Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Enable gitlab Packaging Reporting #2941

Merged
merged 14 commits into from
May 8, 2023
Merged

Conversation

jimrobison
Copy link
Contributor

What kind of change does this PR introduce?

Feature to accomplish initial scoring for gitlab package check.

What is the current behavior?

  • Currently there isn't a score at all for gitlab projects with regards to Packaging

What is the new behavior (if this is a feature change)?**

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #2940

Special notes for your reviewer

  • The modifications take advantage of a gitlab API that combines the CI/CD yaml files into a single yaml file that makes it easier to confirm/query for actions taking place.
  • Currently, what is searched for:
    • docker push
    • nuget push
    • poetry publish
    • twine upload

Does this PR introduce a user-facing change?

Implementation of score on Packaging check for gitlab projects.

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

NONE

@jimrobison jimrobison changed the title Enable gitlab Packaging Reporting Feature: Enable gitlab Packaging Reporting May 3, 2023
@jimrobison jimrobison changed the title Feature: Enable gitlab Packaging Reporting Non-breaking feature: Enable gitlab Packaging Reporting May 3, 2023
…contents

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
…file listing

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
…package

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
…nes containing nuget, poetry, twine publishes

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
…ckaging data

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
…xception

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
@jimrobison jimrobison temporarily deployed to integration-test May 3, 2023 15:21 — with GitHub Actions Inactive
Copy link
Contributor

@raghavkaul raghavkaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes!

checks/fileparser/gitlab_workflow.go Show resolved Hide resolved
clients/gitlabrepo/tarball.go Outdated Show resolved Hide resolved
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
@jimrobison jimrobison temporarily deployed to integration-test May 3, 2023 22:10 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented May 3, 2023

Codecov Report

Merging #2941 (7bc6993) into main (7e159f9) will increase coverage by 1.58%.
The diff coverage is 36.58%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2941      +/-   ##
==========================================
+ Coverage   53.13%   54.72%   +1.58%     
==========================================
  Files         159      161       +2     
  Lines       12202    12303     +101     
==========================================
+ Hits         6484     6733     +249     
+ Misses       5344     5184     -160     
- Partials      374      386      +12     

@spencerschrock spencerschrock changed the title Non-breaking feature: Enable gitlab Packaging Reporting ✨ Enable gitlab Packaging Reporting May 4, 2023
@raghavkaul raghavkaul temporarily deployed to integration-test May 8, 2023 15:13 — with GitHub Actions Inactive
@raghavkaul
Copy link
Contributor

@jimrobison Could you also update README.md that the Packaging check is supported?

@jimrobison
Copy link
Contributor Author

@jimrobison Could you also update README.md that the Packaging check is supported?

Are you referring to this README? It already has it annotated that it is Fully Supported.

@raghavkaul
Copy link
Contributor

Ah, gotcha. That sounds like it wasn't true before this PR (would be good to review other checks as well, I might have glossed over them). But we should be good to merge.

@raghavkaul raghavkaul merged commit 7d59575 into ossf:main May 8, 2023
@jimrobison jimrobison deleted the gitlab-packaging branch May 8, 2023 19:04
gabibguti pushed a commit to gabibguti/scorecard that referenced this pull request May 10, 2023
* feat: Added yaml file that contains the full, flattened gitlab ci/cd contents

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated to meet linting failures

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated filename for flattened gitlab

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated to include the generated, flattened ci yaml in the file listing

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated the apiFunction to be part of the handler

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Moved packaging collection to be a repoClient specific sub-package

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* feat: Added path for gitlab projects, including a basic search for lines containing nuget, poetry, twine publishes

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Added tests for gitlab packaging finders

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Added more tests for parsing through the client and grouping packaging data

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Utilizing existing mock objects to prevent race condition exception

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Addressed linting errors

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Updated expectation for log message

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Reverted back to the original error

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

---------

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request May 29, 2023
* feat: Added yaml file that contains the full, flattened gitlab ci/cd contents

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated to meet linting failures

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated filename for flattened gitlab

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated to include the generated, flattened ci yaml in the file listing

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated the apiFunction to be part of the handler

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Moved packaging collection to be a repoClient specific sub-package

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* feat: Added path for gitlab projects, including a basic search for lines containing nuget, poetry, twine publishes

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Added tests for gitlab packaging finders

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Added more tests for parsing through the client and grouping packaging data

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Utilizing existing mock objects to prevent race condition exception

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Addressed linting errors

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Updated expectation for log message

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Reverted back to the original error

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

---------

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Feature: Enable gitlab Packaging Reporting
2 participants