Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ branch protection: requiring PRs gives partial credit #3499

Merged
Show file tree
Hide file tree
Changes from 135 commits
Commits
Show all changes
140 commits
Select commit Hold shift + click to select a range
e54013e
feat(branch-protection): consider if project requires PRs prior to ma…
diogoteles08 Sep 19, 2023
8e6ad1c
test(branch-protection): increment and adapt testing
diogoteles08 Sep 19, 2023
dc7bbb6
docs(branch-protection-check): adapt check description to consider re…
diogoteles08 Sep 19, 2023
968a4b9
refactor(branch-protection-check): avoid duplicate funcions and enhan…
diogoteles08 Sep 19, 2023
df13d85
📖 Update docs for Signed-Releases check (#3469)
raghavkaul Oct 2, 2023
8e2ff42
:seedling: Bump github.com/rhysd/actionlint from 1.6.15 to 1.6.26 (#3…
spencerschrock Oct 2, 2023
bab04bd
:seedling: Bump github.com/onsi/gomega from 1.27.10 to 1.28.0 (#3523)
dependabot[bot] Oct 3, 2023
1ba0c76
✨ Add --output argument to write results to file (#3482)
gabibguti Oct 3, 2023
ec15b2d
:seedling: Bump step-security/harden-runner from 2.5.1 to 2.6.0 (#3532)
dependabot[bot] Oct 3, 2023
94f7039
:seedling: Bump tj-actions/changed-files from 39.1.2 to 39.2.1 (#3531)
dependabot[bot] Oct 3, 2023
66e5843
:seedling: Fix race condition in output file test. (#3533)
spencerschrock Oct 4, 2023
d6275d3
:book: Fix documentation typos (#3505)
omahs Oct 4, 2023
d1bd8da
:sparkles: broaden job matcher for semantic release (#3506)
secustor Oct 4, 2023
1b016d2
:seedling: Bump nick-invision/retry from 2.8.3 to 2.9.0 (#3519)
dependabot[bot] Oct 4, 2023
d393a00
:seedling: Bump github.com/xanzy/go-gitlab from 0.92.1 to 0.92.3 (#3528)
dependabot[bot] Oct 4, 2023
8844c48
:seedling: Bump github.com/otiai10/copy from 1.12.0 to 1.14.0 (#3527)
dependabot[bot] Oct 4, 2023
27cc9d5
feat(branch-protection): standardize values received on evaluation
diogoteles08 Oct 6, 2023
87487cb
test(github-client): adapt and add tests to check if nil values are c…
diogoteles08 Oct 6, 2023
0e48ea7
feat(client-github): avoid reusing bool pointers
diogoteles08 Oct 6, 2023
1897c5a
feat(branch-protection): enhance evaluation if scorecard was run by a…
diogoteles08 Oct 6, 2023
d9aa12a
test(branch-protection): adapt testings to say if they have admin inf…
diogoteles08 Oct 6, 2023
c675b57
test(e2e-branch-protection): adapt number of logs after changes
diogoteles08 Oct 9, 2023
2da9095
Revert the 2 commits with changes around how Scorecard detects admin run
diogoteles08 Oct 23, 2023
ab9510c
refactor(branch-protection): change data structure to use pointer ins…
diogoteles08 Nov 7, 2023
c0c30df
feat(branch-protection): use nil pointer on reviewers struct to mean
diogoteles08 Nov 9, 2023
1370892
test(branch-protection): if we're setting the reviewers struct to nil
diogoteles08 Nov 9, 2023
a70b6c4
:seedling: Bump github.com/google/osv-scanner from 1.4.0 to 1.4.1 (#3…
dependabot[bot] Oct 5, 2023
1754eee
:seedling: Bump github.com/xanzy/go-gitlab from 0.92.3 to 0.93.0 (#3537)
dependabot[bot] Oct 5, 2023
c74c23c
:sparkles: scdiff: Limit generating results to specific checks (#3535)
spencerschrock Oct 5, 2023
2a897cf
:seedling: Add probe test utility (#3541)
AdamKorcz Oct 6, 2023
24a9a34
:seedling: Sort fields of raw results alphabetically (#3540)
AdamKorcz Oct 6, 2023
43a9a13
:seedling: Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#3544)
dependabot[bot] Oct 9, 2023
e1efb32
:seedling: Bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#3545)
dependabot[bot] Oct 9, 2023
b43fc8d
:seedling: Bump github.com/xanzy/go-gitlab from 0.93.0 to 0.93.1 (#3546)
