Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃尡 Allow for publish URL override #811

Merged
merged 6 commits into from Aug 18, 2022
Merged

馃尡 Allow for publish URL override #811

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
12f1cdb
Allow for URL override
azeemshaikh38 Aug 18, 2022
763b09d
Tag a new release
azeemshaikh38 Aug 18, 2022
2999130
Unit test
azeemshaikh38 Aug 18, 2022
d20a4c9
Merge branch 'main' into azeems/bug
azeemshaikh38 Aug 18, 2022
dbafa32
Merge branch 'main' into azeems/bug
azeemshaikh38 Aug 18, 2022
74bde01
Update to internal_publish_base_url
azeemshaikh38 Aug 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 6 additions & 1 deletion action.yaml
View file
Open in desktop
Expand Up @@ -37,6 +37,11 @@ inputs:
required: false
default: false

publish_base_url:
description: "INPUT: Base URL for publishing results. Used for testing."
required: false
default: "https://api.securityscorecards.dev"

internal_default_token:
description: "INPUT: Default GitHub token. (Internal purpose only, not intended for developers to set. Used for pull requests configured with a PAT)."
required: false
Expand All @@ -48,4 +53,4 @@ branding:

runs:
using: "docker"
image: "docker://gcr.io/openssf/scorecard-action:v2.0.0-alpha.1"
image: "docker://gcr.io/openssf/scorecard-action:v2.0.0-alpha.2"
1 change: 1 addition & 0 deletions options/env.go
View file
Open in desktop
Expand Up @@ -43,6 +43,7 @@ const (
EnvInputResultsFile = "INPUT_RESULTS_FILE"
EnvInputResultsFormat = "INPUT_RESULTS_FORMAT"
EnvInputPublishResults = "INPUT_PUBLISH_RESULTS"
EnvInputPublishBaseURL = "INPUT_PUBLISH_BASE_URL"
)

// Errors
Expand Down
7 changes: 1 addition & 6 deletions signing/signing.go
View file
Open in desktop
Expand Up @@ -33,8 +33,6 @@ import (
"github.com/sigstore/cosign/cmd/cosign/cli/sign"
)

const scorecardAPI = "https://api.securityscorecards.dev"

// SignScorecardResult signs the results file and uploads the attestation to the Rekor transparency log.
func SignScorecardResult(scorecardResultsFile string) error {
if err := os.Setenv("COSIGN_EXPERIMENTAL", "true"); err != nil {
Expand Down Expand Up @@ -108,10 +106,7 @@ func ProcessSignature(jsonPayload []byte, repoName, repoRef, accessToken string)

// Call scorecard-webapp-api to process and upload signature.
// Setup HTTP request and context.
apiURL := scorecardAPI
if scorecardURL, exists := os.LookupEnv("SCORECARD_API_URL"); exists {
apiURL = scorecardURL
}
apiURL := os.Getenv(options.EnvInputPublishBaseURL)
rawURL := fmt.Sprintf("%s/projects/github.com/%s", apiURL, repoName)
parsedURL, err := url.Parse(rawURL)
if err != nil {
Expand Down
1 change: 1 addition & 0 deletions signing/signing_test.go
View file
Open in desktop
Expand Up @@ -80,6 +80,7 @@ func Test_ProcessSignature(t *testing.T) {
repoName := "ossf-tests/scorecard-action"
repoRef := "refs/heads/main"
accessToken := os.Getenv("GITHUB_AUTH_TOKEN")
os.Setenv("INPUT_PUBLISH_BASE_URL", "https://api.securityscorecards.dev")

if err != nil {
t.Errorf("Error reading testdata:, %v", err)
Expand Down