Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃尡 Update binary_analysis and license tests #4078

Closed
wants to merge 18 commits into from
Closed

馃尡 Update binary_analysis and license tests #4078

wants to merge 18 commits into from

Conversation

seelder
Copy link
Contributor

@seelder seelder commented May 3, 2024

What kind of change does this PR introduce?

Updates tests to follow best practices
(Is it a bug fix, feature, docs update, something else?)

What is the current behavior?

binary_analysis and license check tests currently use localDirRepo instead of gomock
binary_analysis does not utilize scut (license test already uses scut and does not need modification)

What is the new behavior (if this is a feature change)?**

  • No behavior change anticipated
  • binary_analysis and license check tests updated to use gomock
    • ListFiles and GetFileReader mocked for both
    • ListLicenses mocked for license check (replicates localDirRepo by throwing Unsupported Feature error)
  • binary_analysis updated to use scut
    • test cases modified to include some logging information

Which issue(s) this PR fixes

Addresses #4032

@seelder seelder requested a review from a team as a code owner May 3, 2024 18:08
@seelder seelder requested review from naveensrinivasan and raghavkaul and removed request for a team May 3, 2024 18:08
@seelder seelder changed the title 馃尡 Update binary_analysis and license tests (#4032) 馃尡 Update binary_analysis and license tests May 3, 2024
seelder and others added 7 commits May 3, 2024 14:20
@seelder
replaced localRepoClient with mockRepoClient
37c66cf 
Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Update binary_artifact_test.go to use scut
3b34ffe 
Updated the test to use scut. Updated the test data to use scut, including adding NumberOfInfo and NumberOfWarn for each test case

Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Update license_test to use gomock
f4f4319 
First attempt at updating license_test to use gomock instead of localDir.

Note: localDir currently has a TODO for implementing ListLicenses.  It returns an UnsupportedFeatures error, which is then handled in checks/raw/license. This first attempt replicates that existing behavior.
Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Update license_test documentation
e825531 
Clarified why the mock simply throws an error

Signed-off-by: seelder <seelder@ncsu.edu>
@dependabot @seelder
馃尡 Bump github.com/moby/buildkit from 0.13.1 to 0.13.2 (ossf#4070)
645d5e4 
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.13.1...v0.13.2)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: seelder <seelder@ncsu.edu>
@spencerschrock @seelder
馃悰 fix signed-releases lookback limit precedence (ossf#4060)
5007169 
* switch signed-releases lookback limit precedence

if the 6th release had no assets, the lookback limit exit condition was
being skipped. This led to scenarios where too many releases were being
considered by the Signed-Releases check.

ossf#4059

Signed-off-by: Spencer Schrock <sschrock@google.com>

* make exit condition stronger

any release after the lookback should be skipped

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: seelder <seelder@ncsu.edu>
@afmarcum @seelder
馃摉 Remove survey (ossf#4077)
56d998d 
Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com>
Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Copy link
Contributor Author

seelder commented May 3, 2024

I keep trying to fix the errors but it seems to be making it worse. If I need to start over, let me know.

@seelder seelder temporarily deployed to integration-test May 3, 2024 20:12 — with GitHub Actions Inactive
seelder and others added 10 commits May 3, 2024 16:22
@seelder
Update license_test.go
badbf8a
@seelder
replaced localRepoClient with mockRepoClient
edd45bd 
Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Update binary_artifact_test.go to use scut
29873db 
Updated the test to use scut. Updated the test data to use scut, including adding NumberOfInfo and NumberOfWarn for each test case

Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Update license_test to use gomock
90244d4 
First attempt at updating license_test to use gomock instead of localDir.

Note: localDir currently has a TODO for implementing ListLicenses.  It returns an UnsupportedFeatures error, which is then handled in checks/raw/license. This first attempt replicates that existing behavior.
Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Update license_test documentation
6aad674 
Clarified why the mock simply throws an error

Signed-off-by: seelder <seelder@ncsu.edu>
@dependabot @seelder
馃尡 Bump github.com/moby/buildkit from 0.13.1 to 0.13.2 (ossf#4070)
11f2b73 
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.13.1...v0.13.2)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: seelder <seelder@ncsu.edu>
@spencerschrock @seelder
馃悰 fix signed-releases lookback limit precedence (ossf#4060)
8c199bb 
* switch signed-releases lookback limit precedence

if the 6th release had no assets, the lookback limit exit condition was
being skipped. This led to scenarios where too many releases were being
considered by the Signed-Releases check.

ossf#4059

Signed-off-by: Spencer Schrock <sschrock@google.com>

* make exit condition stronger

any release after the lookback should be skipped

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: seelder <seelder@ncsu.edu>
@afmarcum @seelder
馃摉 Remove survey (ossf#4077)
1b6e710 
Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com>
Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Update license_test.go
a6a379f 
Signed-off-by: seelder <seelder@ncsu.edu>
@seelder
Merge branch 'main' of https://github.com/seelder/scorecard
3e62074 
Signed-off-by: seelder <seelder@ncsu.edu>
@seelder seelder closed this May 3, 2024
@spencerschrock spencerschrock mentioned this pull request May 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan naveensrinivasan is a code owner automatically assigned from ossf/scorecard-maintainers

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
Scorecard - NEW
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@seelder @spencerschrock @afmarcum