Merge branch 'main' into doc/release

.github/workflows/docker.yml

@@ -40,7 +40,7 @@ jobs:
         fetch-depth: 2 # needed to diff changed files
     - id: files
       name: Get changed files
-      uses: tj-actions/changed-files@920e7b9ae1d45913fc81f86c956fee89c77d2e5e #v37.5.0
+      uses: tj-actions/changed-files@a96679dfee2a1e64b1db5a210c0ffaf1f2cb24ce #v37.5.1
       with:
         files_ignore: '**.md'
     - id: docs_only_check

Makefile

@@ -109,6 +109,8 @@ validate-projects: ## Validates ./cron/internal/data/projects.csv
 validate-projects: ./cron/internal/data/projects.csv | build-validate-script
 	# Validate ./cron/internal/data/projects.csv
 	./cron/internal/data/validate/validate ./cron/internal/data/projects.csv
+	./cron/internal/data/validate/validate ./cron/internal/data/gitlab-projects.csv
+	./cron/internal/data/validate/validate ./cron/internal/data/gitlab-projects-releasetest.csv
 
 tree-status: | all-targets-update-dependencies ## Verify tree is clean and all changes are committed
 	# Verify the tree is clean and all changes are commited

checker/check_runner.go

@@ -96,14 +96,21 @@ func (r *Runner) Run(ctx context.Context, c Check) CheckResult {
 				fmt.Sprintf("requiredType: %s not supported by check %s", fmt.Sprint(unsupported), r.CheckName)))
 	}
 
+	l := NewLogger()
 	ctx, err := tag.New(ctx, tag.Upsert(stats.CheckName, r.CheckName))
 	if err != nil {
-		panic(err)
+		l.Warn(&LogMessage{Text: fmt.Sprintf("tag.New: %v", err)})
 	}
+
+	ctx, err = tag.New(ctx, tag.Upsert(stats.RepoHost, r.CheckRequest.Repo.Host()))
+	if err != nil {
+		l.Warn(&LogMessage{Text: fmt.Sprintf("tag.New: %v", err)})
+	}
+
 	startTime := time.Now()
 
 	var res CheckResult
-	l := NewLogger()
+	l = NewLogger()
 	for retriesRemaining := checkRetries; retriesRemaining > 0; retriesRemaining-- {
 		checkRequest := r.CheckRequest
 		checkRequest.Ctx = ctx

checks/evaluation/permissions/gitHubWorkflowPermissionsTopNoWrite.yml

@@ -17,7 +17,7 @@ short: Checks that GitHub workflows do not have default write permissions
 motivation: >
   If no permissions are declared, a workflow's GitHub token's permissions default to write for all scopes.
   This include write permissions to push to the repository, to read encrypted secrets, etc.
-  For more information, see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token. 
+  For more information, see https://docs.github.com/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token. 
 implementation: >
   The rule is implemented by checking whether the `permissions` keyword is defined at the top of the workflow,
   and that no write permissions are given.

