Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Gitlab support #2265

Merged
merged 17 commits into from
Sep 21, 2022
Merged

✨ Gitlab support #2265

merged 17 commits into from
Sep 21, 2022

Conversation

N8BWert
Copy link
Contributor

@N8BWert N8BWert commented Sep 15, 2022

What kind of change does this PR introduce?

This PR introduces GitLab functionality to the scorecard project.

What is the current behavior?

Currently scorecard only supports testing GitHub repositories.

What is the new behavior (if this is a feature change)?**

A client has been added to allow the command line execution of scorecard to include support for gitlab projects.

Which issue(s) this PR fixes

#Support For GitLab Projects
#2266 (comment)

Special notes for your reviewer

It is important to note that projectID is not the same as the name of the project. Scorecard will not find the GitLab project in the following situation:

Example: Project named test-project with projectID 1234 owned by steve who is a part of examplecompany

  • This will not work:
scorecard gitlab.examplecompany.com/steve/test-project
  • However this will work:
scorecard gitlab.examplecompany.com/steve/1234

Does this PR introduce a user-facing change?

If a user is running scorecard on a GitHub repository that includes the string "gitlab." in the title scorecard will now think that repository is actually a GitLab project, however this is an incredibly rare edge case.

Repositories that include "gitlab." in their title will be assumed to be gitlab projects.

@N8BWert N8BWert temporarily deployed to integration-test September 15, 2022 17:38 Inactive
@N8BWert N8BWert marked this pull request as draft September 15, 2022 17:38
@N8BWert N8BWert changed the title Gitlab support ✨ ✨ Gitlab support Sep 15, 2022
@N8BWert N8BWert marked this pull request as ready for review September 15, 2022 17:54
@github-actions
Copy link

Integration tests success for
[d4c5ef8]
(https://github.com/ossf/scorecard/actions/runs/3062497764)

@codecov
Copy link

codecov bot commented Sep 15, 2022

Codecov Report

Merging #2265 (842d3bb) into main (a6983ed) will decrease coverage by 3.67%.
The diff coverage is 5.38%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2265      +/-   ##
==========================================
- Coverage   44.85%   41.17%   -3.68%     
==========================================
  Files          95      110      +15     
  Lines        7957     8774     +817     
==========================================
+ Hits         3569     3613      +44     
- Misses       4125     4892     +767     
- Partials      263      269       +6     

@azeemshaikh38
Copy link
Contributor

@N8BWert thank you so much for this PR! Very excited to see Scorecard support GitLab. I'm ooo today, will review it tomo.

Copy link
Contributor

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks amazing. Thanks for this PR.
A few things we can iterate on after merging are:

  1. Handling of tokens
  2. Adding e2e tests under the `./e2e/ folder.
  3. Scanning of critical repositories in the cron jobs (under ./cron folder)

I'd suggest we add a "experimental feature" in the README until we have the e2e tests in.

Copy link
Member

@naveensrinivasan naveensrinivasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! This is great! Without tests, it is going to be hard to maintain this. Could you please add tests?

@laurentsimon
Copy link
Contributor

@naveensrinivasan which tests specifically? Under clients/gitlabrepo? Or end-to-end tests?
Since this is a massive PR and still experimental, I think it'd be OK to do the e2e tests in a follow-up PR. Wdut?

@N8BWert
Copy link
Contributor Author

N8BWert commented Sep 16, 2022

@naveensrinivasan By tests do you mean the e2e tests. If so, would you like me to host all of the e2e test repos on my gitlab or is there a plan to make a fork of those repos into an ossf specific GitLab?

@laurentsimon
Copy link
Contributor

I think we should take the second option: have an ossf GitLab org

@naveensrinivasan
Copy link
Member

@naveensrinivasan which tests specifically? Under clients/gitlabrepo? Or end-to-end tests?
Since this is a massive PR and still experimental, I think it'd be OK to do the e2e tests in a follow-up PR. Wdut?

Both TBH. I recommend we do the e2e and merge them in, as it provides some sanity. If not, we are blindsided whether any of these features are working. That is my thought process.

@naveensrinivasan
Copy link
Member

@naveensrinivasan By tests do you mean the e2e tests. If so, would you like me to host all of the e2e test repos on my gitlab or is there a plan to make a fork of those repos into an ossf specific GitLab?

If the e2e tests are in GitLab how do we ensure in this repository that new code changes aren't breaking this functionality? Do you have ideas?

@laurentsimon
Copy link
Contributor

laurentsimon commented Sep 16, 2022

@N8BWert feel free to start the e2e tests using your own repos. In the meantime we'll figure out how to create an org ossf-tests on GitLab. When, done, we can just transfer or copy your repos into it. SG?

@N8BWert
Copy link
Contributor Author

N8BWert commented Sep 16, 2022

Sounds good to me!

