diff --git a/checks/binary_artifact_test.go b/checks/binary_artifact_test.go index 3fe8a86efe3d..3146d8f9cc63 100644 --- a/checks/binary_artifact_test.go +++ b/checks/binary_artifact_test.go @@ -22,6 +22,7 @@ import ( "github.com/golang/mock/gomock" "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/localdir" "github.com/ossf/scorecard/v4/log" scut "github.com/ossf/scorecard/v4/utests" @@ -72,7 +73,7 @@ func TestBinaryArtifacts(t *testing.T) { ctx := context.Background() client := localdir.CreateLocalDirClient(ctx, logger) - if err := client.InitRepo(repo, "HEAD"); err != nil { + if err := client.InitRepo(repo, clients.HeadSHA); err != nil { t.Errorf("InitRepo: %v", err) } diff --git a/checks/license_test.go b/checks/license_test.go index 260e3f4a6d14..d778bf15398f 100644 --- a/checks/license_test.go +++ b/checks/license_test.go @@ -22,6 +22,7 @@ import ( "github.com/golang/mock/gomock" "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/localdir" "github.com/ossf/scorecard/v4/log" scut "github.com/ossf/scorecard/v4/utests" @@ -154,7 +155,7 @@ func TestLicenseFileSubdirectory(t *testing.T) { ctx := context.Background() client := localdir.CreateLocalDirClient(ctx, logger) - if err := client.InitRepo(repo, "HEAD"); err != nil { + if err := client.InitRepo(repo, clients.HeadSHA); err != nil { t.Errorf("InitRepo: %v", err) } diff --git a/checks/raw/security_policy.go b/checks/raw/security_policy.go index 6d43bfebcb89..c5f66d5d1c83 100644 --- a/checks/raw/security_policy.go +++ b/checks/raw/security_policy.go @@ -20,6 +20,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks/fileparser" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" sce "github.com/ossf/scorecard/v4/errors" "github.com/ossf/scorecard/v4/log" @@ -80,7 +81,7 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error) Repo: c.Repo.Org(), } - err = dotGitHub.RepoClient.InitRepo(dotGitHub.Repo, "HEAD") + err = dotGitHub.RepoClient.InitRepo(dotGitHub.Repo, clients.HeadSHA) switch { case err == nil: defer dotGitHub.RepoClient.Close() diff --git a/checks/sast.go b/checks/sast.go index dedc16251a15..35237adf5b61 100644 --- a/checks/sast.go +++ b/checks/sast.go @@ -31,7 +31,6 @@ var allowedConclusions = map[string]bool{"success": true, "neutral": true} //nolint:gochecknoinits func init() { - // TODO(#575): Check if we can support commit-based requests here. if err := registerCheck(CheckSAST, SAST, nil); err != nil { // This should never happen. panic(err) diff --git a/clients/githubrepo/branches.go b/clients/githubrepo/branches.go index 8609dab6a2fb..4bb7eba8324c 100644 --- a/clients/githubrepo/branches.go +++ b/clients/githubrepo/branches.go @@ -17,6 +17,7 @@ package githubrepo import ( "context" "fmt" + "strings" "sync" "github.com/google/go-github/v38/github" @@ -113,31 +114,34 @@ type branchesHandler struct { once *sync.Once ctx context.Context errSetup error - owner string - repo string + repourl *repoURL defaultBranchRef *clients.BranchRef branches []*clients.BranchRef } -func (handler *branchesHandler) init(ctx context.Context, owner, repo string) { +func (handler *branchesHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx - handler.owner = owner - handler.repo = repo + handler.repourl = repourl handler.errSetup = nil handler.once = new(sync.Once) } func (handler *branchesHandler) setup() error { handler.once.Do(func() { + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + handler.errSetup = fmt.Errorf("%w: branches only supported for HEAD queries", clients.ErrUnsupportedFeature) + return + } vars := map[string]interface{}{ - "owner": githubv4.String(handler.owner), - "name": githubv4.String(handler.repo), + "owner": githubv4.String(handler.repourl.owner), + "name": githubv4.String(handler.repourl.repo), "refsToAnalyze": githubv4.Int(refsToAnalyze), "refPrefix": githubv4.String(refPrefix), } handler.data = new(branchesData) if err := handler.graphClient.Query(handler.ctx, handler.data, vars); err != nil { handler.errSetup = sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("githubv4.Query: %v", err)) + return } handler.defaultBranchRef = getBranchRefFrom(handler.data.Repository.DefaultBranchRef) handler.branches = getBranchRefsFrom(handler.data.Repository.Refs.Nodes, handler.defaultBranchRef) diff --git a/clients/githubrepo/checkruns.go b/clients/githubrepo/checkruns.go index 42e75ab50a4f..741429de27aa 100644 --- a/clients/githubrepo/checkruns.go +++ b/clients/githubrepo/checkruns.go @@ -17,6 +17,7 @@ package githubrepo import ( "context" "fmt" + "strings" "github.com/google/go-github/v38/github" @@ -25,21 +26,22 @@ import ( ) type checkrunsHandler struct { - client *github.Client - ctx context.Context - owner string - repo string + client *github.Client + ctx context.Context + repourl *repoURL } -func (handler *checkrunsHandler) init(ctx context.Context, owner, repo string) { +func (handler *checkrunsHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx - handler.owner = owner - handler.repo = repo + handler.repourl = repourl } func (handler *checkrunsHandler) listCheckRunsForRef(ref string) ([]clients.CheckRun, error) { - checkRuns, _, err := handler.client.Checks.ListCheckRunsForRef(handler.ctx, handler.owner, handler.repo, ref, - &github.ListCheckRunsOptions{}) + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + return nil, fmt.Errorf("%w: ListCheckRuns only supported for HEAD queries", clients.ErrUnsupportedFeature) + } + checkRuns, _, err := handler.client.Checks.ListCheckRunsForRef( + handler.ctx, handler.repourl.owner, handler.repourl.repo, ref, &github.ListCheckRunsOptions{}) if err != nil { return nil, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("ListCheckRunsForRef: %v", err)) } diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 18bd83610dda..6b380bf694ec 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -34,8 +34,7 @@ var errInputRepoType = errors.New("input repo should be of type repoURL") // Client is GitHub-specific implementation of RepoClient. type Client struct { - owner string - repoName string + repourl *repoURL repo *github.Repository repoClient *github.Client graphClient *graphqlHandler @@ -62,9 +61,14 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error { if err != nil { return sce.WithMessage(sce.ErrRepoUnreachable, err.Error()) } + client.repo = repo - client.owner = repo.Owner.GetLogin() - client.repoName = repo.GetName() + client.repourl = &repoURL{ + owner: repo.Owner.GetLogin(), + repo: repo.GetName(), + defaultBranch: repo.GetDefaultBranch(), + commitSHA: commitSHA, + } // Init tarballHandler. if err := client.tarball.init(client.ctx, client.repo, commitSHA); err != nil { @@ -72,36 +76,35 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error { } // Setup GraphQL. - client.graphClient.init(client.ctx, client.owner, client.repoName, - client.repo.GetDefaultBranch(), commitSHA) + client.graphClient.init(client.ctx, client.repourl) // Setup contributorsHandler. - client.contributors.init(client.ctx, client.owner, client.repoName) + client.contributors.init(client.ctx, client.repourl) // Setup branchesHandler. - client.branches.init(client.ctx, client.owner, client.repoName) + client.branches.init(client.ctx, client.repourl) // Setup releasesHandler. - client.releases.init(client.ctx, client.owner, client.repoName) + client.releases.init(client.ctx, client.repourl) // Setup workflowsHandler. - client.workflows.init(client.ctx, client.owner, client.repoName) + client.workflows.init(client.ctx, client.repourl) // Setup checkrunsHandler. - client.checkruns.init(client.ctx, client.owner, client.repoName) + client.checkruns.init(client.ctx, client.repourl) // Setup statusesHandler. - client.statuses.init(client.ctx, client.owner, client.repoName) + client.statuses.init(client.ctx, client.repourl) // Setup searchHandler. - client.search.init(client.ctx, client.owner, client.repoName) + client.search.init(client.ctx, client.repourl) return nil } // URI implements RepoClient.URI. func (client *Client) URI() string { - return fmt.Sprintf("github.com/%s/%s", client.owner, client.repoName) + return fmt.Sprintf("github.com/%s/%s", client.repourl.owner, client.repourl.repo) } // ListFiles implements RepoClient.ListFiles. @@ -224,7 +227,7 @@ func CreateOssFuzzRepoClient(ctx context.Context, logger *log.Logger) (clients.R } ossFuzzRepoClient := CreateGithubRepoClient(ctx, logger) - if err := ossFuzzRepoClient.InitRepo(ossFuzzRepo, "HEAD"); err != nil { + if err := ossFuzzRepoClient.InitRepo(ossFuzzRepo, clients.HeadSHA); err != nil { return nil, fmt.Errorf("error during InitRepo: %w", err) } return ossFuzzRepoClient, nil diff --git a/clients/githubrepo/contributors.go b/clients/githubrepo/contributors.go index 780ca0831a40..8f7a05199353 100644 --- a/clients/githubrepo/contributors.go +++ b/clients/githubrepo/contributors.go @@ -17,6 +17,7 @@ package githubrepo import ( "context" "fmt" + "strings" "sync" "github.com/google/go-github/v38/github" @@ -29,25 +30,28 @@ type contributorsHandler struct { once *sync.Once ctx context.Context errSetup error - owner string - repo string + repourl *repoURL contributors []clients.Contributor } -func (handler *contributorsHandler) init(ctx context.Context, owner, repo string) { +func (handler *contributorsHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx - handler.owner = owner - handler.repo = repo + handler.repourl = repourl handler.errSetup = nil handler.once = new(sync.Once) } func (handler *contributorsHandler) setup() error { handler.once.Do(func() { + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + handler.errSetup = fmt.Errorf("%w: ListContributors only supported for HEAD queries", clients.ErrUnsupportedFeature) + return + } contribs, _, err := handler.ghClient.Repositories.ListContributors( - handler.ctx, handler.owner, handler.repo, &github.ListContributorsOptions{}) + handler.ctx, handler.repourl.owner, handler.repourl.repo, &github.ListContributorsOptions{}) if err != nil { handler.errSetup = fmt.Errorf("error during ListContributors: %w", err) + return } for _, contrib := range contribs { diff --git a/clients/githubrepo/graphql.go b/clients/githubrepo/graphql.go index 5599f491dcd3..cb14446e5148 100644 --- a/clients/githubrepo/graphql.go +++ b/clients/githubrepo/graphql.go @@ -114,26 +114,20 @@ type graphqlData struct { } type graphqlHandler struct { - client *githubv4.Client - data *graphqlData - once *sync.Once - ctx context.Context - errSetup error - owner string - repo string - defaultBranch string - commitSHA string - commits []clients.Commit - issues []clients.Issue - archived bool + client *githubv4.Client + data *graphqlData + once *sync.Once + ctx context.Context + errSetup error + repourl *repoURL + commits []clients.Commit + issues []clients.Issue + archived bool } -func (handler *graphqlHandler) init(ctx context.Context, owner, repo, defaultBranch, commitSHA string) { +func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx - handler.owner = owner - handler.repo = repo - handler.defaultBranch = defaultBranch - handler.commitSHA = commitSHA + handler.repourl = repourl handler.data = new(graphqlData) handler.errSetup = nil handler.once = new(sync.Once) @@ -141,15 +135,15 @@ func (handler *graphqlHandler) init(ctx context.Context, owner, repo, defaultBra func (handler *graphqlHandler) setup() error { handler.once.Do(func() { - commitExpression := handler.commitSHA - if strings.EqualFold(handler.commitSHA, "HEAD") { + commitExpression := handler.repourl.commitSHA + if strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { // TODO(#575): Confirm that this works as expected. - commitExpression = fmt.Sprintf("heads/%s", handler.defaultBranch) + commitExpression = fmt.Sprintf("heads/%s", handler.repourl.defaultBranch) } vars := map[string]interface{}{ - "owner": githubv4.String(handler.owner), - "name": githubv4.String(handler.repo), + "owner": githubv4.String(handler.repourl.owner), + "name": githubv4.String(handler.repourl.repo), "pullRequestsToAnalyze": githubv4.Int(pullRequestsToAnalyze), "issuesToAnalyze": githubv4.Int(issuesToAnalyze), "issueCommentsToAnalyze": githubv4.Int(issueCommentsToAnalyze), @@ -163,7 +157,7 @@ func (handler *graphqlHandler) setup() error { return } handler.archived = bool(handler.data.Repository.IsArchived) - handler.commits, handler.errSetup = commitsFrom(handler.data, handler.owner, handler.repo) + handler.commits, handler.errSetup = commitsFrom(handler.data, handler.repourl.owner, handler.repourl.repo) if handler.errSetup != nil { return } @@ -180,6 +174,9 @@ func (handler *graphqlHandler) getCommits() ([]clients.Commit, error) { } func (handler *graphqlHandler) getIssues() ([]clients.Issue, error) { + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + