From 67f070f73c31fb38684774729bbd3501b2b462c5 Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Fri, 5 Nov 2021 20:14:54 -0700 Subject: [PATCH] remove action (#1223) --- actions/Dockerfile | 37 -------------------- actions/entrypoint.sh | 43 ----------------------- actions/policies/template.yml | 64 ----------------------------------- 3 files changed, 144 deletions(-) delete mode 100644 actions/Dockerfile delete mode 100755 actions/entrypoint.sh delete mode 100644 actions/policies/template.yml diff --git a/actions/Dockerfile b/actions/Dockerfile deleted file mode 100644 index 3ec4c75bac2..00000000000 --- a/actions/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2021 Security Scorecard Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Testing: docker run -e INPUT_SARIF_FILE=results.sarif -e GITHUB_WORKSPACE=/ -e INPUT_POLICY_FILE="/policy.yml" -e INPUT_REPO_TOKEN=$GITHUB_AUTH_TOKEN -e GITHUB_REPOSITORY="ossf/scorecard" laurentsimon/scorecard-action:latest - -# Use scorecard's official Docker image as base. -ARG DOCKER_SHA -FROM gcr.io/openssf/scorecard@sha256:${DOCKER_SHA} as base - -# Build our image and update the root certs. -# TODO: use distroless. -FROM debian:9.5-slim -RUN apt-get update && \ - apt-get install -y --no-install-recommends jq ca-certificates - -# Copy the scorecard binary from the official scorecard image. -COPY --from=base /scorecard /scorecard - -# Copy a test policy for local testing. -COPY actions/policies/template.yml /policy.yml - -# Our entry point. -# Note: the file is executable in the repo -# and permission carry over to the image. -ADD actions/entrypoint.sh /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] diff --git a/actions/entrypoint.sh b/actions/entrypoint.sh deleted file mode 100755 index 28f20f283b1..00000000000 --- a/actions/entrypoint.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -# Copyright 2021 Security Scorecard Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -euo pipefail - -# https://docs.github.com/en/actions/learn-github-actions/environment-variables -# GITHUB_EVENT_PATH contains the json file for the event. -# GITHUB_SHA contains the commit hash. -# GITHUB_WORKSPACE contains the repo folder. -# GITHUB_EVENT_NAME contains the event name. -# GITHUB_ACTIONS is true in GitHub env. - -export GITHUB_AUTH_TOKEN="$INPUT_REPO_TOKEN" -export SCORECARD_V4=1 -export SCORECARD_POLICY_FILE="$INPUT_POLICY_FILE" -export SCORECARD_SARIF_FILE="$INPUT_SARIF_FILE" - -# Note: this will fail if we push to a branch on the same repo, so it will show as failing -# on forked repos. -if [[ "$GITHUB_EVENT_NAME" != "pull_request"* ]] && ! [[ "$GITHUB_REF" =~ ^refs/heads/(main|master)$ ]]; then - echo "$GITHUB_REF not supported with '$GITHUB_EVENT_NAME' event." - echo "Only the default branch is supported" - exit 1 -fi - -# It's important to change directories here, to ensure -# the files in SARIF start at the source of the repo. -# This allows GitHub to highlight the file. -cd "$GITHUB_WORKSPACE" -/scorecard --repo="$GITHUB_REPOSITORY" --format sarif --show-details --policy="$SCORECARD_POLICY_FILE" > "$SCORECARD_SARIF_FILE" -jq '.' "$SCORECARD_SARIF_FILE" diff --git a/actions/policies/template.yml b/actions/policies/template.yml deleted file mode 100644 index 5dd96837a11..00000000000 --- a/actions/policies/template.yml +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright 2021 Security Scorecard Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -version: 1 -policies: - Token-Permissions: - score: 10 - mode: enforced - Branch-Protection: - score: 10 - mode: enforced - Code-Review: - score: 10 - mode: enforced - Pinned-Dependencies: - score: 10 - mode: enforced - Security-Policy: - score: 10 - mode: enforced - SAST: - score: 10 - mode: enforced - Contributors: - score: 10 - mode: enforced - Packaging: - score: 10 - mode: enforced - Binary-Artifacts: - score: 10 - mode: enforced - Signed-Releases: - score: 10 - mode: enforced - Dependency-Update-Tool: - score: 10 - mode: enforced - Fuzzing: - score: 10 - mode: enforced - CII-Best-Practices: - score: 10 - mode: enforced - Vulnerabilities: - score: 10 - mode: enforced - CI-Tests: - score: 10 - mode: enforced - Maintained: - score: 10 - mode: enforced \ No newline at end of file