Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[WIP] cmd/installer: Cleanups (2/n) (#833)
- go.mod: Update to github.com/google/go-github/v46 - install/github: Comment out GitHub client code - install/github: Use scorecard roundtripper for authentication - install/github: Restore commented-out code - Fix lint warnings - install: Skip workflow creation if file already exists - install: Don't block PR creation if the workflow file does not exist - install/github: Reference pull request link in log message - install: Parameterize method inputs - install: Improve pull request description - Move repo installation tool to cmd/ directory - cmd/installer: Update installation instructions - install: Improve log messages - install: Restructure `Run()` function to reduce cognitive complexity - install/github: Add functions for generating GitHub API options Signed-off-by: Stephen Augustus <foo@auggie.dev>
- Loading branch information
1 parent
2693af3
commit fe6daaf
Showing
12 changed files
with
252 additions
and
356 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Scorecard GitHub Action installer | ||
|
||
This tool can add the | ||
[scorecard GitHub Action](https://github.com/ossf/scorecard-action) to all | ||
accessible repositories under a given organization. A pull request will be | ||
created so that owners can decide whether or not they want to include the | ||
workflow. | ||
|
||
## Requirements | ||
|
||
Running this tool requires a Personal Access Token (PAT) with the following scopes: | ||
|
||
- `repo > public_repo` | ||
- `admin:org > read:org` | ||
|
||
Instructions on creating a personal access token can be found | ||
[here](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). | ||
|
||
## Usage | ||
|
||
```console | ||
❯ go run cmd/installer/main.go --help | ||
|
||
The Scorecard GitHub Action installer simplifies the installation of the | ||
scorecard GitHub Action by creating pull requests through the command line. | ||
|
||
Usage: | ||
--owner example_org [--repos <repo1,repo2,repo3>] [flags] | ||
|
||
Flags: | ||
-h, --help help for --owner | ||
--owner string org/owner to install the scorecard action for | ||
--repos strings repositories to install the scorecard action on | ||
``` | ||
|
||
Another PAT should also be defined as an organization secret for | ||
`scorecards.yml` using steps listed in | ||
[scorecard-action](https://github.com/ossf/scorecard-action#pat-token-creation). |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.