dependabot[bot] Oct 9, 2023
933b6fc
:seedling: Bump distroless/base from `27647a6` to `29da700` and golan…
spencerschrock Oct 9, 2023
0335794
:seedling: Bump cloud.google.com/go/bigquery from 1.55.0 to 1.56.0 (#…
dependabot[bot] Oct 9, 2023
dbbe7b8
:seedling: Add OutcomeNotApplicable (#3539)
AdamKorcz Oct 9, 2023
b178a9b
:sparkles: Add additional fuzzing probes (#3473)
DavidKorczynski Oct 9, 2023
7197be9
:book: fix "default" typo (#3543)
testwill Oct 10, 2023
7ecb2c1
:seedling: checks/raw: fix struct alignment linter issue (#3550)
spencerschrock Oct 10, 2023
ad9f04d
:seedling: Add map to Finding (#3558)
AdamKorcz Oct 11, 2023
cc7e9d2
:seedling: Bump golang.org/x/net from 0.16.0 to 0.17.0 (#3563)
dependabot[bot] Oct 12, 2023
7b0ed65
:seedling: Bump golang.org/x/net from 0.14.0 to 0.17.0 in /tools (#3562)
dependabot[bot] Oct 12, 2023
acceee0
:seedling: Adding all Intel public GitHub repos (#3556)
Oct 12, 2023
1980139
:seedling: Bump github.com/onsi/ginkgo/v2 from 2.12.1 to 2.13.0 (#3551)
dependabot[bot] Oct 12, 2023
1d03eb3
:seedling: Bump github.com/onsi/ginkgo/v2 in /tools (#3552)
dependabot[bot] Oct 12, 2023
faa30eb
:seedling: Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#3557)
dependabot[bot] Oct 12, 2023
2d79a91
:seedling: Bump kubernetes-sigs/kubebuilder-release-tools (#3553)
dependabot[bot] Oct 12, 2023
ab76574
:bug: Fix wrong quotes (#3565)
AdamKorcz Oct 12, 2023
50f5231
:seedling: Add new outcome to UnmarshalYAML (#3566)
AdamKorcz Oct 12, 2023
c537441
:bug: scdiff: fix generate cmd when no --checks arg provided. (#3570)
spencerschrock Oct 16, 2023
aaed64b
:sparkles: scdiff: improve `compare` usability (#3573)
spencerschrock Oct 16, 2023
36aa863
:sparkles: Add fast-check test runners integrations (#3568)
sheerlox Oct 19, 2023
7afb0bb
:seedling: Bump github.com/bradleyfalzon/ghinstallation/v2 (#3575)
dependabot[bot] Oct 19, 2023
13e40b6
:seedling: Bump tj-actions/changed-files from 39.2.1 to 39.2.3 (#3577)
dependabot[bot] Oct 19, 2023
a696ef5
:seedling: Bump github.com/google/ko from 0.14.1 to 0.15.0 in /tools …
dependabot[bot] Oct 19, 2023
3e9805e
:seedling: Bump actions/checkout from 4.1.0 to 4.1.1 (#3580)
dependabot[bot] Oct 19, 2023
7d4b425
:bug: SAST detect new GitHub app slug for CodeQL (#3591)
martincostello Oct 20, 2023
5a8f6d8
:seedling: enable the golangci-lint `bugs` preset (#3583)
spencerschrock Oct 23, 2023
4bcc2ff
:seedling: use forbidigo linter to prevent print statements (#3585)
spencerschrock Oct 23, 2023
d904ca9
:bug: scanning gitlab private repositories (#3596)
gabibguti Oct 23, 2023
46302bb
:seedling: Bump github.com/xanzy/go-gitlab from 0.93.1 to 0.93.2 (#3593)
dependabot[bot] Oct 23, 2023
fbf8a8f
:seedling: Bump github.com/onsi/gomega from 1.28.0 to 1.28.1 (#3597)
dependabot[bot] Oct 23, 2023
82510d4
:seedling: add style linters: mirror, tenv, usestdlibvars (#3586)
spencerschrock Oct 23, 2023
3ab16f7
:seedling: enable gomoddirectives linter. (#3584)
spencerschrock Oct 23, 2023
cf52e73
:seedling: enable style linter `errname` (#3587)
spencerschrock Oct 23, 2023
8a7a7e0
:seedling: remove unused osv helper tool. (#3572)
spencerschrock Oct 23, 2023
c4ed642
:seedling: Bump github.com/golangci/golangci-lint in /tools (#3592)
dependabot[bot] Oct 24, 2023
c0518d1
:seedling: GitLab: track coverage for gitlab e2e tests (#3601)
raghavkaul Oct 24, 2023
59654af
:seedling: Add license probe (#3465)
AdamKorcz Oct 24, 2023
89589e9
🌱 convert packaging check to probe (#3486)
AdamKorcz Oct 24, 2023
3939cb7
:seedling: Add probe support for contributors metrics (#3460)
AdamKorcz Oct 24, 2023
