Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Support Security-Policy with --local #1822

Merged
merged 1 commit into from
Apr 7, 2022
Merged

Conversation

azeemshaikh38
Copy link
Contributor

What kind of change does this PR introduce?

(Is it a bug fix, feature, docs update, something else?)

Add localclient support for Security-Policy check.

What is the current behavior?

What is the new behavior (if this is a feature change)?**

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #1752

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Support `Security-Policy` with `--local`

@azeemshaikh38 azeemshaikh38 enabled auto-merge (squash) April 6, 2022 20:11
@azeemshaikh38 azeemshaikh38 temporarily deployed to integration-test April 6, 2022 20:11 Inactive
@codecov
Copy link

codecov bot commented Apr 6, 2022

Codecov Report

Merging #1822 (196b588) into main (5860896) will increase coverage by 3.07%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1822      +/-   ##
==========================================
+ Coverage   53.53%   56.60%   +3.07%     
==========================================
  Files          73       73              
  Lines        6695     6697       +2     
==========================================
+ Hits         3584     3791     +207     
+ Misses       2865     2654     -211     
- Partials      246      252       +6     

@github-actions
Copy link

github-actions bot commented Apr 6, 2022

Integration tests success for
[196b588]
(https://github.com/ossf/scorecard/actions/runs/2104841586)

Copy link
Contributor

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, does this check support local repos? It's downloading the org repo if it exists, so it would return an error when security file is missing with the --local option, no?

@azeemshaikh38 azeemshaikh38 merged commit a1e908b into main Apr 7, 2022
@azeemshaikh38 azeemshaikh38 deleted the azeems/secpol branch April 7, 2022 01:39
@azeemshaikh38
Copy link
Contributor Author

LGTM, does this check support local repos? It's downloading the org repo if it exists, so it would return an error when security file is missing with the --local option, no?

That was the behavior before this PR. With this PR, it only looks at the org repo if the Repo.Org() != nil and returns a min score otherwise.

@laurentsimon
Copy link
Contributor

laurentsimon commented Apr 7, 2022

I think the problem was introduced in #1822. This PR declared this check as File-based, even though the checks.yml says it's not https://github.com/ossf/scorecard/blob/main/docs/checks/internal/checks.yaml#L539

I think we need to make this check not file/commit type.

@azeemshaikh38
Copy link
Contributor Author

I think the problem was introduced in #1822. This PR declared this check as File-based, even though the checks.yml says it's not https://github.com/ossf/scorecard/blob/main/docs/checks/internal/checks.yaml#L539

I think we need to make this check not file/commit type.

Discussed offline. --local will not run Security-Policy check. We'll only use this check for GitHub-like VCS platforms.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

BUG: Security-Policy throws internal error if --local . passed
3 participants