From e0984d7610b9e80579593b442a9df37ab51239fa Mon Sep 17 00:00:00 2001
From: Stephen Augustus <foo@auggie.dev>
Date: Tue, 24 May 2022 18:28:11 -0400
Subject: [PATCH] install: Retrieve the correct action configuration from local
 path

Signed-off-by: Stephen Augustus <foo@auggie.dev>
---
 install/install.go         | 38 ++++++++++++++++++++++++--------------
 install/options/options.go | 23 +++++++++++++++++++++--
 2 files changed, 45 insertions(+), 16 deletions(-)

diff --git a/install/install.go b/install/install.go
index 4c935936..c9353a5a 100644
--- a/install/install.go
+++ b/install/install.go
@@ -28,7 +28,15 @@ import (
 	"github.com/ossf/scorecard-action/install/options"
 )
 
-const workflowFile = ".github/workflows/scorecards-analysis.yml"
+const (
+	workflowFile           = ".github/workflows/scorecards.yml"
+	workflowFileDeprecated = ".github/workflows/scorecards-analysis.yml"
+)
+
+var workflowFiles = []string{
+	workflowFile,
+	workflowFileDeprecated,
+}
 
 // Run adds the OpenSSF Scorecard workflow to all repositories under the given
 // organization.
@@ -59,7 +67,7 @@ func Run(o *options.Options) error {
 	}
 
 	// Get yml file into byte array.
-	workflowContent, err := ioutil.ReadFile("scorecards-analysis.yml")
+	workflowContent, err := ioutil.ReadFile(o.ConfigPath)
 	if err != nil {
 		return fmt.Errorf("reading scorecard workflow file: %w", err)
 	}
@@ -101,20 +109,22 @@ func Run(o *options.Options) error {
 		defaultBranchSHA := defaultBranch.Commit.SHA
 
 		// Skip if scorecard file already exists in workflows folder.
-		scoreFileContent, _, _, err := client.GetContents(
-			ctx,
-			o.Owner,
-			repoName,
-			workflowFile,
-			&github.RepositoryContentGetOptions{},
-		)
-		if scoreFileContent != nil || err == nil {
-			log.Printf(
-				"skipped repo (%s) since scorecard workflow already exists",
+		for _, f := range workflowFiles {
+			scoreFileContent, _, _, err := client.GetContents(
+				ctx,
+				o.Owner,
 				repoName,
+				f,
+				&github.RepositoryContentGetOptions{},
 			)
-
-			continue
+			if scoreFileContent != nil || err == nil {
+				log.Printf(
+					"skipped repo (%s) since scorecard workflow already exists",
+					repoName,
+				)
+
+				continue
+			}
 		}
 
 		// Skip if branch scorecard already exists.
diff --git a/install/options/options.go b/install/options/options.go
index 0d8c0bc6..99bcd46f 100644
--- a/install/options/options.go
+++ b/install/options/options.go
@@ -16,7 +16,15 @@
 
 package options
 
-import "errors"
+import (
+	"errors"
+	"path/filepath"
+)
+
+const (
+	DefaultConfigDir  = "starter-workflows/code-scanning"
+	DefaultConfigFile = "scorecards.yml"
+)
 
 var errOwnerNotSpecified = errors.New("owner not specified")
 
@@ -26,11 +34,16 @@ type Options struct {
 
 	// Repositories
 	Repositories []string
+
+	// Scorecard GitHub Action configuration path
+	ConfigPath string
 }
 
 // New creates a new instance of installation options.
 func New() *Options {
-	return &Options{}
+	opts := &Options{}
+	opts.ConfigPath = GetConfigPath()
+	return opts
 }
 
 // Validate checks if the installation options specified are valid.
@@ -41,3 +54,9 @@ func (o *Options) Validate() error {
 
 	return nil
 }
+
+// GetConfigPath returns the local path for the scorecard action config file.
+// TODO: Consider making this configurable.
+func GetConfigPath() string {
+	return filepath.Join(DefaultConfigDir, DefaultConfigFile)
+}