Merge pull request #77 from ossf/a8

Improve code review check to account for diff author-committer usecase.

checks/code_review.go

@@ -55,17 +55,37 @@ func GithubCodeReview(c checker.Checker) checker.CheckResult {
 			continue
 		}
 		totalMerged++
-		// Merged PR!
+
+		// check if the PR is approved by a reviewer
+		foundApprovedReview := false
 		reviews, _, err := c.Client.PullRequests.ListReviews(c.Ctx, c.Owner, c.Repo, pr.GetNumber(), &github.ListOptions{})
 		if err != nil {
 			continue
 		}
 		for _, r := range reviews {
 			if r.GetState() == "APPROVED" {
+				c.Logf("found review approved pr: %d", pr.GetNumber())
 				totalReviewed++
+				foundApprovedReview = true
 				break
 			}
 		}
+
+		// check if the PR is committed by someone other than author. this is kind
+		// of equivalent to a review and is done several times on small prs to save
+		// time on clicking the approve button.
+		if !foundApprovedReview {
+			commit, _, err := c.Client.Repositories.GetCommit(c.Ctx, c.Owner, c.Repo, pr.GetMergeCommitSHA())
+			if err == nil {
+				commitAuthor := commit.GetAuthor().GetLogin()
+				commitCommitter := commit.GetCommitter().GetLogin()
+				if commitAuthor != "" && commitCommitter != "" && commitAuthor != commitCommitter {
+					c.Logf("found pr with committer different than author: %d", pr.GetNumber())
+					totalReviewed++
+				}
+			}
+		}
+
 	}
 
 	if totalReviewed > 0 {

cmd/root.go

@@ -113,6 +113,7 @@ type checkResult struct {
 	CheckName  string
 	Pass       bool
 	Confidence int
+	Details    []string
 }
 
 type record struct {
@@ -127,11 +128,17 @@ func outputJSON(results []pkg.Result) {
 		Repo: repo.String(),
 		Date: d.Format("2006-01-02"),
 	}
+
 	for _, r := range results {
+		var details []string
+		if showDetails {
+			details = r.Cr.Details
+		}
 		or.Checks = append(or.Checks, checkResult{
 			CheckName:  r.Name,
 			Pass:       r.Cr.Pass,
 			Confidence: r.Cr.Confidence,
+			Details:    details,
 		})
 	}
 	output, err := json.Marshal(or)