multi-repo-action: Cleanups (1/n)#301
Merged
justaugustus merged 13 commits intoossf:mainfrom May 24, 2022
Merged
Conversation
justaugustus
force-pushed
the
multi-action-cleanup
branch
from
77772ae to
1c56892
Compare
justaugustus
force-pushed
the
multi-action-cleanup
branch
3 times, most recently
from
442d418 to
f11dc39
Compare
justaugustus
changed the title
Codecov Report
@@ Coverage Diff @@
## main #301 +/- ##
==========================================
- Coverage 61.95% 60.47% -1.48%
==========================================
Files 3 4 +1
Lines 205 210 +5
==========================================
Hits 127 127
- Misses 69 74 +5
Partials 9 9
|
justaugustus
force-pushed
the
multi-action-cleanup
branch
from
e0984d7 to
4bf14ad
Compare
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
justaugustus
force-pushed
the
multi-action-cleanup
branch
from
4bf14ad to
5d6b3d6
Compare
Member
Author
|
Before: ❯ GITHUB_TOKEN=$(cat ~/.github-token) go run multi-repo-action/org-workflow-add.go
# command-line-arguments
multi-repo-action/org-workflow-add.go:31:9: undefined: REPO_LIST
multi-repo-action/org-workflow-add.go:38:23: undefined: REPO_LIST
multi-repo-action/org-workflow-add.go:47:27: undefined: REPO_LISTAfter this pull request: ❯ GITHUB_TOKEN=$(cat ~/.github-token) go run multi-repo-action/main.go --owner uwu-tools
2022/05/24 19:03:41 skipped repo (go-ghcrawl) because new branch could not be created: creating git reference: POST https://api.github.com/repos/uwu-tools/go-ghcrawl/git/refs: 404 Not Found []So, things are still broken, but less broken than "will not run at all"! |
Member
Author
|
A note on code coverage...
|
azeemshaikh38
added a commit
that referenced
this pull request
May 25, 2022
* Removed Sarif Results From Processing & Rekor Upload (#197) * test action * sign test data * func to sign and upload workflow result * added signScorecardResult func and test * added signScorecardResult func and test * moved signing code into main.go * added call to signScorecardResult at the end of main * added err checking * comments and added global vars * style changes * updated test to use randomized payload * check publish_results * error logging for signScorecardResult call * error logging * entrypoint * updated dockerfile * dockerfile * dockerfile * EnvInputsResults vars added to Options * resultsfile env var * set PAT * create results file with sudo * sudo create resultsfile * try os.Openfile * fixed fileapth * changed Distroless to debian * get output format from env var * fixed defaultpolicyfile path * policy filepath * copy policy.yml in dockerfile * policyfile * moved signing code to separate file * dockerfile * generate results.json file in preRun * revert dockerfile to main * json file creation check * run scorecard again to produce json output * testing * entrypointJson * print cmd * alter env vars in main for json * opts * dockerfile uses entrypoint.go * renamed make build * produce both sarif and json * sign json result * sig verification api call * go mod tidy * readfile fix * sign sarif instead of json * http response code checking * moved api call func into signing.go * dont hardcode repo paths * finalized signing + verif * renamed sign test * Bump debian from d5cd7e5 to 40f90ea * removed unnecessary slash * comments * policy.yml -> /policy.yml * refractored signing * more refractoring + sig processing test * fixed func call * fixed sign test * style + error fmt * reverted dockerfile * style fixes * lint fixes * linting errs * test workflow permissions * debug print * commented out signing test * linting errors Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com> * Add initial release documentation (#194) Signed-off-by: Stephen Augustus <foo@auggie.dev> * 🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md) - [Commits](codecov/codecov-action@e3c5604...81cd2dc) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * ✨ Update documentation (#203) * set GITHUB_TOKEN as default token * updates * Update doc * Update doc * updates * updates * update * update * update * update * updates * Update doc with PAT for private repos (#205) * Update doc with PAT for private repos * Update README.md * Update README.md * Update README.md * Log repo_info.json File in entrypoint.sh (#211) * test action * log repo_json file * check status >=300 * log json * fixed conditional * fixed or * fixed or * spacing * remove file before exit * always print repo_info * 🌱 Bump github/codeql-action from 2.1.8 to 2.1.9 (#231) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.8 to 2.1.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1ed1437...7502d6e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update Scorecard version to v4.2.0 in Golang (#247) Co-authored-by: Azeem Shaikh <azeems@google.com> * 🌱 Bump openssf/scorecard from v4.1.0 to v4.2.0 (#249) Bumps openssf/scorecard from v4.1.0 to v4.2.0. --- updated-dependencies: - dependency-name: openssf/scorecard dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update hash to latest scorecard (#276) Update hash to latest scorecard * ✨ Amend documentation for private repos (#286) * update * update * update * update (#293) * 🌱 Bump debian from `f75d8a3` to `fbaacd5` (#287) Bumps debian from `f75d8a3` to `fbaacd5`. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🌱 Bump github.com/sigstore/cosign from 1.7.2 to 1.8.0 (#212) Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.7.2 to 1.8.0. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v1.7.2...v1.8.0) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🌱 Bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.2 Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env) from 6.9.1 to 6.9.2. - [Release notes](https://github.com/caarlos0/env/releases) - [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml) - [Commits](caarlos0/env@v6.9.1...v6.9.2) --- updated-dependencies: - dependency-name: github.com/caarlos0/env/v6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * 🌱 Bump github/codeql-action from 2.1.9 to 2.1.10 (#305) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.9 to 2.1.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@7502d6e...2f58583) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🌱 Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@b517f99...537aa19) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@f6164bd...fcdc436) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * 🌱 Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#206) * Update container hash for v1.1.0 (#314) * multi-repo-action: Cleanups (1/n) (#301) - install: Move action installation into a separate package - Add missing license headers - install: Fix unrecognized variables - lint: Fix warnings and attempt to auto-fix issues (where supported) - install: Parameterize config - install: Borrow GitHub client pattern from sigs.k8s.io/release-sdk - install: Use package-internal GitHub interface - install: Provide installation options as struct - install: Initial error/log handling cleanups - install: Use cobra for CLI - Remove inaccurate instances of workflow configuration file - multi-repo-action: Disable incomplete tests - install: Retrieve the correct action configuration from local path Signed-off-by: Stephen Augustus <foo@auggie.dev> Co-authored-by: Rohan Khandelwal <98796241+rohankh532@users.noreply.github.com> Co-authored-by: Stephen Augustus (he/him) <justaugustus@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeems@google.com>
Closed
justaugustus
added a commit
to justaugustus/scorecard
that referenced
this pull request
May 26, 2022
- install: Move action installation into a separate package - Add missing license headers - install: Fix unrecognized variables - lint: Fix warnings and attempt to auto-fix issues (where supported) - install: Parameterize config - install: Borrow GitHub client pattern from sigs.k8s.io/release-sdk - install: Use package-internal GitHub interface - install: Provide installation options as struct - install: Initial error/log handling cleanups - install: Use cobra for CLI - Remove inaccurate instances of workflow configuration file - multi-repo-action: Disable incomplete tests - install: Retrieve the correct action configuration from local path Signed-off-by: Stephen Augustus <foo@auggie.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Stephen Augustus foo@auggie.dev