ossf · naveensrinivasan · Feb 15, 2022 · Feb 15, 2022 · Feb 15, 2022
diff --git a/go.mod b/go.mod
@@ -1,3 +1,5 @@
 module github.com/ossf/scorecard-action
 
 go 1.17
+
+require github.com/google/go-cmp v0.5.7 // indirect
diff --git a/go.sum b/go.sum
@@ -0,0 +1,3 @@
+github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/main.go b/main.go
@@ -21,6 +21,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"os/exec"
 	"strconv"
 	"strings"
 )
@@ -39,6 +40,7 @@ var (
 	errEmptyDefaultBranch         = errors.New("default branch is empty")
 	errEmptyGitHubAuthToken       = errors.New("repo_token variable is empty")
 	errOnlyDefaultBranchSupported = errors.New("only default branch is supported")
+	errEmptyScorecardBin          = errors.New("scorecard_bin variable is empty")
 )
 
 type repositoryInformation struct {
@@ -55,6 +57,7 @@ const (
 	githubEventName         = "GITHUB_EVENT_NAME"
 	githubRepository        = "GITHUB_REPOSITORY"
 	githubRef               = "GITHUB_REF"
+	githubWorkspace         = "GITHUB_WORKSPACE"
 	//nolint:gosec
 	githubAuthToken            = "GITHUB_AUTH_TOKEN"
 	inputresultsfile           = "INPUT_RESULTS_FILE"
@@ -103,6 +106,25 @@ func main() {
 	if err := validate(os.Stderr); err != nil {
 		panic(err)
 	}
+
+	// gets the cmd run settings
+	cmd, err := runScorecardSettings(os.Getenv(githubEventName),
+		os.Getenv(scorecardPolicyFile), os.Getenv(scorecardResultsFormat),
+		os.Getenv(scorecardBin), os.Getenv(scorecardResultsFile), os.Getenv(githubRepository))
+	if err != nil {
+		panic(err)
+	}
+	cmd.Dir = os.Getenv(githubWorkspace)
+	if err := cmd.Run(); err != nil {
+		panic(err)
+	}
+
+	results, err := ioutil.ReadFile(os.Getenv(scorecardResultsFile))
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println(string(results))
 }
 
 // initalizeENVVariables is a function to initialize the environment variables required for the action.
@@ -334,3 +356,72 @@ func validate(writer io.Writer) error {
 	}
 	return nil
 }
+
+func runScorecardSettings(githubEventName, scorecardPolicyFile, scorecardResultsFormat, scorecardBin,
+	scorecardResultsFile, githubRepository string) (*exec.Cmd, error) {
+	if scorecardBin == "" {
+		return nil, errEmptyScorecardBin
+	}
+	var result exec.Cmd
+	result.Path = scorecardBin
+	// if pull_request
+	if strings.Contains(githubEventName, "pull_request") {
+		// empty policy file
+		if scorecardPolicyFile == "" {
+			result.Args = []string{
+				"--local",
+				".",
+				"--format",
+				scorecardResultsFormat,
+				"--show-details",
+				">",
+				scorecardResultsFile,
+			}
+			return &result, nil
+		}
+		result.Args = []string{
+			"--local",
+			".",
+			"--format",
+			scorecardResultsFormat,
+			"--policy",
+			scorecardPolicyFile,
+			"--show-details",
+			">",
+			scorecardResultsFile,
+		}
+		return &result, nil
+	}
+
+	enabledChecks := ""
+	if githubEventName == "branch_protection_rule" {
+		enabledChecks = "--checks Branch-Protection"
+	}
+
+	if scorecardPolicyFile == "" {
+		result.Args = []string{
+			"--repo",
+			githubRepository,
+			"--format",
+			enabledChecks,
+			scorecardResultsFormat,
+			"--show-details",
+			">",
+			scorecardResultsFile,
+		}
+		return &result, nil
+	}
+	result.Args = []string{
+		"--repo",
+		githubRepository,
+		"--format",
+		enabledChecks,
+		scorecardResultsFormat,
+		"--policy",
+		scorecardPolicyFile,
+		"--show-details",
+		">",
+		scorecardResultsFile,
+	}
+	return &result, nil
+}
diff --git a/main_test.go b/main_test.go
@@ -18,8 +18,11 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"strconv"
 	"testing"
+
+	"github.com/google/go-cmp/cmp"
 )
 
