🐛 Dependency-Update-Tool: ignore search commit data for repo clients …

…which dont support it (#3756)

The primary data is the configuration files and the search commit data
is just extra, so better to return some data than no data in this case.

Signed-off-by: Spencer Schrock <[email protected]>

checks/dependency_update_tool_test.go

@@ -162,3 +162,21 @@ func TestDependencyUpdateTool(t *testing.T) {
 		})
 	}
 }
+
+func TestDependencyUpdateTool_noSearchCommits(t *testing.T) {
+	t.Parallel()
+	ctrl := gomock.NewController(t)
+	mockRepo := mockrepo.NewMockRepoClient(ctrl)
+	files := []string{"README.md"}
+	mockRepo.EXPECT().ListFiles(gomock.Any()).Return(files, nil)
+	mockRepo.EXPECT().SearchCommits(gomock.Any()).Return(nil, clients.ErrUnsupportedFeature)
+	dl := scut.TestDetailLogger{}
+	c := &checker.CheckRequest{
+		RepoClient: mockRepo,
+		Dlogger:    &dl,
+	}
+	got := DependencyUpdateTool(c)
+	if got.Error != nil {
+		t.Errorf("got: %v, wanted ErrUnsupportedFeature not to propagate", got.Error)
+	}
+}

checks/raw/dependency_update_tool.go

@@ -15,6 +15,7 @@
 package raw
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 
@@ -42,7 +43,13 @@ func DependencyUpdateTool(c clients.RepoClient) (checker.DependencyUpdateToolDat
 
 	commits, err := c.SearchCommits(clients.SearchCommitsOptions{Author: "dependabot[bot]"})
 	if err != nil {
-		return checker.DependencyUpdateToolData{}, fmt.Errorf("%w", err)
+		// TODO https://github.com/ossf/scorecard/issues/1709
+		// some repo clients (e.g. local) don't currently have the ability to search commits,
+		// but some data is better than none.
+		if errors.Is(err, clients.ErrUnsupportedFeature) {
+			return checker.DependencyUpdateToolData{Tools: tools}, nil
+		}
+		return checker.DependencyUpdateToolData{}, fmt.Errorf("dependabot commit search: %w", err)
 	}
 
 	for i := range commits {