🐛 Fix signed release error for empty gitlab repo

- Fixed the issue where an empty gitlab repo is causing this error. `Error: check runtime error: Signed-Releases: internal error: could not get release name 2023/12/27 18:07:19 error during command execution: check runtime error: Signed-Releases: internal error: could not get release name exit status 1` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
ossf · Dec 28, 2023 · 78ca9fc · 78ca9fc
1 parent 6a226ce
commit 78ca9fc
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 17 deletions.
diff --git a/checks/evaluation/signed_releases.go b/checks/evaluation/signed_releases.go
@@ -47,10 +47,13 @@ func SignedReleases(name string,
 		f := &findings[i]
 
 		// Debug release name
-		releaseName, err := getReleaseName(f)
-		if err != nil {
-			e := sce.WithMessage(sce.ErrScorecardInternal, "could not get release name")
-			return checker.CreateRuntimeErrorResult(name, e)
+		releaseName := getReleaseName(f)
+		if releaseName == "" {
+			dl.Warn(&checker.LogMessage{
+				Text: "no GitHub releases found",
+			})
+			// Generic summary.
+			return checker.CreateInconclusiveResult(name, "no releases found")
 		}
 		if !contains(loggedReleases, releaseName) {
 			dl.Debug(&checker.LogMessage{
@@ -77,11 +80,10 @@ func SignedReleases(name string,
 	for i := range findings {
 		f := &findings[i]
 
-		releaseName, err := getReleaseName(f)
-		if err != nil {
-			return checker.CreateRuntimeErrorResult(name, err)
+		releaseName := getReleaseName(f)
+		if releaseName == "" {
+			return checker.CreateInconclusiveResult(name, "no releases found")
 		}
-
 		if !contains(uniqueReleaseTags, releaseName) {
 			uniqueReleaseTags = append(uniqueReleaseTags, releaseName)
 		}
@@ -126,7 +128,7 @@ func SignedReleases(name string,
 	return checker.CreateResultWithScore(name, reason, score)
 }
 
-func getReleaseName(f *finding.Finding) (string, error) {
+func getReleaseName(f *finding.Finding) string {
 	m := f.Values
 	for k, v := range m {
 		var value int
@@ -137,10 +139,10 @@ func getReleaseName(f *finding.Finding) (string, error) {
 			value = int(releasesHaveProvenance.ValueTypeRelease)
 		}
 		if v == value {
-			return k, nil
+			return k
 		}
 	}
-	return "", sce.WithMessage(sce.ErrScorecardInternal, "could not get release tag")
+	return ""
 }
 
 func contains(releases []string, release string) bool {

diff --git a/checks/evaluation/signed_releases_test.go b/checks/evaluation/signed_releases_test.go
@@ -38,12 +38,6 @@ const (
 	asset1 = 1
 	asset2 = 2
 	asset3 = 3
-	asset4 = 4
-	asset5 = 5
-	asset6 = 6
-	asset7 = 7
-	asset8 = 8
-	asset9 = 9
 )
 
 func signedProbe(release, asset int, outcome finding.Outcome) finding.Finding {
@@ -282,3 +276,59 @@ func TestSignedReleases(t *testing.T) {
 		})
 	}
 }
+
+func Test_getReleaseName(t *testing.T) {
+	t.Parallel()
+	type args struct {
+		f *finding.Finding
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "no release",
+			args: args{
+				f: &finding.Finding{
+					Values: map[string]int{},
+				},
+			},
+			want: "",
+		},
+		{
+			name: "release",
+			args: args{
+				f: &finding.Finding{
+					Values: map[string]int{
+						"v1": int(releasesAreSigned.ValueTypeRelease),
+					},
+					Probe: releasesAreSigned.Probe,
+				},
+			},
+			want: "v1",
+		},
+		{
+			name: "release and asset",
+			args: args{
+				f: &finding.Finding{
+					Values: map[string]int{
+						"v1":         int(releasesAreSigned.ValueTypeRelease),
+						"artifact-1": int(releasesAreSigned.ValueTypeReleaseAsset),
+					},
+					Probe: releasesAreSigned.Probe,
+				},
+			},
+			want: "v1",
+		},
+	}
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			if got := getReleaseName(tt.args.f); got != tt.want {
+				t.Errorf("getReleaseName() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}