Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🌱 Convert Dangerous Workflow check to probes #3521

Merged
merged 7 commits into from
Nov 6, 2023

Conversation

AdamKorcz
Copy link
Contributor

@AdamKorcz AdamKorcz commented Sep 27, 2023

What kind of change does this PR introduce?

feature

What is the new behavior (if this is a feature change)?**

This PR converts the Dangerous Workflows check to probes.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Does this PR introduce a user-facing change?

NONE


@codecov
Copy link

codecov bot commented Sep 27, 2023

Codecov Report

Merging #3521 (13309aa) into main (70c8e05) will decrease coverage by 10.92%.
Report is 1 commits behind head on main.
The diff coverage is 66.21%.

Additional details and impacted files
@@             Coverage Diff             @@
##             main    #3521       +/-   ##
===========================================
- Coverage   76.13%   65.22%   -10.92%     
===========================================
  Files         199      201        +2     
  Lines       13738    13850      +112     
===========================================
- Hits        10460     9033     -1427     
- Misses       2668     4314     +1646     
+ Partials      610      503      -107     

@github-actions
Copy link

github-actions bot commented Oct 8, 2023

Stale pull request message

@AdamKorcz
Copy link
Contributor Author

@laurentsimon @spencerschrock PTAL.

Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was a bit of a skim to highlight the big comments.

checks/evaluation/dangerous_workflow.go Outdated Show resolved Hide resolved
checks/evaluation/dangerous_workflow.go Show resolved Hide resolved
checks/evaluation/dangerous_workflow.go Outdated Show resolved Hide resolved
probes/hasAnyWorkflows/def.yml Outdated Show resolved Hide resolved
probes/hasDangerousWorkflowScriptInjection/impl.go Outdated Show resolved Hide resolved
probes/hasDangerousWorkflowUntrustedCheckout/impl.go Outdated Show resolved Hide resolved
@AdamKorcz AdamKorcz force-pushed the dangerous-workflow-probe branch from 086aeaa to f1ad11a Compare October 20, 2023 13:24
@AdamKorcz AdamKorcz temporarily deployed to gitlab October 20, 2023 13:24 — with GitHub Actions Inactive
@AdamKorcz AdamKorcz temporarily deployed to gitlab October 20, 2023 14:56 — with GitHub Actions Inactive
@AdamKorcz AdamKorcz temporarily deployed to integration-test October 20, 2023 14:56 — with GitHub Actions Inactive
Copy link
Contributor

@raghavkaul raghavkaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like comments were addressed, thanks

@AdamKorcz AdamKorcz force-pushed the dangerous-workflow-probe branch from e0b7800 to 1aa59fe Compare October 31, 2023 18:38
@AdamKorcz AdamKorcz requested a review from a team as a code owner October 31, 2023 18:38
@AdamKorcz AdamKorcz temporarily deployed to gitlab October 31, 2023 18:38 — with GitHub Actions Inactive
@AdamKorcz AdamKorcz temporarily deployed to integration-test October 31, 2023 18:38 — with GitHub Actions Inactive
@raghavkaul raghavkaul enabled auto-merge (squash) November 6, 2023 16:18
@raghavkaul raghavkaul merged commit f422f69 into ossf:main Nov 6, 2023
38 checks passed
diogoteles08 pushed a commit to diogoteles08/scorecard that referenced this pull request Nov 13, 2023
* 🌱 Convert Dangerous Workflow check to probes

Signed-off-by: AdamKorcz <[email protected]>

* remove hasAnyWorkflows probe

Signed-off-by: AdamKorcz <[email protected]>

* combine two conditionals into one

Signed-off-by: AdamKorcz <[email protected]>

* preserve logging from original evaluation

Signed-off-by: AdamKorcz <[email protected]>

* rebase

Signed-off-by: AdamKorcz <[email protected]>

---------

Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: Diogo Teles Sant'Anna <[email protected]>
ashearin pushed a commit to kgangerlm/scorecard-gitlab that referenced this pull request Nov 13, 2023
* 🌱 Convert Dangerous Workflow check to probes

Signed-off-by: AdamKorcz <[email protected]>

* remove hasAnyWorkflows probe

Signed-off-by: AdamKorcz <[email protected]>

* combine two conditionals into one

Signed-off-by: AdamKorcz <[email protected]>

* preserve logging from original evaluation

Signed-off-by: AdamKorcz <[email protected]>

* rebase

Signed-off-by: AdamKorcz <[email protected]>

---------

Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: Allen Shearin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants