Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Score Reporting: Signed-Releases looks at old release data #2169

Closed
azeemshaikh38 opened this issue Aug 17, 2022 · 3 comments
Closed

Improve Score Reporting: Signed-Releases looks at old release data #2169

azeemshaikh38 opened this issue Aug 17, 2022 · 3 comments
Labels
check/Signed-Releases good first issue Good for newcomers kind/bug Something isn't working
Milestone
v5

Comments

@azeemshaikh38
Copy link
Contributor

In some cases, Signed-Releases check looks at older releases instead of looking at the latest 5 releases. Some failing repos:
@azeemshaikh38 azeemshaikh38 added kind/bug Something isn't working good first issue Good for newcomers score reporting labels Aug 17, 2022
@raghavkaul
Copy link
Contributor

I believe this is because we're not getting asset data back in raw results for recent releases, e.g. for Jinja, the first release that we get assets for is 2.10:

    "releases": [
      {
        "tag": "3.1.2",
        "url": "https://api.github.com/repos/pallets/jinja/releases/65605546",
        "assets": null
      },
      {
        "tag": "3.1.1",
        "url": "https://api.github.com/repos/pallets/jinja/releases/62821662",
        "assets": null
      },
...
      {
        "tag": "2.10",
        "url": "https://api.github.com/repos/pallets/jinja/releases/8439285",
        "assets": [
          {
            "path": "Jinja2-2.10-py2.py3-none-any.whl",
            "url": "https://api.github.com/repos/pallets/jinja/releases/assets/5285245"
          },
          {
            "path": "Jinja2-2.10-py2.py3-none-any.whl.asc",
            "url": "https://api.github.com/repos/pallets/jinja/releases/assets/5285246"
          },
          {
            "path": "Jinja2-2.10.tar.gz",
            "url": "https://api.github.com/repos/pallets/jinja/releases/assets/5285243"
          },
          {
            "path": "Jinja2-2.10.tar.gz.asc",
            "url": "https://api.github.com/repos/pallets/jinja/releases/assets/5285244"
          }
        ]
      }

I can take a look further.

@azeemshaikh38
Copy link
Contributor Author

Thanks @raghavkaul! Possibly because we don't explicitly specify ListOptions here.

@raghavkaul raghavkaul mentioned this issue Aug 22, 2022
Closed
1 task
@justaugustus justaugustus added this to the v5 milestone Aug 25, 2022
@spencerschrock spencerschrock mentioned this issue Sep 1, 2023
Closed
@spencerschrock
Copy link
Contributor

I believe this ended up being the same bug that #4059 exposed and #4060 fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
check/Signed-Releases good first issue Good for newcomers kind/bug Something isn't working
Projects
Scorecard - NEW
Status: Done
Milestone
v5
5 participants
@justaugustus @azeemshaikh38 @spencerschrock @raghavkaul @afmarcum