Copy link
Contributor

@azeemshaikh38 azeemshaikh38 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this incredible PR @N8BWert! This looks good to submit overall. I left some comments, please address those and I can work on getting this merged in. My high-level comments on the PR is:

  • Let's confine this PR to changes made within clients/gitlabrepo/ package only. You can add the integrated support for GitLab in a future PR.
  • Remove any dead code that is still WIP and submit it in a future PR.
  • Please add some unit tests for code where parsing/string building logic exists.
  • There are some linter errors/warnings. Please fix those to adhere to our projects coding guidelines.

checker/client.go Outdated Show resolved Hide resolved
clients/gitlabrepo/branches.go Show resolved Hide resolved
clients/gitlabrepo/client.go Show resolved Hide resolved
clients/user.go Outdated Show resolved Hide resolved
clients/gitlabrepo/workflows.go Outdated Show resolved Hide resolved
clients/gitlabrepo/issues.go Outdated Show resolved Hide resolved
clients/gitlabrepo/client.go Outdated Show resolved Hide resolved
checks/raw/security_policy.go Outdated Show resolved Hide resolved
checker/client.go Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
@N8BWert
Copy link
Contributor Author

N8BWert commented Sep 16, 2022

@azeemshaikh38 Sounds good, on it now.

@azeemshaikh38
Copy link
Contributor

@laurentsimon @naveensrinivasan @N8BWert - regarding e2e: we might be biting off more than we can chew by attempting this all in a single PR. My suggestion would be to get this PR merged in with just code inside clients/gitlabrepo. We can look into adding support for e2e tests and fully supporting this in the CLI in separate smaller PRs. Wdyt?

Note that gitlabrepo implementation isn't fully completed yet (which is fine cause this PR adds >90% support for it already).

@laurentsimon
Copy link
Contributor

I'm fine with adding e2etests later, see #2265 (comment)

@azeemshaikh38
Copy link
Contributor

I'm fine with adding e2etests later, see #2265 (comment)

Ah I see. In that case, @naveensrinivasan do you still prefer having e2e tests? Note that this PR won't contain any logic outside clients/gitlabrepo segregating it from the core Scorecard logic and allowing us to test it piece by piece. Does that work?

Copy link
Member

@naveensrinivasan naveensrinivasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@azeemshaikh38
Copy link
Contributor

@N8BWert could you update your branch and resolve pending conflicts here? I will get this PR merged in so that review of #2280 can be unblocked.

@N8BWert N8BWert temporarily deployed to integration-test September 21, 2022 18:32 Inactive
@N8BWert N8BWert temporarily deployed to integration-test September 21, 2022 18:46 Inactive
@github-actions
Copy link

Integration tests success for
[cf83b48]
(https://github.com/ossf/scorecard/actions/runs/3100223005)

@github-actions
Copy link

Integration tests success for
[56b36e8]
(https://github.com/ossf/scorecard/actions/runs/3100303282)

@N8BWert N8BWert temporarily deployed to integration-test September 21, 2022 19:45 Inactive
@github-actions
Copy link

Integration tests success for
[842d3bb]
(https://github.com/ossf/scorecard/actions/runs/3100647146)

@azeemshaikh38 azeemshaikh38 merged commit 0f87094 into ossf:main Sep 21, 2022
N8BWert added a commit to N8BWert/scorecard that referenced this pull request Sep 23, 2022
* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* merge main into gitlab_support

* check-linter fixes

Signed-off-by: Nathaniel Wert <[email protected]>
Co-authored-by: nathaniel.wert <[email protected]>
Signed-off-by: N8BWert <[email protected]>
raghavkaul pushed a commit to raghavkaul/scorecard that referenced this pull request Sep 28, 2022
* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* merge main into gitlab_support

* check-linter fixes

Signed-off-by: Nathaniel Wert <[email protected]>
Co-authored-by: nathaniel.wert <[email protected]>
N8BWert added a commit to N8BWert/scorecard that referenced this pull request Nov 28, 2022
* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* merge main into gitlab_support

* check-linter fixes

Signed-off-by: Nathaniel Wert <[email protected]>
Co-authored-by: nathaniel.wert <[email protected]>
Signed-off-by: N8BWert <[email protected]>
Signed-off-by: nathaniel.wert <[email protected]>
N8BWert added a commit to N8BWert/scorecard that referenced this pull request Nov 28, 2022
* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* merge main into gitlab_support

* check-linter fixes

Signed-off-by: Nathaniel Wert <[email protected]>
Co-authored-by: nathaniel.wert <[email protected]>
N8BWert added a commit to N8BWert/scorecard that referenced this pull request Nov 28, 2022
* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* merge main into gitlab_support

* check-linter fixes

Signed-off-by: Nathaniel Wert <[email protected]>
Co-authored-by: nathaniel.wert <[email protected]>
Signed-off-by: N8BWert <[email protected]>
Signed-off-by: nathaniel.wert <[email protected]>
N8BWert added a commit to N8BWert/scorecard that referenced this pull request Nov 28, 2022
* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* updated readme to reflect gitlab usage

* bugfixes after a good deal of testing

* removed unnecessary files from branch

* cleaning up my mess

* requested changes + unit tests

* style fixes

* merge main into gitlab_support

* check-linter fixes

Signed-off-by: Nathaniel Wert <[email protected]>
Co-authored-by: nathaniel.wert <[email protected]>
Signed-off-by: nathaniel.wert <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants