From 4bf14ad24e685df8cc05344bfb6cee3d553cff18 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Tue, 24 May 2022 18:28:11 -0400 Subject: [PATCH] install: Retrieve the correct action configuration from local path Signed-off-by: Stephen Augustus --- install/install.go | 40 +++++++++++++++++++++++++------------- install/options/options.go | 24 +++++++++++++++++++++-- 2 files changed, 48 insertions(+), 16 deletions(-) diff --git a/install/install.go b/install/install.go index 4c935936..b44e279b 100644 --- a/install/install.go +++ b/install/install.go @@ -28,12 +28,22 @@ import ( "github.com/ossf/scorecard-action/install/options" ) -const workflowFile = ".github/workflows/scorecards-analysis.yml" +const ( + workflowFile = ".github/workflows/scorecards.yml" + workflowFileDeprecated = ".github/workflows/scorecards-analysis.yml" +) + +var workflowFiles = []string{ + workflowFile, + workflowFileDeprecated, +} // Run adds the OpenSSF Scorecard workflow to all repositories under the given // organization. // TODO(install): Improve description. // TODO(install): Accept a context instead of setting one. +//nolint:gocognit +// TODO(lint): cognitive complexity 31 of func `Run` is high (> 30) (gocognit). func Run(o *options.Options) error { err := o.Validate() if err != nil { @@ -59,7 +69,7 @@ func Run(o *options.Options) error { } // Get yml file into byte array. - workflowContent, err := ioutil.ReadFile("scorecards-analysis.yml") + workflowContent, err := ioutil.ReadFile(o.ConfigPath) if err != nil { return fmt.Errorf("reading scorecard workflow file: %w", err) } @@ -101,20 +111,22 @@ func Run(o *options.Options) error { defaultBranchSHA := defaultBranch.Commit.SHA // Skip if scorecard file already exists in workflows folder. - scoreFileContent, _, _, err := client.GetContents( - ctx, - o.Owner, - repoName, - workflowFile, - &github.RepositoryContentGetOptions{}, - ) - if scoreFileContent != nil || err == nil { - log.Printf( - "skipped repo (%s) since scorecard workflow already exists", + for _, f := range workflowFiles { + scoreFileContent, _, _, err := client.GetContents( + ctx, + o.Owner, repoName, + f, + &github.RepositoryContentGetOptions{}, ) - - continue + if scoreFileContent != nil || err == nil { + log.Printf( + "skipped repo (%s) since scorecard workflow already exists", + repoName, + ) + + continue + } } // Skip if branch scorecard already exists. diff --git a/install/options/options.go b/install/options/options.go index 0d8c0bc6..e402e3ce 100644 --- a/install/options/options.go +++ b/install/options/options.go @@ -16,12 +16,24 @@ package options -import "errors" +import ( + "errors" + "path/filepath" +) + +const ( + configDir = "starter-workflows/code-scanning" + configFilename = "scorecards.yml" +) var errOwnerNotSpecified = errors.New("owner not specified") // Options are installation options for the scorecard action. type Options struct { + // Scorecard GitHub Action configuration path + ConfigPath string + + // GitHub org/repo owner Owner string // Repositories @@ -30,7 +42,9 @@ type Options struct { // New creates a new instance of installation options. func New() *Options { - return &Options{} + opts := &Options{} + opts.ConfigPath = GetConfigPath() + return opts } // Validate checks if the installation options specified are valid. @@ -41,3 +55,9 @@ func (o *Options) Validate() error { return nil } + +// GetConfigPath returns the local path for the scorecard action config file. +// TODO: Consider making this configurable. +func GetConfigPath() string { + return filepath.Join(configDir, configFilename) +}