + +// AddFlags adds this options' flags to the cobra command. +func (o *Options) AddFlags(cmd *cobra.Command) { + cmd.Flags().StringVar( + &o.Owner, + FlagOwner, + o.Owner, + "org/owner to install the scorecard action for", + ) + + cmd.Flags().StringSliceVar( + &o.Repositories, + FlagRepos, + o.Repositories, + "repositories to install the scorecard action on", + ) +} diff --git a/install/options/options.go b/install/options/options.go new file mode 100644 index 00000000..0d8c0bc6 --- /dev/null +++ b/install/options/options.go @@ -0,0 +1,43 @@ +// Copyright 2022 OpenSSF Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +package options + +import "errors" + +var errOwnerNotSpecified = errors.New("owner not specified") + +// Options are installation options for the scorecard action. +type Options struct { + Owner string + + // Repositories + Repositories []string +} + +// New creates a new instance of installation options. +func New() *Options { + return &Options{} +} + +// Validate checks if the installation options specified are valid. +func (o *Options) Validate() error { + if o.Owner == "" { + return errOwnerNotSpecified + } + + return nil +} diff --git a/multi-repo-action/main.go b/multi-repo-action/main.go index a1f804b3..7d970b12 100644 --- a/multi-repo-action/main.go +++ b/multi-repo-action/main.go @@ -19,15 +19,13 @@ package main import ( "log" - "github.com/ossf/scorecard-action/install" + "github.com/ossf/scorecard-action/install/cli" + "github.com/ossf/scorecard-action/install/options" ) func main() { - // TODO: Supply options via command line arguments. - opts := install.NewOptions() - - err := install.Run(opts) - if err != nil { - log.Fatalf("running scorecard action installation: %+v", err) + opts := options.New() + if err := cli.New(opts).Execute(); err != nil { + log.Fatalf("error during command execution: %v", err) } } From 0072df3678d928a2c26f5386fb60593ead6ce890 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Tue, 24 May 2022 16:42:44 -0400 Subject: [PATCH 11/13] Remove inaccurate instances of workflow configuration file Signed-off-by: Stephen Augustus --- multi-repo-action/scorecards-analysis.yml | 74 ------------------- .../code-scanning/scorecards.yml | 59 +++++---------- 2 files changed, 20 insertions(+), 113 deletions(-) delete mode 100644 multi-repo-action/scorecards-analysis.yml diff --git a/multi-repo-action/scorecards-analysis.yml b/multi-repo-action/scorecards-analysis.yml deleted file mode 100644 index 602a6e54..00000000 --- a/multi-repo-action/scorecards-analysis.yml +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 2022 OpenSSF Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 - -name: Scorecards supply-chain security -on: - # Only the default branch is supported. - branch_protection_rule: - schedule: - # Weekly on Saturdays. - - cron: '30 1 * * 6' - push: - branches: [ $default-branch ] - workflow_dispatch: - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - actions: read - contents: read - - steps: - - name: "Checkout code" - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@c8416b0b2bf627c349ca92fc8e3de51a64b005cf # v1.0.2 - with: - results_file: results.sarif - results_format: sarif - # Read-only PAT token. To create it, - # follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation. - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 - with: - sarif_file: results.sarif \ No newline at end of file diff --git a/starter-workflows/code-scanning/scorecards.yml b/starter-workflows/code-scanning/scorecards.yml index e80dbc77..ae4449b6 100644 --- a/starter-workflows/code-scanning/scorecards.yml +++ b/starter-workflows/code-scanning/scorecards.yml @@ -15,12 +15,11 @@ # SPDX-License-Identifier: Apache-2.0 name: Scorecards supply-chain security -on: +on: # Only the default branch is supported. branch_protection_rule: schedule: - # Weekly on Saturdays. - - cron: '30 1 * * 6' + - cron: $cron-weekly push: branches: [ $default-branch ] @@ -34,57 +33,39 @@ jobs: permissions: # Needed to upload the results to code-scanning dashboard. security-events: write - + actions: read + contents: read + steps: - name: "Checkout code" - uses: actions/checkout@v1 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 + with: + persist-credentials: false - name: "Run analysis" - # TODO: update with a hash once we have a release. - uses: ossf/scorecard-action@feat/rempol + uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # v1.0.4 with: results_file: results.sarif results_format: sarif - # For the token, - # 1. Create a PAT token at https://github.com/settings/tokens/new - # with the following read permissions: - # - Note: OSSF Scorecard read-only token - # - Expiration: No expiration - # - Scopes: - # * repo > public_repo - # * admin:org > read:org - # * admin:repo_hook > read:repo_hook - # * write:discussion > read:discussion - # - # Create and copy the token. - # - # 2. Create a new repository secret at https://github.com///settings/secrets/actions - # with the following settings: - # - Name: SCORECARD_TOKEN - # - Value: the value of the token created in step 1 above. - repo_token: ${{ secrets.SCORECARD_TOKEN }} - # The Scorecard team runs a weekly scan of public GitHub repositories in order to track - # the overall security health of the open source ecosystem. - # Setting `publish_results: true` replaces the results of the team's weelky scans, - # helping us scale by cutting down on repeated workflows and GitHub API requests. - # This option is needed to enable badges on the repo. + # Read-only PAT token. To create it, + # follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation. + repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + # Publish the results to enable scorecard badges. For more details, see + # https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories, `publish_results` will automatically be set to `false`, + # regardless