From f8a81d926eb6d490cef0ae80ae7a55fd0374509b Mon Sep 17 00:00:00 2001 From: naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 15 Feb 2022 01:44:30 +0000 Subject: [PATCH] :seedling: Final bits of porting the shell to go - Final bits of porting the shell script to `go` - Tests included for the commandline args to Scorecard. --- go.mod | 2 + go.sum | 3 + main.go | 91 ++++++++++++++++++++ main_test.go | 237 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 333 insertions(+) create mode 100644 go.sum diff --git a/go.mod b/go.mod index bc012426..7f617137 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,5 @@ module github.com/ossf/scorecard-action go 1.17 + +require github.com/google/go-cmp v0.5.7 // indirect diff --git a/go.sum b/go.sum new file mode 100644 index 00000000..a365b082 --- /dev/null +++ b/go.sum @@ -0,0 +1,3 @@ +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/main.go b/main.go index e1fc182a..46fd5f64 100644 --- a/main.go +++ b/main.go @@ -21,6 +21,7 @@ import ( "io/ioutil" "net/http" "os" + "os/exec" "strconv" "strings" ) @@ -39,6 +40,7 @@ var ( errEmptyDefaultBranch = errors.New("default branch is empty") errEmptyGitHubAuthToken = errors.New("repo_token variable is empty") errOnlyDefaultBranchSupported = errors.New("only default branch is supported") + errEmptyScorecardBin = errors.New("scorecard_bin variable is empty") ) type repositoryInformation struct { @@ -55,6 +57,7 @@ const ( githubEventName = "GITHUB_EVENT_NAME" githubRepository = "GITHUB_REPOSITORY" githubRef = "GITHUB_REF" + githubWorkspace = "GITHUB_WORKSPACE" //nolint:gosec githubAuthToken = "GITHUB_AUTH_TOKEN" inputresultsfile = "INPUT_RESULTS_FILE" @@ -103,6 +106,25 @@ func main() { if err := validate(os.Stderr); err != nil { panic(err) } + + // gets the cmd run settings + cmd, err := runScorecardSettings(os.Getenv(githubEventName), + os.Getenv(scorecardPolicyFile), os.Getenv(scorecardResultsFormat), + os.Getenv(scorecardBin), os.Getenv(scorecardResultsFile), os.Getenv(githubRepository)) + if err != nil { + panic(err) + } + cmd.Dir = os.Getenv(githubWorkspace) + if err := cmd.Run(); err != nil { + panic(err) + } + + results, err := ioutil.ReadFile(os.Getenv(scorecardResultsFile)) + if err != nil { + panic(err) + } + + fmt.Println(string(results)) } // initalizeENVVariables is a function to initialize the environment variables required for the action. @@ -334,3 +356,72 @@ func validate(writer io.Writer) error { } return nil } + +func runScorecardSettings(githubEventName, scorecardPolicyFile, scorecardResultsFormat, scorecardBin, + scorecardResultsFile, githubRepository string) (*exec.Cmd, error) { + if scorecardBin == "" { + return nil, errEmptyScorecardBin + } + var result exec.Cmd + result.Path = scorecardBin + // if pull_request + if strings.Contains(githubEventName, "pull_request") { + // empty policy file + if scorecardPolicyFile == "" { + result.Args = []string{ + "--local", + ".", + "--format", + scorecardResultsFormat, + "--show-details", + ">", + scorecardResultsFile, + } + return &result, nil + } + result.Args = []string{ + "--local", + ".", + "--format", + scorecardResultsFormat, + "--policy", + scorecardPolicyFile, + "--show-details", + ">", + scorecardResultsFile, + } + return &result, nil + } + + enabledChecks := "" + if githubEventName == "branch_protection_rule" { + enabledChecks = "--checks Branch-Protection" + } + + if scorecardPolicyFile == "" { + result.Args = []string{ + "--repo", + githubRepository, + "--format", + enabledChecks, + scorecardResultsFormat, + "--show-details", + ">", + scorecardResultsFile, + } + return &result, nil + } + result.Args = []string{ + "--repo", + githubRepository, + "--format", + enabledChecks, + scorecardResultsFormat, + "--policy", + scorecardPolicyFile, + "--show-details", + ">", + scorecardResultsFile, + } + return &result, nil +} diff --git a/main_test.go b/main_test.go index ee7fe571..e9ce6d0f 100644 --- a/main_test.go +++ b/main_test.go @@ -18,8 +18,11 @@ import ( "fmt" "io/ioutil" "os" + "os/exec" "strconv" "testing" + + "github.com/google/go-cmp/cmp" ) //not setting t.Parallel() here because we are mutating the env variables @@ -482,3 +485,237 @@ func Test_validate(t *testing.T) { }) } } + +func Test_runScorecardSettings(t *testing.T) { + t.Parallel() + type args struct { + githubEventName string + scorecardPolicyFile string + scorecardResultsFormat string + scorecardBin string + scorecardResultsFile string + githubRepository string + } + //nolint + tests := []struct { + wantErr bool + name string + args args + want *exec.Cmd + }{ + { + name: "Success - scorecardFork set", + args: args{ + githubEventName: "pull_request", + scorecardPolicyFile: "./testdata/scorecard.yaml", + scorecardResultsFormat: "json", + scorecardBin: "scorecard", + scorecardResultsFile: "./testdata/scorecard.json", + githubRepository: "foo/bar", + }, + want: &exec.Cmd{ + Path: "scorecard", + Args: []string{ + "scorecard", + "--policy", + "./testdata/scorecard.yaml", + "--results-format", + "json", + "--results-file", + "./testdata/scorecard.json", + "--repo", + "foo/bar", + }, + }, + }, + { + name: "Success - scorecardFork set", + args: args{ + githubEventName: "pull_request", + scorecardPolicyFile: "./testdata/scorecard.yaml", + scorecardResultsFormat: "json", + scorecardBin: "scorecard", + scorecardResultsFile: "./testdata/scorecard.json", + githubRepository: "foo/bar", + }, + want: &exec.Cmd{ + Path: "scorecard", + Args: []string{ + "scorecard", + "--policy", + "./testdata/scorecard.yaml", + "--results-format", + "json", + "--results-file", + "./testdata/scorecard.json", + "--repo", + "foo/bar", + }, + }, + }, + { + name: "Success - scorecardFork set", + args: args{ + githubEventName: "pull_request", + scorecardPolicyFile: "./testdata/scorecard.yaml", + scorecardResultsFormat: "json", + scorecardBin: "scorecard", + scorecardResultsFile: "./testdata/scorecard.json", + githubRepository: "foo/bar", + }, + want: &exec.Cmd{ + Path: "scorecard", + Args: []string{ + "scorecard", + "--policy", + "./testdata/scorecard.yaml", + "--results-format", + "json", + "--results-file", + "./testdata/scorecard.json", + "--repo", + "foo/bar", + }, + }, + }, + { + name: "Success - scorecardFork set", + args: args{ + githubEventName: "pull_request", + scorecardResultsFormat: "json", + scorecardBin: "scorecard", + scorecardResultsFile: "./testdata/scorecard.json", + githubRepository: "foo/bar", + }, + want: &exec.Cmd{ + Path: "scorecard", + Args: []string{ + "scorecard", + "--results-format", + "json", + "--results-file", + "./testdata/scorecard.json", + "--repo", + "foo/bar", + }, + }, + }, + { + name: "Success - scorecardFork set", + args: args{ + githubEventName: "pull_request", + scorecardResultsFormat: "json", + scorecardBin: "scorecard", + scorecardResultsFile: "./testdata/scorecard.json", + githubRepository: "foo/bar", + }, + want: &exec.Cmd{ + Path: "scorecard", + Args: []string{ + "scorecard", + "--results-format", + "json", + "--results-file", + "./testdata/scorecard.json", + "--repo", + "foo/bar", + }, + }, + }, + { + name: "Success - scorecardFork set", + args: args{ + scorecardResultsFormat: "json", + scorecardBin: "scorecard", + scorecardResultsFile: "./testdata/scorecard.json", + githubRepository: "foo/bar", + }, + want: &exec.Cmd{ + Path: "scorecard", + Args: []string{ + "scorecard", + "--results-format", + "json", + "--results-file", + "./testdata/scorecard.json", + "--repo", + "foo/bar", + }, + }, + }, + { + name: "Success - Branch protection rule", + args: args{ + githubEventName: "branch_protection_rule", + scorecardResultsFormat: "json", + scorecardBin: "scorecard", + scorecardResultsFile: "./testdata/scorecard.json", + githubRepository: "foo/bar", + }, + want: &exec.Cmd{ + Path: "scorecard", + Args: []string{ + "scorecard", + "--results-format", + "json", + "--results-file", + "./testdata/scorecard.json", + "--repo", + "foo/bar", + }, + }, + }, + { + name: "Success - Branch protection rule", + args: args{ + scorecardPolicyFile: "./testdata/scorecard.yaml", + githubEventName: "branch_protection_rule", + scorecardResultsFormat: "json", + scorecardBin: "scorecard", + scorecardResultsFile: "./testdata/scorecard.json", + githubRepository: "foo/bar", + }, + want: &exec.Cmd{ + Path: "scorecard", + Args: []string{ + "scorecard", + "--policy", + "./testdata/scorecard.yaml", + "--results-format", + "json", + "--results-file", + "./testdata/scorecard.json", + "--repo", + "foo/bar", + }, + }, + }, + { + name: "Want error - Branch protection rule", + args: args{ + githubEventName: "", + scorecardResultsFormat: "", + scorecardBin: "", + scorecardResultsFile: "", + githubRepository: "", + }, + wantErr: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + got, err := runScorecardSettings(tt.args.githubEventName, tt.args.scorecardPolicyFile, + tt.args.scorecardResultsFormat, tt.args.scorecardBin, tt.args.scorecardResultsFile, tt.args.githubRepository) + if (err != nil) != tt.wantErr { + t.Errorf("runScorecardSettings() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !tt.wantErr && cmp.Equal(got.Args, tt.want.Args) { + t.Errorf("runScorecardSettings() = %v, want %v", got, tt.want) + } + }) + } +}