🌱 Enforce make add-projects for GitHub and GitLab repos (#3780)

* fail if add-projects not run Signed-off-by: Spencer Schrock <sschrock@google.com> * add gitlab file to add-projects Signed-off-by: Spencer Schrock <sschrock@google.com> * order gitlab projects with make add-projects Signed-off-by: Spencer Schrock <sschrock@google.com> * simplify workflow job this binary doesn't need the build protos Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
ossf · Jan 19, 2024 · ee4e83a · ee4e83a
1 parent 0dcad3a
commit ee4e83a
Show file tree

Hide file tree

Showing 4 changed files with 19,895 additions and 19,907 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -298,37 +298,17 @@ jobs:
   add-projects:
     name: add-projects
     runs-on: ubuntu-latest
-    needs: build-proto
     permissions:
       contents: read
     steps:
      - name: Harden Runner
        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-     - name: Cache builds
-       # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
-       with:
-         path: |
-           ~/go/pkg/mod
-           ~/.cache/go-build
-           ~/Library/Caches/go-build
-           %LocalAppData%\go-build
-         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-         restore-keys: |
-           ${{ runner.os }}-go-
      - name: Clone the code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-       with:
-          fetch-depth: 0
      - name: Setup Go
-       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v2.2.0
+       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@@ -342,6 +322,7 @@ jobs:
           command: |
             go env -w GOFLAGS=-mod=mod
             make add-projects
+            git diff --exit-code
   validate-projects:
     name: validate-projects
     runs-on: ubuntu-latest

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -154,10 +154,14 @@ The personal access token need the following scopes:
 
 ## How do I add additional GitHub repositories to be scanned by scorecard weekly?
 
-Scorecard maintains the list of repositories in a file
+Scorecard maintains the list of GitHub repositories in a file
 https://github.com/ossf/scorecard/blob/main/cron/internal/data/projects.csv
 
-Submit a PR for this file and scorecard would start scanning in subsequent runs.
+GitLab repositories are listed in:
+https://github.com/ossf/scorecard/blob/main/cron/internal/data/gitlab-projects.csv
+
+Append your desired repositories to the end of these files, then run `make add-projects`.
+Commit the changes, and submit a PR and scorecard would start scanning in subsequent runs.
 
 ## Adding New Checks
 

diff --git a/Makefile b/Makefile
@@ -94,11 +94,14 @@ check-linter: | $(GOLANGCI_LINT)
 	# Run golangci-lint linter
 	$(GOLANGCI_LINT) run -c .golangci.yml
 
-add-projects: ## Adds new projects to ./cron/internal/data/projects.csv
+add-projects: ## Adds new projects to ./cron/internal/data/projects.csv and ./cron/internal/data/gitlab-projects.csv
 add-projects: ./cron/internal/data/projects.csv | build-add-script
-	# Add new projects to ./cron/internal/data/projects.csv
+	# GitHub
 	./cron/internal/data/add/add ./cron/internal/data/projects.csv ./cron/internal/data/projects.new.csv
 	mv ./cron/internal/data/projects.new.csv ./cron/internal/data/projects.csv
+	# GitLab
+	./cron/internal/data/add/add ./cron/internal/data/gitlab-projects.csv ./cron/internal/data/gitlab-projects.new.csv
+	mv ./cron/internal/data/gitlab-projects.new.csv ./cron/internal/data/gitlab-projects.csv
 
 validate-projects: ## Validates ./cron/internal/data/projects.csv
 validate-projects: ./cron/internal/data/projects.csv | build-validate-script