364e826
:seedling: Fix linter issues caught by new linters in golangci-lint v…
spencerschrock Oct 24, 2023
162fe8f
remove sonatype lift (#3605)
spencerschrock Oct 25, 2023
1474447
:seedling: convert vulnerabilities check to probe (#3487)
AdamKorcz Oct 25, 2023
64d4608
:sparkles: Add WithValues function to findings (#3619)
laurentsimon Oct 27, 2023
a8f758f
CODEOWNERS: Support distribution of code reviews via team assignments…
justaugustus Oct 27, 2023
269a1d4
:seedling: Enable golangci-lint `test` presets (#3594)
spencerschrock Oct 27, 2023
074535f
:seedling: Bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#3611)
dependabot[bot] Oct 27, 2023
07b38cb
:seedling: Bump google.golang.org/grpc from 1.58.2 to 1.58.3 in /tool…
dependabot[bot] Oct 27, 2023
5ff9c3b
:seedling: Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#3599)
dependabot[bot] Oct 27, 2023
01011b3
:seedling: Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 (#3…
dependabot[bot] Oct 27, 2023
1fd212f
:seedling: Bump github.com/moby/buildkit from 0.12.2 to 0.12.3 (#3589)
dependabot[bot] Oct 28, 2023
b99b069
:seedling: Bump github.com/golangci/golangci-lint in /tools (#3613)
dependabot[bot] Oct 28, 2023
7c620c7
🌱 Update stale workflow to exempt Structured Results milestone (#3634)
afmarcum Nov 1, 2023
e43b139
:seedling: Bump github.com/docker/docker (#3627)
dependabot[bot] Nov 1, 2023
a6aae83
:seedling: Bump github.com/docker/docker in /tools (#3628)
dependabot[bot] Nov 1, 2023
adadc37
:seedling: Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 (#3622)
dependabot[bot] Nov 1, 2023
0e3bbb6
:seedling: Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#3623)
dependabot[bot] Nov 1, 2023
0a8ef7b
:seedling: Bump github.com/onsi/gomega from 1.28.1 to 1.29.0 (#3624)
dependabot[bot] Nov 1, 2023
fef0fab
:seedling: Bump cloud.google.com/go/bigquery from 1.56.0 to 1.57.1 (#…
dependabot[bot] Nov 2, 2023
7eea83a
:bug: remove probe remediations from detail string (#3642)
spencerschrock Nov 3, 2023
e6a2d33
:seedling: Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#3644)
dependabot[bot] Nov 6, 2023
b984da5
:seedling: Convert Dangerous Workflow check to probes (#3521)
AdamKorcz Nov 6, 2023
5f5c0ad
:seedling: Convert SAST check to probes (#3571)
AdamKorcz Nov 7, 2023
303aa5d
:seedling: Bump github.com/google/osv-scanner from 1.4.2 to 1.4.3 (#3…
dependabot[bot] Nov 7, 2023
c36e0b2
:seedling: Bump golang.org/x/text from 0.13.0 to 0.14.0 (#3643)
dependabot[bot] Nov 8, 2023
b74b9d1
:seedling: Bump github.com/golangci/golangci-lint in /tools (#3645)
dependabot[bot] Nov 8, 2023
2ad51d6
🐛 Pinned-Dependencies continues on error (#3515)
pnacht Nov 8, 2023
3ef09c5
:seedling: Bump actions/dependency-review-action from 3.1.0 to 3.1.2 …
dependabot[bot] Nov 8, 2023
7a14bf6
:seedling: Bump kubernetes-sigs/kubebuilder-release-tools (#3637)
dependabot[bot] Nov 8, 2023
0f292ff
:seedling: Bump tj-actions/changed-files from 39.2.3 to 40.1.1 (#3657)
dependabot[bot] Nov 9, 2023
8967f45
:seedling: Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#3651)
dependabot[bot] Nov 9, 2023
9d100ee
:seedling: Bump slsa-framework/slsa-verifier from 2.4.0 to 2.4.1 (#3652)
dependabot[bot] Nov 9, 2023
d0cfcc2
:seedling: Bump github.com/onsi/gomega from 1.29.0 to 1.30.0 (#3659)
dependabot[bot] Nov 9, 2023
d6b8643
:seedling: speedup slowest e2e tests (#3656)
spencerschrock Nov 9, 2023
3ed5c7b
:seedling: Add dependency remediation in raw results instead of at lo…
AdamKorcz Nov 9, 2023
1b85c52
:seedling: configure dependabot to group (most) GitHub actions weekly…
spencerschrock Nov 10, 2023
95b09cb