of the value entered here. publish_results: true - # Upload the results as artifacts. - # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts - # This is optional. + # Upload the results as artifacts (optional). - name: "Upload artifact" - # Note: scorecard will flag this line if not pinned by hash. - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: SARIF file path: results.sarif retention-days: 5 - + # Upload the results to GitHub's code scanning dashboard. - # This is required to visualize the results on GitHub website. - name: "Upload to code-scanning" - # Note: scorecard will flag this line if not pinned by hash. - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 with: sarif_file: results.sarif From bb52c121345cafa58b5778f53cf63bb16a9d8632 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Tue, 24 May 2022 17:40:19 -0400 Subject: [PATCH 12/13] multi-repo-action: Disable incomplete tests Signed-off-by: Stephen Augustus --- multi-repo-action/main_test.go | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/multi-repo-action/main_test.go b/multi-repo-action/main_test.go index f4c17d86..36f4bdd8 100644 --- a/multi-repo-action/main_test.go +++ b/multi-repo-action/main_test.go @@ -19,19 +19,18 @@ package main import ( - "context" - "fmt" - "net/http" - "testing" - "github.com/google/go-github/v42/github" ) var client *github.Client // Currently incomplete +//nolint:lll // Good reference: https://github.com/google/go-github/blob/887f605dd1f81715a4d4e3983e38450b29833639/github/repos_contents_test.go // Currently from: https://github.com/google/go-github/blob/master/test/integration/repos_test.go + +// TODO: Add/refactor tests +/* func Test_OrgWorkflowAdd(t *testing.T) { client = github.NewClient(nil) me, _, err := client.Users.Get(context.Background(), "") @@ -85,10 +84,18 @@ func createRandomTestRepository(owner string, autoinit bool) (*github.Repository } // create the repository - repo, _, err := client.Repositories.Create(context.Background(), "", &github.Repository{Name: github.String(repoName), AutoInit: github.Bool(autoinit)}) + repo, _, err := client.Repositories.Create( + context.Background(), + "", + &github.Repository{ + Name: github.String(repoName), + AutoInit: github.Bool(autoinit), + }, + ) if err != nil { return nil, err } return repo, nil } +*/ From 5d6b3d6177e88f12c4f76a67cf86dcee0b5d6f2c Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Tue, 24 May 2022 18:28:11 -0400 Subject: [PATCH 13/13] install: Retrieve the correct action configuration from local path Signed-off-by: Stephen Augustus --- install/install.go | 40 +++++++++++++++++++++++++------------- install/options/options.go | 24 +++++++++++++++++++++-- 2 files changed, 48 insertions(+), 16 deletions(-) diff --git a/install/install.go b/install/install.go index 4c935936..b44e279b 100644 --- a/install/install.go +++ b/install/install.go @@ -28,12 +28,22 @@ import ( "github.com/ossf/scorecard-action/install/options" ) -const workflowFile = ".github/workflows/scorecards-analysis.yml" +const ( + workflowFile = ".github/workflows/scorecards.yml" + workflowFileDeprecated = ".github/workflows/scorecards-analysis.yml" +) + +var workflowFiles = []string{ + workflowFile, + workflowFileDeprecated, +} // Run adds the OpenSSF Scorecard workflow to all repositories under the given // organization. // TODO(install): Improve description. // TODO(install): Accept a context instead of setting one. +//nolint:gocognit +// TODO(lint): cognitive complexity 31 of func `Run` is high (> 30) (gocognit). func Run(o *options.Options) error { err := o.Validate() if err != nil { @@ -59,7 +69,7 @@ func Run(o *options.Options) error { } // Get yml file into byte array. - workflowContent, err := ioutil.ReadFile("scorecards-analysis.yml") + workflowContent, err := ioutil.ReadFile(o.ConfigPath) if err != nil { return fmt.Errorf("reading scorecard workflow file: %w", err) } @@ -101,20 +111,22 @@ func Run(o *options.Options) error { defaultBranchSHA := defaultBranch.Commit.SHA // Skip if scorecard file already exists in workflows folder. - scoreFileContent, _, _, err := client.GetContents( - ctx, - o.Owner, - repoName, - workflowFile, - &github.RepositoryContentGetOptions{}, - ) - if scoreFileContent != nil || err == nil { - log.Printf( - "skipped repo (%s) since scorecard workflow already exists", + for _, f := range workflowFiles { + scoreFileContent, _, _, err := client.GetContents( + ctx, + o.Owner, repoName, + f, + &github.RepositoryContentGetOptions{}, ) - - continue + if scoreFileContent != nil || err == nil { + log.Printf( + "skipped repo (%s) since scorecard workflow already exists", + repoName, + ) + + continue + } } // Skip if branch scorecard already exists. diff --git a/install/options/options.go b/install/options/options.go index 0d8c0bc6..e402e3ce 100644 --- a/install/options/options.go +++ b/install/options/options.go @@ -16,12 +16,24 @@ package options -import "errors" +import ( + "errors" + "path/filepath" +) + +const ( + configDir = "starter-workflows/code-scanning" + configFilename = "scorecards.yml" +) var errOwnerNotSpecified = errors.New("owner not specified") // Options are installation options for the scorecard action. type Options struct { + // Scorecard GitHub Action configuration path + ConfigPath string + + // GitHub org/repo owner Owner string // Repositories @@ -30,7 +42,9 @@ type Options struct { // New creates a new instance of installation options. func New() *Options { - return &Options{} + opts := &Options{} + opts.ConfigPath = GetConfigPath() + return opts } // Validate checks if the installation options specified are valid. @@ -41,3 +55,9 @@ func (o *Options) Validate() error { return nil } + +// GetConfigPath returns the local path for the scorecard action config file. +// TODO: Consider making this configurable. +func GetConfigPath() string { + return filepath.Join(configDir, configFilename) +}