install: Retrieve the correct action configuration from local path

Signed-off-by: Stephen Augustus <foo@auggie.dev>
ossf · May 24, 2022 · 5d6b3d6 · 5d6b3d6
1 parent bb52c12
commit 5d6b3d6
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 16 deletions.
diff --git a/install/install.go b/install/install.go
@@ -28,12 +28,22 @@ import (
 	"github.com/ossf/scorecard-action/install/options"
 )
 
-const workflowFile = ".github/workflows/scorecards-analysis.yml"
+const (
+	workflowFile           = ".github/workflows/scorecards.yml"
+	workflowFileDeprecated = ".github/workflows/scorecards-analysis.yml"
+)
+
+var workflowFiles = []string{
+	workflowFile,
+	workflowFileDeprecated,
+}
 
 // Run adds the OpenSSF Scorecard workflow to all repositories under the given
 // organization.
 // TODO(install): Improve description.
 // TODO(install): Accept a context instead of setting one.
+//nolint:gocognit
+// TODO(lint): cognitive complexity 31 of func `Run` is high (> 30) (gocognit).
 func Run(o *options.Options) error {
 	err := o.Validate()
 	if err != nil {
@@ -59,7 +69,7 @@ func Run(o *options.Options) error {
 	}
 
 	// Get yml file into byte array.
-	workflowContent, err := ioutil.ReadFile("scorecards-analysis.yml")
+	workflowContent, err := ioutil.ReadFile(o.ConfigPath)
 	if err != nil {
 		return fmt.Errorf("reading scorecard workflow file: %w", err)
 	}
@@ -101,20 +111,22 @@ func Run(o *options.Options) error {
 		defaultBranchSHA := defaultBranch.Commit.SHA
 
 		// Skip if scorecard file already exists in workflows folder.
-		scoreFileContent, _, _, err := client.GetContents(
-			ctx,
-			o.Owner,
-			repoName,
-			workflowFile,
-			&github.RepositoryContentGetOptions{},
-		)
-		if scoreFileContent != nil || err == nil {
-			log.Printf(
-				"skipped repo (%s) since scorecard workflow already exists",
+		for _, f := range workflowFiles {
+			scoreFileContent, _, _, err := client.GetContents(
+				ctx,
+				o.Owner,
 				repoName,
+				f,
+				&github.RepositoryContentGetOptions{},
 			)
-
-			continue
+			if scoreFileContent != nil || err == nil {
+				log.Printf(
+					"skipped repo (%s) since scorecard workflow already exists",
+					repoName,
+				)
+
+				continue
+			}
 		}
 
 		// Skip if branch scorecard already exists.

diff --git a/install/options/options.go b/install/options/options.go
@@ -16,12 +16,24 @@
 
 package options
 
-import "errors"
+import (
+	"errors"
+	"path/filepath"
+)
+
+const (
+	configDir      = "starter-workflows/code-scanning"
+	configFilename = "scorecards.yml"
+)
 
 var errOwnerNotSpecified = errors.New("owner not specified")
 
 // Options are installation options for the scorecard action.
 type Options struct {
+	// Scorecard GitHub Action configuration path
+	ConfigPath string
+
+	// GitHub org/repo owner
 	Owner string
 
 	// Repositories
@@ -30,7 +42,9 @@ type Options struct {
 
 // New creates a new instance of installation options.
 func New() *Options {
-	return &Options{}
+	opts := &Options{}
+	opts.ConfigPath = GetConfigPath()
+	return opts
 }
 
 // Validate checks if the installation options specified are valid.
@@ -41,3 +55,9 @@ func (o *Options) Validate() error {
 
 	return nil
 }
+
+// GetConfigPath returns the local path for the scorecard action config file.
+// TODO: Consider making this configurable.
+func GetConfigPath() string {
+	return filepath.Join(configDir, configFilename)
+}