From 69bb742f12a56d223577b4984cf88b43fa56cd7d Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Fri, 29 Dec 2023 09:46:10 -0800 Subject: [PATCH] :bug: Dependency-Update-Tool: ignore search commit data for repo clients which dont support it (#3756) The primary data is the configuration files and the search commit data is just extra, so better to return some data than no data in this case. Signed-off-by: Spencer Schrock --- checks/dependency_update_tool_test.go | 18 ++++++++++++++++++ checks/raw/dependency_update_tool.go | 9 ++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/checks/dependency_update_tool_test.go b/checks/dependency_update_tool_test.go index 05d56cef43f..f46a4d8ab81 100644 --- a/checks/dependency_update_tool_test.go +++ b/checks/dependency_update_tool_test.go @@ -162,3 +162,21 @@ func TestDependencyUpdateTool(t *testing.T) { }) } } + +func TestDependencyUpdateTool_noSearchCommits(t *testing.T) { + t.Parallel() + ctrl := gomock.NewController(t) + mockRepo := mockrepo.NewMockRepoClient(ctrl) + files := []string{"README.md"} + mockRepo.EXPECT().ListFiles(gomock.Any()).Return(files, nil) + mockRepo.EXPECT().SearchCommits(gomock.Any()).Return(nil, clients.ErrUnsupportedFeature) + dl := scut.TestDetailLogger{} + c := &checker.CheckRequest{ + RepoClient: mockRepo, + Dlogger: &dl, + } + got := DependencyUpdateTool(c) + if got.Error != nil { + t.Errorf("got: %v, wanted ErrUnsupportedFeature not to propagate", got.Error) + } +} diff --git a/checks/raw/dependency_update_tool.go b/checks/raw/dependency_update_tool.go index effeef2891f..63b262c70a1 100644 --- a/checks/raw/dependency_update_tool.go +++ b/checks/raw/dependency_update_tool.go @@ -15,6 +15,7 @@ package raw import ( + "errors" "fmt" "strings" @@ -42,7 +43,13 @@ func DependencyUpdateTool(c clients.RepoClient) (checker.DependencyUpdateToolDat commits, err := c.SearchCommits(clients.SearchCommitsOptions{Author: "dependabot[bot]"}) if err != nil { - return checker.DependencyUpdateToolData{}, fmt.Errorf("%w", err) + // TODO https://github.com/ossf/scorecard/issues/1709 + // some repo clients (e.g. local) don't currently have the ability to search commits, + // but some data is better than none. + if errors.Is(err, clients.ErrUnsupportedFeature) { + return checker.DependencyUpdateToolData{Tools: tools}, nil + } + return checker.DependencyUpdateToolData{}, fmt.Errorf("dependabot commit search: %w", err) } for i := range commits {