Merge branch 'main' into feat/branch-protection-recognize-rule-change…
diogoteles08 Nov 13, 2023
7405a47
doc(branch-protection): add code comment explaining different weight …
diogoteles08 Nov 17, 2023
80f60e9
refactor(branch-protection): avoid duplicate if branches on reviewers…
diogoteles08 Nov 17, 2023
6ff36d7
docs(branch-protection): clarify commentings around data structure
diogoteles08 Nov 17, 2023
5759623
refactor: clean code on parsing GitHub BP data
diogoteles08 Nov 17, 2023
2efeee6
feat(branch-protection): ressignify the nil PullRequestReviewRule to …
diogoteles08 Nov 20, 2023
6786caf
test(branch-protection): ensure we translate GitHub BP data as expected
diogoteles08 Nov 20, 2023
f85e516
feat(branch-protection): adapt score evaluation after 2efeee6512603ac…
diogoteles08 Nov 20, 2023
8be4fe5
test(branch-protection): adapt testings to changes of last commits
diogoteles08 Nov 20, 2023
00ddeb0
docs(branch-protection): add TODO comments pointing refactor opportun…
diogoteles08 Nov 20, 2023
d63e71b
Merge branch 'main' into feat/branch-protection-recognize-rule-change…
diogoteles08 Nov 21, 2023
6858790
fix: avoid penalyzing non-admin for dismissStaleReview
diogoteles08 Dec 5, 2023
f187795
fix(branch-protection): prevent false value from API field to become nil
diogoteles08 Dec 5, 2023
8f3d972
refactor: clarify different weight on first reviewer
diogoteles08 Dec 6, 2023
620bb93
refactor: enhance clarity of loggings and comments
diogoteles08 Dec 6, 2023
14acff3
test(branch-protection): new test to cover different rules affecting …
diogoteles08 Dec 6, 2023
5a18a16
docs(branch-protection): change requirements ordering to keep admin o…
diogoteles08 Dec 6, 2023
13d0ff6
refactor(branch-protection): simplify auxiliary function
diogoteles08 Dec 6, 2023
884e685
refactor(branch-protection): fix code format to linter requirements
diogoteles08 Dec 6, 2023
906e487
refactor(branch-protection): avoid unnecessary initializations and re…
diogoteles08 Dec 6, 2023
ad11f66
test(branch-protection): adapt test that was forgotten on commit 6858…
diogoteles08 Dec 6, 2023
20ba242
refactor(branch-protection): use enums to represent tiers
diogoteles08 Dec 8, 2023
1dd2bbd
refactor(branch-protection): remove nil fields of struct initializati…
diogoteles08 Dec 8, 2023
31b6e31
refactor(branch-protection): simplify functions by using generics
diogoteles08 Dec 8, 2023
fbe061f
docs(branch-protection): update docs after generate-docs run
diogoteles08 Dec 8, 2023
a6e27c4
fix(branch-protection): fix duplicated line on code
diogoteles08 Dec 8, 2023
def3081
Merge branch 'main' into feat/branch-protection-recognize-rule-change…
diogoteles08 Dec 8, 2023
131cadf
fix(branch-protection): stop exporting Tier enum
diogoteles08 Dec 11, 2023
7a0dc73
refactor(branch-protection): changing unchanged var to const
diogoteles08 Dec 11, 2023
f639ebf
test(branch-protection): Rename test and adapt it to be consistent wi…
diogoteles08 Dec 11, 2023
fd5b663
fix e2e-pat tests
spencerschrock Dec 12, 2023
f78b2f0
Merge branch 'main' into feat/branch-protection-recognize-rule-change…
spencerschrock Dec 12, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 14 additions & 16 deletions checks/branch_protection_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,15 +86,14 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
defaultBranch: main,
branches: []*clients.BranchRef{
{
Name: nil,
Protected: &trueVal,
BranchProtectionRule: clients.BranchProtectionRule{
CheckRules: clients.StatusChecksRule{
RequiresStatusChecks: &trueVal,
UpToDateBeforeMerge: &trueVal,
Contexts: []string{"foo"},