clients/cii_response_test.go

@@ -0,0 +1,167 @@
+// Copyright 2023 OpenSSF Scorecard Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package clients
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestParseBadgeResponseFromJSON(t *testing.T) {
+	t.Parallel()
+	type args struct {
+		data []byte
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    []BadgeResponse
+		wantErr bool
+	}{
+		{
+			name: "Test ParseBadgeResponseFromJSON",
+			args: args{
+				data: []byte(`[{"badge_level":"in_progress"}]`),
+			},
+			want: []BadgeResponse{
+				{
+					BadgeLevel: "in_progress",
+				},
+			},
+		},
+		{
+			name: "Fail Test ParseBadgeResponseFromJSON",
+			args: args{
+				data: []byte(`foo`),
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got, err := ParseBadgeResponseFromJSON(tt.args.data)
+			if (err != nil) != tt.wantErr {
+				t.Fatalf("ParseBadgeResponseFromJSON() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("ParseBadgeResponseFromJSON() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestBadgeResponse_AsJSON(t *testing.T) {
+	t.Parallel()
+	type fields struct {
+		BadgeLevel string
+	}
+
+	// Single test case
+	tt := struct {
+		name    string
+		fields  fields
+		want    []byte
+		wantErr bool
+	}{
+		name: "Test BadgeResponse_AsJSON",
+		fields: fields{
+			BadgeLevel: "in_progress",
+		},
+		want: []byte(`[{"badge_level":"in_progress"}]`),
+	}
+
+	t.Run(tt.name, func(t *testing.T) {
+		resp := BadgeResponse{
+			BadgeLevel: tt.fields.BadgeLevel,
+		}
+		got, err := resp.AsJSON()
+		if (err != nil) != tt.wantErr {
+			t.Errorf("AsJSON() error = %v, wantErr %v", err, tt.wantErr)
+			return
+		}
+		if !reflect.DeepEqual(got, tt.want) {
+			t.Errorf("AsJSON() got = %v, want %v", got, tt.want)
+		}
+	})
+}
+
+func TestBadgeResponse_getBadgeLevel(t *testing.T) {
+	t.Parallel()
+	type fields struct {
+		BadgeLevel string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		want    BadgeLevel
+		wantErr bool
+	}{
+		{
+			name: "Test inProgress getBadgeLevel",
+			fields: fields{
+				BadgeLevel: "in_progress",
+			},
+			want: InProgress,
+		},
+		{
+			name: "Fail Test getBadgeLevel",
+			fields: fields{
+				BadgeLevel: "foo",
+			},
+			wantErr: true,
+		},
+		{
+			name: "Test passing getBadgeLevel",
+			fields: fields{
+				BadgeLevel: "passing",
+			},
+			want: Passing,
+		},
+		{
+			name: "Test silver getBadgeLevel",
+			fields: fields{
+				BadgeLevel: "silver",
+			},
+			want: Silver,
+		},
+		{
+			name: "Test gold getBadgeLevel",
+			fields: fields{
+				BadgeLevel: "gold",
+			},
+			want: Gold,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			resp := BadgeResponse{
+				BadgeLevel: tt.fields.BadgeLevel,
+			}
+			got, err := resp.getBadgeLevel()
+			if (err != nil) != tt.wantErr {
+				t.Errorf("getBadgeLevel() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("getBadgeLevel() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

clients/githubrepo/branches.go

@@ -20,7 +20,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	"github.com/shurcooL/githubv4"
 
 	"github.com/ossf/scorecard/v4/clients"

clients/githubrepo/checkruns.go

@@ -20,7 +20,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	"github.com/shurcooL/githubv4"
 
 	"github.com/ossf/scorecard/v4/clients"

clients/githubrepo/checkruns_e2e_test.go

@@ -18,7 +18,7 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 

clients/githubrepo/client.go

@@ -24,7 +24,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	"github.com/shurcooL/githubv4"
 
 	"github.com/ossf/scorecard/v4/clients"

clients/githubrepo/contributors.go

@@ -20,7 +20,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 )

clients/githubrepo/contributors_e2e_test.go

@@ -18,7 +18,7 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 

clients/githubrepo/githubrepo_suite_test.go

@@ -21,7 +21,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/shurcooL/githubv4"

clients/githubrepo/languages.go

@@ -20,7 +20,7 @@ import (
 	"path"
 	"sync"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 )

clients/githubrepo/languages_e2e_test.go

@@ -18,7 +18,7 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 

clients/githubrepo/licenses.go

@@ -21,7 +21,7 @@ import (
 	"path"
 	"sync"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 )

clients/githubrepo/licenses_e2e_test.go

@@ -18,7 +18,7 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 

clients/githubrepo/releases.go

@@ -20,7 +20,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 	sce "github.com/ossf/scorecard/v4/errors"

clients/githubrepo/releases_e2e_test.go

@@ -18,7 +18,7 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 

clients/githubrepo/search.go

@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 )

clients/githubrepo/searchCommits.go

@@ -19,7 +19,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 )

clients/githubrepo/statuses.go

@@ -18,7 +18,7 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 	sce "github.com/ossf/scorecard/v4/errors"

clients/githubrepo/statuses_e2e_test.go

@@ -18,7 +18,7 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 

clients/githubrepo/tarball.go

@@ -28,7 +28,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 	sce "github.com/ossf/scorecard/v4/errors"

clients/githubrepo/webhook.go

@@ -20,7 +20,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 )

clients/githubrepo/webhook_test.go

@@ -21,7 +21,7 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/google/go-github/v38/github"
+	"github.com/google/go-github/v53/github"
 
 	"github.com/ossf/scorecard/v4/clients"
 )