Create a Golang-based entrypoint for scorecard-action (1/n)

[justaugustus]

Part of #107.

Signed-off-by: Stephen Augustus foo@auggie.dev

[codecov]

Codecov Report

Merging #122 (29e94f2) into main (d6456f6) will increase coverage by 2.62%.
The diff coverage is 69.02%.

@@            Coverage Diff             @@
##             main     #122      +/-   ##
==========================================
+ Coverage   66.39%   69.02%   +2.62%     
==========================================
  Files           1        2       +1     
  Lines         247      113     -134     
==========================================
- Hits          164       78      -86     
+ Misses         77       27      -50     
- Partials        6        8       +2     

Impacted Files	Coverage Δ
options/options.go	68.46% <68.46%> (ø)
options/env.go	100.00% <100.00%> (ø)
main.go

[laurentsimon]

cc @rohankh532

[naveensrinivasan]

Looks good. Thank you!, I didn't approve it because I would like @laurentsimon also to review it.

[azeemshaikh38]

This is awesome @justaugustus, thanks! Same comment as @naveensrinivasan, will wait for @laurentsimon review.

[justaugustus]

I want to call out the test failures here:

Unit tests (https://github.com/ossf/scorecard-action/runs/5426123389?check_suite_focus=true):

Run go test -covermode=atomic  -coverprofile=unit-coverage.out ./...
  go test -covermode=atomic  -coverprofile=unit-coverage.out ./...
  shell: /usr/bin/bash -e {0}
  env:
    GOROOT: /opt/hostedtoolcache/go/1.17.7/x64
?   	github.com/ossf/scorecard-action	[no test files]
ok  	github.com/ossf/scorecard-action/entrypoint	0.009s	coverage: 0.0% of statements [no tests to run]
?   	github.com/ossf/scorecard-action/github	[no test files]
--- FAIL: TestNew (0.00s)
    --- FAIL: TestNew/SuccessFormatSARIF (0.00s)
        options_test.go:107: New() error = validating scorecard options: some options could not be validated: [commit option is not supported yet], wantErr false
    --- FAIL: TestNew/SuccessFormatJSON (0.00s)
        options_test.go:107: New() error = validating scorecard options: some options could not be validated: [commit option is not supported yet], wantErr false
FAIL
coverage: 43.9% of statements
FAIL	github.com/ossf/scorecard-action/options	0.012s
FAIL
Error: Process completed with exit code 1.

golangci-lint (https://github.com/ossf/scorecard-action/runs/5426123392?check_suite_focus=true):

Run golangci/golangci-lint-action@b517f99ae23d86ecc4c0dec08dcf48d2336abc29
prepare environment
run golangci-lint
  Running [/home/runner/golangci-lint-1.44.0-linux-amd64/golangci-lint run --out-format=github-actions --new-from-patch=/tmp/tmp-1656-d52rcyaL5U29/pull.patch --new=false --new-from-rev=] in [] ...
  Error: File is not `gci`-ed (gci)
  Error: File is not `gci`-ed (gci)
  Error: File is not `gci`-ed (gci)
  
  Error: issues found
  Ran golangci-lint in 3505ms

VS what happens locally...

❯ time go test -v -covermode=atomic  -coverprofile=unit-coverage.out ./...
?   	github.com/ossf/scorecard-action	[no test files]
testing: warning: no tests to run
PASS
coverage: 0.0% of statements
ok  	github.com/ossf/scorecard-action/entrypoint	0.354s	coverage: 0.0% of statements [no tests to run]
?   	github.com/ossf/scorecard-action/github	[no test files]
=== RUN   TestNew
=== RUN   TestNew/SuccessFormatSARIF
=== RUN   TestNew/SuccessFormatJSON
--- PASS: TestNew (0.00s)
    --- PASS: TestNew/SuccessFormatSARIF (0.00s)
    --- PASS: TestNew/SuccessFormatJSON (0.00s)
=== RUN   TestInitialize
=== RUN   TestInitialize/Success
=== RUN   TestInitialize/FailureNoFieldsSet
=== RUN   TestInitialize/FailureBadEventPath
=== RUN   TestInitialize/FailureBadEventData
--- PASS: TestInitialize (0.00s)
    --- PASS: TestInitialize/Success (0.00s)
    --- PASS: TestInitialize/FailureNoFieldsSet (0.00s)
    --- PASS: TestInitialize/FailureBadEventPath (0.00s)
    --- PASS: TestInitialize/FailureBadEventData (0.00s)
PASS
coverage: 54.4% of statements
ok  	github.com/ossf/scorecard-action/options	0.226s	coverage: 54.4% of statements
go test -v -covermode=atomic -coverprofile=unit-coverage.out ./...  1.86s user 1.12s system 165% cpu 1.798 total

❯ time golangci-lint run -c .golangci.yml
golangci-lint run -c .golangci.yml  1.33s user 1.01s system 210% cpu 1.116 total

Something is up with CI tests; will check it out.

[azeemshaikh38]

Something is up with CI tests; will check it out.

A wild guess, the golangci-lint that is being downloaded by CI (through make install) is probably pulling some version that's broken (or atleast different than your local instance).

[justaugustus]

A wild guess, the golangci-lint that is being downloaded by CI (through make install) is probably pulling some version that's broken (or atleast different than your local instance).

Yep! I'm checking out https://github.com/nektos/act locally to see if I can mimic the GitHub Action env.

[azeemshaikh38]

A wild guess, the golangci-lint that is being downloaded by CI (through make install) is probably pulling some version that's broken (or atleast different than your local instance).

Yep! I'm checking out https://github.com/nektos/act locally to see if I can mimic the GitHub Action env.

Nice! That's a pretty cool tool. @laurentsimon might help in testing scorecard-action locally.

[justaugustus]

Nice! That's a pretty cool tool. @laurentsimon might help in testing scorecard-action locally.

Exactly what I was thinking!

[justaugustus]

Something is up with CI tests; will check it out.

A wild guess, the golangci-lint that is being downloaded by CI (through make install) is probably pulling some version that's broken (or atleast different than your local instance).

@azeemshaikh38 @naveensrinivasan -- Can you take a peek at #126? That PR fixes the lint config.

[justaugustus]

@laurentsimon @azeemshaikh38 @naveensrinivasan -- I think this is a good stopping point. There's a bunch more to do, but all of the tests are passing and I'd to unblock the work happening in #120 (cc: @rohankh532).

[azeemshaikh38]

LGTM, thanks!

[azeemshaikh38]

Can use http.MethodGet here instead.