Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Convert pinned dependencies to probe #3829

Merged
merged 14 commits into from
Feb 26, 2024
Merged

🌱 Convert pinned dependencies to probe #3829

merged 14 commits into from
Feb 26, 2024

Conversation

AdamKorcz
Copy link
Contributor

What kind of change does this PR introduce?

feature

What is the current behavior?

Currently, the Pinned Dependencies check does not include probes.

What is the new behavior (if this is a feature change)?**

This converts the Pinned Dependencies evaluation to probes.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

Does this PR introduce a user-facing change?

@AdamKorcz AdamKorcz requested a review from a team as a code owner January 30, 2024 13:09
@AdamKorcz AdamKorcz requested review from justaugustus and laurentsimon and removed request for a team January 30, 2024 13:09
@AdamKorcz AdamKorcz force-pushed the pinned-deps-to-probes branch from d2bc061 to b42e010 Compare January 30, 2024 13:32
@codecov Codecov
Copy link

codecov bot commented Jan 30, 2024
edited
Loading

Codecov Report

Merging #3829 (838c0a0) into main (cac416e) will decrease coverage by 0.11%.
The diff coverage is 77.94%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3829      +/-   ##
==========================================
- Coverage   68.90%   68.80%   -0.11%     
==========================================
  Files         231      232       +1     
  Lines       15669    15682      +13     
==========================================
- Hits        10797    10790       -7     
- Misses       4206     4223      +17     
- Partials      666      669       +3

@spencerschrock spencerschrock requested review from spencerschrock and removed request for laurentsimon January 30, 2024 19:10
spencerschrock
spencerschrock approved these changes Jan 30, 2024
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally ok as a conversion PR. Left some comments

checks/pinned_dependencies_test.go Outdated Show resolved Hide resolved
checks/testdata/pinneddependencies/Dockerfile-script-ok Outdated Show resolved Hide resolved
probes/pinsDependencies/def.yml Show resolved Hide resolved
probes/pinsDependencies/impl.go Outdated Show resolved Hide resolved
checks/evaluation/pinned_dependencies.go Show resolved Hide resolved
checks/evaluation/pinned_dependencies_test.go Show resolved Hide resolved
probes/pinsDependencies/impl_test.go Outdated Show resolved Hide resolved
probes/pinsDependencies/impl_test.go Show resolved Hide resolved
probes/pinsDependencies/impl_test.go Outdated Show resolved Hide resolved
checks/evaluation/pinned_dependencies.go Show resolved Hide resolved
@spencerschrock
Copy link
Member

/scdiff generate Pinned-Dependencies

@github-actions GitHub Actions
Copy link

Here's a link to the scdiff run

@spencerschrock spencerschrock mentioned this pull request Feb 1, 2024
Merged
2 tasks
@AdamKorcz AdamKorcz force-pushed the pinned-deps-to-probes branch from 88f9018 to 2d2bb30 Compare February 6, 2024 14:31
spencerschrock
spencerschrock reviewed Feb 20, 2024
View reviewed changes
probes/pinsDependencies/impl.go Outdated Show resolved Hide resolved
checks/evaluation/pinned_dependencies.go Show resolved Hide resolved
probes/pinsDependencies/def.yml Show resolved Hide resolved
probes/pinsDependencies/impl.go Outdated Show resolved Hide resolved
probes/pinsDependencies/impl.go Outdated Show resolved Hide resolved
probes/pinsDependencies/impl.go Outdated Show resolved Hide resolved
probes/pinsDependencies/impl.go Outdated Show resolved Hide resolved
@AdamKorcz
🌱 Convert pinned dependencies to probe
a0a5762 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
add more tests
5474687 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
add checks unit test
fb45482 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
fix year in probe header and add mising test file
5a3f503 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
Change usage of ValidateTestReturn
012359e 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
rename test
b0f0b09 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
change 'pinned' to 'unpinned' in test name
203dada 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
export 'depTypeKey'
de6b381 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
Do not copy test Dockerfile
3df7656 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
rename test
0e273c6 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
Rebase and bring back 'Test_generateOwnerToDisplay'
aefdc23 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz
Use API to create finding
1d58fbc 
Signed-off-by: AdamKorcz <[email protected]>
@AdamKorcz AdamKorcz force-pushed the pinned-deps-to-probes branch from d594ef5 to 1d58fbc Compare February 22, 2024 21:10
@AdamKorcz
Copy link
Contributor Author

Or are we including this as part of #3855 ?

If possible, let's add it to #3855

@AdamKorcz
Copy link
Contributor Author

@spencerschrock PTAL again.

@spencerschrock
Copy link
Member

/scdiff generate Pinned-Dependencies

@github-actions GitHub Actions
Copy link

Here's a link to the scdiff run

@spencerschrock
Copy link
Member

@spencerschrock PTAL again.

LGTM. Will merge on Monday (just in case theres anything we didn't catch, it gives us more time to catch it before the cron uses it)

@spencerschrock spencerschrock enabled auto-merge (squash) February 26, 2024 18:02
@spencerschrock spencerschrock merged commit 299948e into ossf:main Feb 26, 2024
38 checks passed
fhoeborn pushed a commit to fhoeborn/scorecard that referenced this pull request Apr 1, 2024
@AdamKorcz @fhoeborn
🌱 Convert pinned dependencies to probe (ossf#3829)
0cbcacb 
* 🌱 Convert pinned dependencies to probe

Signed-off-by: Adam Korczynski <[email protected]>

* add more tests

Signed-off-by: Adam Korczynski <[email protected]>

* add checks unit test

Signed-off-by: Adam Korczynski <[email protected]>

* fix year in probe header and add mising test file

Signed-off-by: Adam Korczynski <[email protected]>

* Change usage of ValidateTestReturn

Signed-off-by: Adam Korczynski <[email protected]>

* rename test

Signed-off-by: Adam Korczynski <[email protected]>

* change 'pinned' to 'unpinned' in test name

Signed-off-by: Adam Korczynski <[email protected]>

* export 'depTypeKey'

Signed-off-by: Adam Korczynski <[email protected]>

* Do not copy test Dockerfile

Signed-off-by: Adam Korczynski <[email protected]>

* rename test

Signed-off-by: Adam Korczynski <[email protected]>

* Rebase and bring back 'Test_generateOwnerToDisplay'

Signed-off-by: Adam Korczynski <[email protected]>

* Use API to create finding

Signed-off-by: AdamKorcz <[email protected]>

* one more change to how the probe creates a finding

Signed-off-by: AdamKorcz <[email protected]>

---------

Signed-off-by: Adam Korczynski <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spencerschrock spencerschrock spencerschrock approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AdamKorcz @spencerschrock