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &trueVal,
RequireCodeOwnerReviews: &trueVal,
RequiredApprovingReviewCount: &oneVal,
Expand All @@ -106,15 +105,14 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
},
},
{
Name: nil,
Protected: &trueVal,
BranchProtectionRule: clients.BranchProtectionRule{
CheckRules: clients.StatusChecksRule{
RequiresStatusChecks: &trueVal,
UpToDateBeforeMerge: &falseVal,
Contexts: nil,
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &falseVal,
RequireCodeOwnerReviews: &falseVal,
RequiredApprovingReviewCount: &zeroVal,
Expand All @@ -135,7 +133,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
Error: nil,
Score: 3,
NumberOfWarn: 7,
NumberOfInfo: 2,
NumberOfInfo: 3,
NumberOfDebug: 0,
},
defaultBranch: main,
Expand All @@ -153,7 +151,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
UpToDateBeforeMerge: &falseVal,
Contexts: nil,
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &falseVal,
RequireCodeOwnerReviews: &falseVal,
RequiredApprovingReviewCount: &zeroVal,
Expand All @@ -174,7 +172,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
Error: nil,
Score: 4,
NumberOfWarn: 9,
NumberOfInfo: 10,
NumberOfInfo: 12,
NumberOfDebug: 0,
},
defaultBranch: main,
Expand All @@ -188,7 +186,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
UpToDateBeforeMerge: &trueVal,
Contexts: []string{"foo"},
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &trueVal,
RequireCodeOwnerReviews: &trueVal,
RequiredApprovingReviewCount: &oneVal,
Expand All @@ -209,7 +207,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
UpToDateBeforeMerge: &falseVal,
Contexts: nil,
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &falseVal,
RequireCodeOwnerReviews: &falseVal,
RequiredApprovingReviewCount: &zeroVal,
Expand All @@ -230,7 +228,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
Error: nil,
Score: 8,
NumberOfWarn: 4,
NumberOfInfo: 16,
NumberOfInfo: 18,
NumberOfDebug: 0,
},
defaultBranch: main,
Expand All @@ -244,7 +242,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
UpToDateBeforeMerge: &trueVal,
Contexts: []string{"foo"},
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &trueVal,
RequireCodeOwnerReviews: &trueVal,
RequiredApprovingReviewCount: &oneVal,
Expand All @@ -265,7 +263,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
UpToDateBeforeMerge: &trueVal,
Contexts: []string{"foo"},
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &trueVal,
RequireCodeOwnerReviews: &trueVal,
RequiredApprovingReviewCount: &oneVal,
Expand All @@ -286,7 +284,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
Error: nil,
Score: 3,
NumberOfWarn: 7,
NumberOfInfo: 2,
NumberOfInfo: 3,
NumberOfDebug: 0,
},
defaultBranch: main,
Expand All @@ -301,7 +299,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
UpToDateBeforeMerge: &falseVal,
Contexts: nil,
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &falseVal,
RequireCodeOwnerReviews: &falseVal,
RequiredApprovingReviewCount: &zeroVal,
Expand Down Expand Up @@ -339,7 +337,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
UpToDateBeforeMerge: &falseVal,
Contexts: nil,
},
RequiredPullRequestReviews: clients.PullRequestReviewRule{
RequiredPullRequestReviews: &clients.PullRequestReviewRule{
DismissStaleReviews: &falseVal,
RequireCodeOwnerReviews: &falseVal,
RequiredApprovingReviewCount: &zeroVal,
Expand All @@ -357,7 +355,7 @@ func TestReleaseAndDevBranchProtected(t *testing.T) {
expected: scut.TestReturn{
Error: nil,
Score: 0,
NumberOfWarn: 4,
NumberOfWarn: 6,
NumberOfInfo: 0,
NumberOfDebug: 8,
},
Expand Down
Loading
Loading