Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Feature DependencyDiff CLI (Version 0 Part 1) #2030

Merged
merged 17 commits into from Jul 12, 2022
Merged

✨ Feature DependencyDiff CLI (Version 0 Part 1) #2030

merged 17 commits into from Jul 12, 2022

Conversation

aidenwang9867
Copy link
Contributor

What kind of change does this PR introduce?

This PR introduces the v0, p1 of the design Dependency-diff CLI,

including definitions of structures Dependency, Vulnerability and ScorecardResult;

Currently in ScorecardResult, only the Scorecard aggregate score is used.

What is the current behavior?

The current Scorecard Action only reports the Scorecard results for the repository under analysis. This design will surface Scorecard results for the arriving dependencies in new pull requests.

What is the new behavior (if this is a feature change)?**

Since this PR only includes static definitions of structures, no new behaviors are introduced. However, with Version Zero of the feature, users can use the CLI to surface the scorecard results (aggregate scores) for the dependency diffs (changes) between a user-specified head commit and a base commit in different output format.

  • Tests for the changes have been added (for bug fixes/features)
    Part1 does not include functions and APIs. Tests will be added in incoming parts.

Which issue(s) this PR fixes

issue #2008.

Special notes for your reviewer

Does this PR introduce a user-facing change?

No.

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

NONE

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 8, 2022 19:34 Inactive
@codecov
Copy link

codecov bot commented Jul 8, 2022
edited

Codecov Report

Merging #2030 (54a00a1) into main (e608741) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2030   +/-   ##
=======================================
  Coverage   50.56%   50.56%           
=======================================
  Files          87       87           
  Lines        7202     7202           
=======================================
  Hits         3642     3642           
  Misses       3315     3315           
  Partials      245      245

@github-actions
Copy link

github-actions bot commented Jul 8, 2022

Integration tests success for
[d043b13]
(https://github.com/ossf/scorecard/actions/runs/2638190649)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 8, 2022 19:51 Inactive
@github-actions
Copy link

github-actions bot commented Jul 8, 2022

Integration tests success for
[5f95398]
(https://github.com/ossf/scorecard/actions/runs/2638202330)

@github-actions
Copy link

github-actions bot commented Jul 8, 2022

Integration tests success for
[c29a841]
(https://github.com/ossf/scorecard/actions/runs/2638203226)

@github-actions
Copy link

github-actions bot commented Jul 8, 2022

Integration tests success for
[572bef5]
(https://github.com/ossf/scorecard/actions/runs/2638204003)

@github-actions
Copy link

github-actions bot commented Jul 8, 2022

Integration tests success for
[dc50937]
(https://github.com/ossf/scorecard/actions/runs/2638204448)

laurentsimon
laurentsimon reviewed Jul 8, 2022
View reviewed changes
cmd/depdiff/dependencies.go Outdated Show resolved Hide resolved
cmd/depdiff/dependencies.go Outdated Show resolved Hide resolved
cmd/depdiff/dependencies.go Outdated Show resolved Hide resolved
cmd/depdiff/dependencies.go Outdated Show resolved Hide resolved
cmd/depdiff/dependencies.go Outdated Show resolved Hide resolved
cmd/depdiff/dependencies.go Outdated Show resolved Hide resolved
cmd/depdiff/scorecard_results.go Outdated Show resolved Hide resolved
cmd/depdiff/vulnerabilities.go Outdated Show resolved Hide resolved
laurentsimon
laurentsimon reviewed Jul 8, 2022
View reviewed changes
cmd/depdiff/errors.go Outdated Show resolved Hide resolved
@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 8, 2022 22:40 Inactive
@github-actions
Copy link

github-actions bot commented Jul 8, 2022

Integration tests success for
[4e90206]
(https://github.com/ossf/scorecard/actions/runs/2638939000)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 9, 2022 00:18 Inactive
@github-actions
Copy link

github-actions bot commented Jul 9, 2022

Integration tests success for
[1fee520]
(https://github.com/ossf/scorecard/actions/runs/2639258540)

@Spikebady
Copy link

Tha.7

Spikebady
Spikebady reviewed Jul 9, 2022
View reviewed changes
Copy link

@Spikebady Spikebady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have yet to see my videos

@github-actions
Copy link

Integration tests success for
[c733ba5]
(https://github.com/ossf/scorecard/actions/runs/2651640543)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 11, 2022 20:01 Inactive
@github-actions
Copy link

Integration tests success for
[cdd1840]
(https://github.com/ossf/scorecard/actions/runs/2652100574)

laurentsimon
laurentsimon approved these changes Jul 11, 2022
View reviewed changes
Copy link
Contributor

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@laurentsimon laurentsimon enabled auto-merge (squash) July 11, 2022 21:18
@aidenwang9867
Copy link
Contributor Author

Thanks!

thank u so much!

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 11, 2022 22:13 Inactive
@github-actions
Copy link

Integration tests success for
[2ac26d7]
(https://github.com/ossf/scorecard/actions/runs/2652278106)

@github-actions
Copy link

Integration tests success for
[3fd0f77]
(https://github.com/ossf/scorecard/actions/runs/2652527980)

@github-actions
Copy link

Integration tests success for
[2b0ffed]
(https://github.com/ossf/scorecard/actions/runs/2652481960)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 12, 2022 18:28 Inactive
@github-actions
Copy link

Integration tests success for
[54a00a1]
(https://github.com/ossf/scorecard/actions/runs/2652821676)

@laurentsimon laurentsimon merged commit dd780a5 into ossf:main Jul 12, 2022
@aidenwang9867 aidenwang9867 mentioned this pull request Jul 13, 2022
Merged
2 tasks
@spikeb4 spikeb4 mentioned this pull request Jul 14, 2022
Closed
@aidenwang9867 aidenwang9867 deleted the depdiuff_p1_pr branch July 15, 2022 18:32
@aidenwang9867 aidenwang9867 mentioned this pull request Jul 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Spikebady Spikebady Spikebady left review comments

@laurentsimon laurentsimon laurentsimon approved these changes

@spikeb4 spikeb4 spikeb4 approved these changes

@azeemshaikh38 azeemshaikh38 Awaiting requested review from azeemshaikh38

@justaugustus justaugustus Awaiting requested review from justaugustus

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@aidenwang9867 @Spikebady @laurentsimon @spikeb4