 //not setting t.Parallel() here because we are mutating the env variables
@@ -482,3 +485,237 @@ func Test_validate(t *testing.T) {
 		})
 	}
 }
+
+func Test_runScorecardSettings(t *testing.T) {
+	t.Parallel()
+	type args struct {
+		githubEventName        string
+		scorecardPolicyFile    string
+		scorecardResultsFormat string
+		scorecardBin           string
+		scorecardResultsFile   string
+		githubRepository       string
+	}
+	//nolint
+	tests := []struct {
+		wantErr bool
+		name    string
+		args    args
+		want    *exec.Cmd
+	}{
+		{
+			name: "Success - scorecardFork set",
+			args: args{
+				githubEventName:        "pull_request",
+				scorecardPolicyFile:    "./testdata/scorecard.yaml",
+				scorecardResultsFormat: "json",
+				scorecardBin:           "scorecard",
+				scorecardResultsFile:   "./testdata/scorecard.json",
+				githubRepository:       "foo/bar",
+			},
+			want: &exec.Cmd{
+				Path: "scorecard",
+				Args: []string{
+					"scorecard",
+					"--policy",
+					"./testdata/scorecard.yaml",
+					"--results-format",
+					"json",
+					"--results-file",
+					"./testdata/scorecard.json",
+					"--repo",
+					"foo/bar",
+				},
+			},
+		},
+		{
+			name: "Success - scorecardFork set",
+			args: args{
+				githubEventName:        "pull_request",
+				scorecardPolicyFile:    "./testdata/scorecard.yaml",
+				scorecardResultsFormat: "json",
+				scorecardBin:           "scorecard",
+				scorecardResultsFile:   "./testdata/scorecard.json",
+				githubRepository:       "foo/bar",
+			},
+			want: &exec.Cmd{
+				Path: "scorecard",
+				Args: []string{
+					"scorecard",
+					"--policy",
+					"./testdata/scorecard.yaml",
+					"--results-format",
+					"json",
+					"--results-file",
+					"./testdata/scorecard.json",
+					"--repo",
+					"foo/bar",
+				},
+			},
+		},
+		{
+			name: "Success - scorecardFork set",
+			args: args{
+				githubEventName:        "pull_request",
+				scorecardPolicyFile:    "./testdata/scorecard.yaml",
+				scorecardResultsFormat: "json",
+				scorecardBin:           "scorecard",
+				scorecardResultsFile:   "./testdata/scorecard.json",
+				githubRepository:       "foo/bar",
+			},
+			want: &exec.Cmd{
+				Path: "scorecard",
+				Args: []string{
+					"scorecard",
+					"--policy",
+					"./testdata/scorecard.yaml",
+					"--results-format",
+					"json",
+					"--results-file",
+					"./testdata/scorecard.json",
+					"--repo",
+					"foo/bar",
+				},
+			},
+		},
+		{
+			name: "Success - scorecardFork set",
+			args: args{
+				githubEventName:        "pull_request",
+				scorecardResultsFormat: "json",
+				scorecardBin:           "scorecard",
+				scorecardResultsFile:   "./testdata/scorecard.json",
+				githubRepository:       "foo/bar",
+			},
+			want: &exec.Cmd{
+				Path: "scorecard",
+				Args: []string{
+					"scorecard",
+					"--results-format",
+					"json",
+					"--results-file",
+					"./testdata/scorecard.json",
+					"--repo",
+					"foo/bar",
+				},
+			},
+		},
+		{
+			name: "Success - scorecardFork set",
+			args: args{
+				githubEventName:        "pull_request",
+				scorecardResultsFormat: "json",
+				scorecardBin:           "scorecard",
+				scorecardResultsFile:   "./testdata/scorecard.json",
+				githubRepository:       "foo/bar",
+			},
+			want: &exec.Cmd{
+				Path: "scorecard",
+				Args: []string{
+					"scorecard",
+					"--results-format",
+					"json",
+					"--results-file",
+					"./testdata/scorecard.json",
+					"--repo",
+					"foo/bar",
+				},
+			},
+		},
+		{
+			name: "Success - scorecardFork set",
+			args: args{
+				scorecardResultsFormat: "json",
+				scorecardBin:           "scorecard",
+				scorecardResultsFile:   "./testdata/scorecard.json",
+				githubRepository:       "foo/bar",
+			},
+			want: &exec.Cmd{
+				Path: "scorecard",
+				Args: []string{
+					"scorecard",
+					"--results-format",
+					"json",
+					"--results-file",
+					"./testdata/scorecard.json",
+					"--repo",
+					"foo/bar",
+				},
+			},
+		},
+		{
+			name: "Success - Branch protection rule",
+			args: args{
+				githubEventName:        "branch_protection_rule",
+				scorecardResultsFormat: "json",
+				scorecardBin:           "scorecard",
+				scorecardResultsFile:   "./testdata/scorecard.json",
+				githubRepository:       "foo/bar",
+			},
+			want: &exec.Cmd{
+				Path: "scorecard",
+				Args: []string{
+					"scorecard",
+					"--results-format",
+					"json",
+					"--results-file",
+					"./testdata/scorecard.json",
+					"--repo",
+					"foo/bar",
+				},
+			},
+		},
+		{
+			name: "Success - Branch protection rule",
+			args: args{
+				scorecardPolicyFile:    "./testdata/scorecard.yaml",
+				githubEventName:        "branch_protection_rule",
+				scorecardResultsFormat: "json",
+				scorecardBin:           "scorecard",
+				scorecardResultsFile:   "./testdata/scorecard.json",
+				githubRepository:       "foo/bar",
+			},
+			want: &exec.Cmd{
+				Path: "scorecard",
+				Args: []string{
+					"scorecard",
+					"--policy",
+					"./testdata/scorecard.yaml",
+					"--results-format",
+					"json",
+					"--results-file",
+					"./testdata/scorecard.json",
+					"--repo",
+					"foo/bar",
+				},
+			},
+		},
+		{
+			name: "Want error - Branch protection rule",
+			args: args{
+				githubEventName:        "",
+				scorecardResultsFormat: "",
+				scorecardBin:           "",
+				scorecardResultsFile:   "",
+				githubRepository:       "",
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got, err := runScorecardSettings(tt.args.githubEventName, tt.args.scorecardPolicyFile,
+				tt.args.scorecardResultsFormat, tt.args.scorecardBin, tt.args.scorecardResultsFile, tt.args.githubRepository)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("runScorecardSettings() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !tt.wantErr && cmp.Equal(got.Args, tt.want.Args) {
+				t.Errorf("runScorecardSettings() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}