Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ GitLab: Documentation and cleaner errors #2821

Merged
merged 9 commits into from
Apr 21, 2023
Merged

✨ GitLab: Documentation and cleaner errors #2821

merged 9 commits into from
Apr 21, 2023

Conversation

raghavkaul
Copy link
Contributor

@raghavkaul raghavkaul commented Apr 4, 2023
edited

What kind of change does this PR introduce?

Add documentation for GitLab support and show cleaner error messages (i.e., InconclusiveResult) if a check isn't supported.

Also, some panics are fixed and logging improvements are made.

What is the current behavior?

Currently, we give 10/10 scores to GitLab in certain checks due to lack of data.

* GitLab: For checks that aren't possible on GitLab, return Inconclusive Result
* GitHub: If no Workflows are detected, Dangerous-Workflows check returns Inconclusive instead of max score

@raghavkaul
Return inconclusive if there are no workflows
1bc261a 
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
@raghavkaul
Return inconclusive if we don't have any workflows
88d1d2c 
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
@raghavkaul
logging fixes
dd90944 
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
@raghavkaul
fix panic
f89b817 
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
@raghavkaul
Update README.md
a6b4e72 
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
@raghavkaul
skip error when getting external status checks (requires full api acc…
7e0af93 
…ess)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
azeemshaikh38
azeemshaikh38 approved these changes Apr 6, 2023
View reviewed changes
Copy link
Contributor

@azeemshaikh38 azeemshaikh38 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with comments.

checks/evaluation/dangerous_workflow.go Show resolved Hide resolved
checks/evaluation/permissions/permissions.go Show resolved Hide resolved
checks/raw/dangerous_workflow.go Show resolved Hide resolved
checks/raw/permissions.go Show resolved Hide resolved
clients/gitlabrepo/branches.go Show resolved Hide resolved
@github-actions
Copy link

Stale pull request message

@raghavkaul
update
bc7dd21 
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
@raghavkaul raghavkaul temporarily deployed to integration-test April 17, 2023 15:37 — with GitHub Actions Inactive
@raghavkaul
fix dangerous workflow test
cc89464 
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
@raghavkaul raghavkaul temporarily deployed to integration-test April 21, 2023 18:44 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented Apr 21, 2023

Codecov Report

Merging #2821 (cc89464) into main (9a3ed3d) will decrease coverage by 0.03%.
The diff coverage is 68.75%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2821      +/-   ##
==========================================
- Coverage   51.66%   51.64%   -0.03%     
==========================================
  Files         158      158              
  Lines       12064    12075      +11     
==========================================
+ Hits         6233     6236       +3     
- Misses       5466     5475       +9     
+ Partials      365      364       -1

@raghavkaul raghavkaul merged commit 130a31f into ossf:main Apr 21, 2023
@raghavkaul raghavkaul deleted the gitlab-checks-unsupported branch April 21, 2023 18:58
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request May 29, 2023
@raghavkaul @balteravishay
✨ GitLab: Documentation and cleaner errors (ossf#2821)
74d6973 
* Return inconclusive if there are no workflows

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Return inconclusive if we don't have any workflows

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* logging fixes

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* fix panic

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Update README.md

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* skip error when getting external status checks (requires full api access)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* fix dangerous workflow test

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
@spencerschrock spencerschrock mentioned this pull request Jun 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azeemshaikh38 azeemshaikh38 azeemshaikh38 approved these changes

@olivekl olivekl Awaiting requested review from olivekl

@justaugustus justaugustus Awaiting requested review from justaugustus

@laurentsimon laurentsimon Awaiting requested review from laurentsimon

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan

@spencerschrock spencerschrock Awaiting requested review from spencerschrock

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@raghavkaul @azeemshaikh38