return nil, fmt.Errorf("%w: ListIssues only supported for HEAD queries", clients.ErrUnsupportedFeature) + } if err := handler.setup(); err != nil { return nil, fmt.Errorf("error during graphqlHandler.setup: %w", err) } @@ -187,6 +184,9 @@ func (handler *graphqlHandler) getIssues() ([]clients.Issue, error) { } func (handler *graphqlHandler) isArchived() (bool, error) { + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + return false, fmt.Errorf("%w: IsArchived only supported for HEAD queries", clients.ErrUnsupportedFeature) + } if err := handler.setup(); err != nil { return false, fmt.Errorf("error during graphqlHandler.setup: %w", err) } diff --git a/clients/githubrepo/releases.go b/clients/githubrepo/releases.go index 58dea44252a0..ab9bef8b2683 100644 --- a/clients/githubrepo/releases.go +++ b/clients/githubrepo/releases.go @@ -17,6 +17,7 @@ package githubrepo import ( "context" "fmt" + "strings" "sync" "github.com/google/go-github/v38/github" @@ -30,23 +31,25 @@ type releasesHandler struct { once *sync.Once ctx context.Context errSetup error - owner string - repo string + repourl *repoURL releases []clients.Release } -func (handler *releasesHandler) init(ctx context.Context, owner, repo string) { +func (handler *releasesHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx - handler.owner = owner - handler.repo = repo + handler.repourl = repourl handler.errSetup = nil handler.once = new(sync.Once) } func (handler *releasesHandler) setup() error { handler.once.Do(func() { + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + handler.errSetup = fmt.Errorf("%w: ListReleases only supported for HEAD queries", clients.ErrUnsupportedFeature) + return + } releases, _, err := handler.client.Repositories.ListReleases( - handler.ctx, handler.owner, handler.repo, &github.ListOptions{}) + handler.ctx, handler.repourl.owner, handler.repourl.repo, &github.ListOptions{}) if err != nil { handler.errSetup = sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("githubv4.Query: %v", err)) } diff --git a/clients/githubrepo/repo.go b/clients/githubrepo/repo.go index bbc78283dcb3..9dcade71e8df 100644 --- a/clients/githubrepo/repo.go +++ b/clients/githubrepo/repo.go @@ -28,8 +28,8 @@ const ( ) type repoURL struct { - host, owner, repo string - metadata []string + host, owner, repo, defaultBranch, commitSHA string + metadata []string } // Parses input string into repoURL struct. diff --git a/clients/githubrepo/search.go b/clients/githubrepo/search.go index 72f88f7d4201..bf766424bebd 100644 --- a/clients/githubrepo/search.go +++ b/clients/githubrepo/search.go @@ -30,17 +30,19 @@ var errEmptyQuery = errors.New("search query is empty") type searchHandler struct { ghClient *github.Client ctx context.Context - owner string - repo string + repourl *repoURL } -func (handler *searchHandler) init(ctx context.Context, owner, repo string) { +func (handler *searchHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx - handler.owner = owner - handler.repo = repo + handler.repourl = repourl } func (handler *searchHandler) search(request clients.SearchRequest) (clients.SearchResponse, error) { + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + return clients.SearchResponse{}, fmt.Errorf( + "%w: Search only supported for HEAD queries", clients.ErrUnsupportedFeature) + } query, err := handler.buildQuery(request) if err != nil { return clients.SearchResponse{}, fmt.Errorf("handler.buildQuery: %w", err) @@ -63,7 +65,9 @@ func (handler *searchHandler) buildQuery(request clients.SearchRequest) (string, // that should be replaced with a space. // See https://docs.github.com/en/search-github/searching-on-github/searching-code#considerations-for-code-search // for reference. - fmt.Sprintf("%s repo:%s/%s", strings.ReplaceAll(request.Query, "/", " "), handler.owner, handler.repo)); err != nil { + fmt.Sprintf("%s repo:%s/%s", + strings.ReplaceAll(request.Query, "/", " "), + handler.repourl.owner, handler.repourl.repo)); err != nil { return "", fmt.Errorf("WriteString: %w", err) } if request.Filename != "" { diff --git a/clients/githubrepo/search_test.go b/clients/githubrepo/search_test.go index 38e0bef2ac2c..d7c41782b1b2 100644 --- a/clients/githubrepo/search_test.go +++ b/clients/githubrepo/search_test.go @@ -27,32 +27,37 @@ func TestBuildQuery(t *testing.T) { searchReq clients.SearchRequest expectedErrType error name string - owner string - repo string + repourl *repoURL expectedQuery string hasError bool }{ { - name: "Basic", - owner: "testowner", - repo: "testrepo", + name: "Basic", + repourl: &repoURL{ + owner: "testowner", + repo: "testrepo", + }, searchReq: clients.SearchRequest{ Query: "testquery", }, expectedQuery: "testquery repo:testowner/testrepo", }, { - name: "EmptyQuery", - owner: "testowner", - repo: "testrepo", + name: "EmptyQuery", + repourl: &repoURL{ + owner: "testowner", + repo: "testrepo", + }, searchReq: clients.SearchRequest{}, hasError: true, expectedErrType: errEmptyQuery, }, { - name: "WithFilename", - owner: "testowner", - repo: "testrepo", + name: "WithFilename", + repourl: &repoURL{ + owner: "testowner", + repo: "testrepo", + }, searchReq: clients.SearchRequest{ Query: "testquery", Filename: "filename1.txt", @@ -60,9 +65,11 @@ func TestBuildQuery(t *testing.T) { expectedQuery: "testquery repo:testowner/testrepo in:file filename:filename1.txt", }, { - name: "WithPath", - owner: "testowner", - repo: "testrepo", + name: "WithPath", + repourl: &repoURL{ + owner: "testowner", + repo: "testrepo", + }, searchReq: clients.SearchRequest{ Query: "testquery", Path: "dir1/file1.txt", @@ -70,9 +77,11 @@ func TestBuildQuery(t *testing.T) { expectedQuery: "testquery repo:testowner/testrepo path:dir1/file1.txt", }, { - name: "WithFilenameAndPath", - owner: "testowner", - repo: "testrepo", + name: "WithFilenameAndPath", + repourl: &repoURL{ + owner: "testowner", + repo: "testrepo", + }, searchReq: clients.SearchRequest{ Query: "testquery", Filename: "filename1.txt", @@ -81,9 +90,11 @@ func TestBuildQuery(t *testing.T) { expectedQuery: "testquery repo:testowner/testrepo in:file filename:filename1.txt path:dir1/dir2", }, { - name: "WithFilenameAndPathWithSeparator", - owner: "testowner", - repo: "testrepo", + name: "WithFilenameAndPathWithSeparator", + repourl: &repoURL{ + owner: "testowner", + repo: "testrepo", + }, searchReq: clients.SearchRequest{ Query: "testquery/query", Filename: "filename1.txt", @@ -99,8 +110,7 @@ func TestBuildQuery(t *testing.T) { t.Parallel() handler := searchHandler{ - owner: testcase.owner, - repo: testcase.repo, + repourl: testcase.repourl, } query, err := handler.buildQuery(testcase.searchReq) diff --git a/clients/githubrepo/statuses.go b/clients/githubrepo/statuses.go index 1e4f7a86b51a..fc5950417813 100644 --- a/clients/githubrepo/statuses.go +++ b/clients/githubrepo/statuses.go @@ -17,6 +17,7 @@ package githubrepo import ( "context" "fmt" + "strings" "github.com/google/go-github/v38/github" @@ -25,21 +26,22 @@ import ( ) type statusesHandler struct { - client *github.Client - ctx context.Context - owner string - repo string + client *github.Client + ctx context.Context + repourl *repoURL } -func (handler *statusesHandler) init(ctx context.Context, owner, repo string) { +func (handler *statusesHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx - handler.owner = owner - handler.repo = repo + handler.repourl = repourl } func (handler *statusesHandler) listStatuses(ref string) ([]clients.Status, error) { - statuses, _, err := handler.client.Repositories.ListStatuses(handler.ctx, handler.owner, handler.repo, ref, - &github.ListOptions{}) + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + return nil, fmt.Errorf("%w: ListStatuses only supported for HEAD queries", clients.ErrUnsupportedFeature) + } + statuses, _, err := handler.client.Repositories.ListStatuses( + handler.ctx, handler.repourl.owner, handler.repourl.repo, ref, &github.ListOptions{}) if err != nil { return nil, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("ListStatuses: %v", err)) } diff --git a/clients/githubrepo/tarball.go b/clients/githubrepo/tarball.go index 182a2dada566..a3f3f5301d03 100644 --- a/clients/githubrepo/tarball.go +++ b/clients/githubrepo/tarball.go @@ -29,6 +29,7 @@ import ( "github.com/google/go-github/v38/github" + "github.com/ossf/scorecard/v4/clients" sce "github.com/ossf/scorecard/v4/errors" ) @@ -96,7 +97,7 @@ func (handler *tarballHandler) init(ctx context.Context, repo *github.Repository func (handler *tarballHandler) getTarball(ctx context.Context, repo *github.Repository, commitSHA string) error { url := repo.GetArchiveURL() url = strings.Replace(url, "{archive_format}", "tarball/", 1) - if strings.EqualFold(commitSHA, "HEAD") { + if strings.EqualFold(commitSHA, clients.HeadSHA) { url = strings.Replace(url, "{/ref}", "", 1) } else { url = strings.Replace(url, "{/ref}", commitSHA, 1) diff --git a/clients/githubrepo/workflows.go b/clients/githubrepo/workflows.go index 9211fdf890e8..aa9884a67646 100644 --- a/clients/githubrepo/workflows.go +++ b/clients/githubrepo/workflows.go @@ -17,6 +17,7 @@ package githubrepo import ( "context" "fmt" + "strings" "github.com/google/go-github/v38/github" @@ -25,21 +26,23 @@ import ( ) type workflowsHandler struct { - client *github.Client - ctx context.Context - owner string - repo string + client *github.Client + ctx context.Context + repourl *repoURL } -func (handler *workflowsHandler) init(ctx context.Context, owner, repo string) { +func (handler *workflowsHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx - handler.owner = owner - handler.repo = repo + handler.repourl = repourl } func (handler *workflowsHandler) listSuccessfulWorkflowRuns(filename string) ([]clients.WorkflowRun, error) { + if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) { + return nil, fmt.Errorf( + "%w: ListWorkflowRunsByFileName only supported for HEAD queries", clients.ErrUnsupportedFeature) + } workflowRuns, _, err := handler.client.Actions.ListWorkflowRunsByFileName( - handler.ctx, handler.owner, handler.repo, filename, &github.ListWorkflowRunsOptions{ + handler.ctx, handler.repourl.owner, handler.repourl.repo, filename, &github.ListWorkflowRunsOptions{ Status: "success", }) if err != nil { diff --git a/clients/localdir/client_test.go b/clients/localdir/client_test.go index 0a3b786f4564..233bef5a8d01 100644 --- a/clients/localdir/client_test.go +++ b/clients/localdir/client_test.go @@ -24,6 +24,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/log" ) @@ -75,7 +76,7 @@ func TestClient_CreationAndCaching(t *testing.T) { } client := CreateLocalDirClient(ctx, logger) - if err := client.InitRepo(repo, "HEAD"); err != nil { + if err := client.InitRepo(repo, clients.HeadSHA); err != nil { t.Errorf("InitRepo: %v", err) } diff --git a/clients/repo_client.go b/clients/repo_client.go index 71eeec343bf1..6b2e88904a3f 100644 --- a/clients/repo_client.go +++ b/clients/repo_client.go @@ -20,6 +20,9 @@ import "errors" // ErrUnsupportedFeature indicates an API that is not supported by the client. var ErrUnsupportedFeature = errors.New("unsupported feature") +// HeadSHA is default commitSHA value used to denote git HEAD. +const HeadSHA = "HEAD" + // RepoClient interface is used by Scorecard checks to access a repo. type RepoClient interface { InitRepo(repo Repo, commitSHA string) error diff --git a/cmd/root.go b/cmd/root.go index 9da8acdab77a..8cc513a21bb6 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -63,7 +63,7 @@ var rootCmd = &cobra.Command{ func init() { rootCmd.Flags().StringVar(&flagRepo, "repo", "", "repository to check") rootCmd.Flags().StringVar(&flagLocal, "local", "", "local folder to check") - rootCmd.Flags().StringVar(&flagCommit, "commit", "HEAD", "commit to analyze") + rootCmd.Flags().StringVar(&flagCommit, "commit", clients.HeadSHA, "commit to analyze") rootCmd.Flags().StringVar( &flagLogLevel, "verbosity", @@ -148,7 +148,7 @@ func scorecardCmd(cmd *cobra.Command, args []string) { if flagLocal != "" { requiredRequestTypes = append(requiredRequestTypes, checker.FileBased) } - if !strings.EqualFold(flagCommit, "HEAD") { + if !strings.EqualFold(flagCommit, clients.HeadSHA) { requiredRequestTypes = append(requiredRequestTypes, checker.CommitBased) } enabledChecks, err := getEnabledChecks(policy, flagChecksToRun, requiredRequestTypes) @@ -225,7 +225,7 @@ func validateCmdFlags() { if flagFormat == formatRaw { log.Panic("raw option not supported yet") } - if flagCommit != "HEAD" { + if flagCommit != clients.HeadSHA { log.Panic("--commit option not supported yet") } } diff --git a/cmd/serve.go b/cmd/serve.go index ffb6b7f263a7..b9a73761ae3a 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -70,7 +70,8 @@ var serveCmd = &cobra.Command{ } defer ossFuzzRepoClient.Close() ciiClient := clients.DefaultCIIBestPracticesClient() - repoResult, err := pkg.RunScorecards(ctx, repo, "HEAD" /*commitSHA*/, false /*raw*/, checks.AllChecks, repoClient, + repoResult, err := pkg.RunScorecards( + ctx, repo, clients.HeadSHA /*commitSHA*/, false /*raw*/, checks.AllChecks, repoClient, ossFuzzRepoClient, ciiClient, vulnsClient) if err != nil { logger.Error(err, "running enabled scorecard checks on repo") diff --git a/cron/worker/main.go b/cron/worker/main.go index eefefae096f7..f857ec1dd0bd 100644 --- a/cron/worker/main.go +++ b/cron/worker/main.go @@ -85,7 +85,7 @@ func processRequest(ctx context.Context, continue } repo.AppendMetadata(repo.Metadata()...) - result, err := pkg.RunScorecards(ctx, repo, "HEAD" /*commitSHA*/, false /*raw*/, checksToRun, + result, err := pkg.RunScorecards(ctx, repo, clients.HeadSHA /*commitSHA*/, false /*raw*/, checksToRun, repoClient, ossFuzzRepoClient, ciiClient, vulnsClient) if errors.Is(err, sce.ErrRepoUnreachable) { // Not accessible repo - continue. diff --git a/e2e/binary_artifacts_test.go b/e2e/binary_artifacts_test.go index 3c368b4d73f5..9c86b96e2560 100644 --- a/e2e/binary_artifacts_test.go +++ b/e2e/binary_artifacts_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -35,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -61,7 +62,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-binary-artifacts-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -123,7 +124,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-binary-artifacts-e2e-4-binaries") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/branch_protection_test.go b/e2e/branch_protection_test.go index 1c04c2685261..ec2920cbc3c8 100644 --- a/e2e/branch_protection_test.go +++ b/e2e/branch_protection_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -33,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBranchProtection, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-branch-protection-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -63,7 +64,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBranchProtection, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-branch-protection-e2e-none") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), @@ -93,7 +94,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBranchProtection, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-branch-protection-e2e-patch-1") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index 1eb8f5f1c3d6..cc3f39af6e52 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -33,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index aa7fe63622bf..955f6a8b9306 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -35,7 +36,7 @@ var _ = Describe("E2E TEST:CodeReview", func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/contributors_test.go b/e2e/contributors_test.go index 3db16d310e46..d746565190d3 100644 --- a/e2e/contributors_test.go +++ b/e2e/contributors_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -33,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckContributors, func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/dangerous_workflow_test.go b/e2e/dangerous_workflow_test.go index 668d991278ac..1efcc64b67ec 100644 --- a/e2e/dangerous_workflow_test.go +++ b/e2e/dangerous_workflow_test.go @@ -21,6 +21,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -32,7 +33,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-dangerous-workflow-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/dependency_update_tool_test.go b/e2e/dependency_update_tool_test.go index 928fc7764d09..5920e428f574 100644 --- a/e2e/dependency_update_tool_test.go +++ b/e2e/dependency_update_tool_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -35,7 +36,7 @@ var _ = Describe("E2E TEST:"+checks.CheckDependencyUpdateTool, func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -66,7 +67,7 @@ var _ = Describe("E2E TEST:"+checks.CheckDependencyUpdateTool, func() { repo, err := githubrepo.MakeGithubRepo("netlify/netlify-cms") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/fuzzing_test.go b/e2e/fuzzing_test.go index 8f0f30c30e32..545b0eeecda0 100644 --- a/e2e/fuzzing_test.go +++ b/e2e/fuzzing_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -33,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) Expect(err).Should(BeNil()) @@ -61,7 +62,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-fuzzing-cflite") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) Expect(err).Should(BeNil()) @@ -89,7 +90,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-packaging-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) Expect(err).Should(BeNil()) diff --git a/e2e/license_test.go b/e2e/license_test.go index 59fdc02f3dd9..d19c538063a2 100644 --- a/e2e/license_test.go +++ b/e2e/license_test.go @@ -21,6 +21,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -32,7 +33,7 @@ var _ = Describe("E2E TEST:"+checks.CheckLicense, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-license-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/maintained_test.go b/e2e/maintained_test.go index 44b7a18767e1..11d5d6e8c0b4 100644 --- a/e2e/maintained_test.go +++ b/e2e/maintained_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -33,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckMaintained, func() { repo, err := githubrepo.MakeGithubRepo("apache/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/packaging_test.go b/e2e/packaging_test.go index f3b9d576a5a7..0c876559eb32 100644 --- a/e2e/packaging_test.go +++ b/e2e/packaging_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -33,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPackaging, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-packaging-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/permissions_test.go b/e2e/permissions_test.go index 6d0ec28566cb..59aefc990a94 100644 --- a/e2e/permissions_test.go +++ b/e2e/permissions_test.go @@ -21,6 +21,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -32,7 +33,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-token-permissions-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/pinned_dependencies_test.go b/e2e/pinned_dependencies_test.go index fd2582bdba48..43236cb7631c 100644 --- a/e2e/pinned_dependencies_test.go +++ b/e2e/pinned_dependencies_test.go @@ -21,6 +21,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -34,7 +35,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-pinned-dependencies-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/sast_test.go b/e2e/sast_test.go index 1df8b9957816..947d9175784f 100644 --- a/e2e/sast_test.go +++ b/e2e/sast_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -33,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSAST, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/security_policy_test.go b/e2e/security_policy_test.go index f1c3b450a5c7..bbea2c80886f 100644 --- a/e2e/security_policy_test.go +++ b/e2e/security_policy_test.go @@ -21,6 +21,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -32,7 +33,7 @@ var _ = Describe("E2E TEST:SecurityPolicy", func() { repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -62,7 +63,7 @@ var _ = Describe("E2E TEST:SecurityPolicy", func() { repo, err := githubrepo.MakeGithubRepo("randombit/botan") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ diff --git a/e2e/signedreleases_test.go b/e2e/signedreleases_test.go index 28f7547ae38d..c08c306a169f 100644 --- a/e2e/signedreleases_test.go +++ b/e2e/signedreleases_test.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -33,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSignedReleases, func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-signed-releases-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) req := checker.CheckRequest{ Ctx: context.Background(), diff --git a/e2e/vulnerabilities_test.go b/e2e/vulnerabilities_test.go index 1e9a23b1c0d4..913315a54abf 100644 --- a/e2e/vulnerabilities_test.go +++ b/e2e/vulnerabilities_test.go @@ -33,7 +33,7 @@ var _ = Describe("E2E TEST:Vulnerabilities", func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) dl := scut.TestDetailLogger{} @@ -66,7 +66,7 @@ var _ = Describe("E2E TEST:Vulnerabilities", func() { repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-vulnerabilities-open62541") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "HEAD") + err = repoClient.InitRepo(repo, clients.HeadSHA) Expect(err).Should(BeNil()) dl := scut.TestDetailLogger{}