Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Convert Dangerous Workflow check to probes #3521

Merged
merged 7 commits into from
Nov 6, 2023
Merged

🌱 Convert Dangerous Workflow check to probes #3521

merged 7 commits into from
Nov 6, 2023

Conversation

AdamKorcz
Copy link
Contributor

@AdamKorcz AdamKorcz commented Sep 27, 2023
edited
Loading

What kind of change does this PR introduce?

feature

What is the new behavior (if this is a feature change)?**

This PR converts the Dangerous Workflows check to probes.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Does this PR introduce a user-facing change?

NONE

@AdamKorcz AdamKorcz temporarily deployed to gitlab September 27, 2023 15:29 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented Sep 27, 2023
edited
Loading

Codecov Report

Merging #3521 (13309aa) into main (70c8e05) will decrease coverage by 10.92%.
Report is 1 commits behind head on main.
The diff coverage is 66.21%.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #3521       +/-   ##
===========================================
- Coverage   76.13%   65.22%   -10.92%     
===========================================
  Files         199      201        +2     
  Lines       13738    13850      +112     
===========================================
- Hits        10460     9033     -1427     
- Misses       2668     4314     +1646     
+ Partials      610      503      -107

@github-actions
Copy link

github-actions bot commented Oct 8, 2023

Stale pull request message

@AdamKorcz
Copy link
Contributor Author

@laurentsimon @spencerschrock PTAL.

spencerschrock
spencerschrock reviewed Oct 10, 2023
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was a bit of a skim to highlight the big comments.

checks/evaluation/dangerous_workflow.go Outdated Show resolved Hide resolved
checks/evaluation/dangerous_workflow.go Show resolved Hide resolved
checks/evaluation/dangerous_workflow.go Outdated Show resolved Hide resolved
probes/hasAnyWorkflows/def.yml Outdated Show resolved Hide resolved
probes/hasDangerousWorkflowScriptInjection/impl.go Outdated Show resolved Hide resolved
probes/hasDangerousWorkflowUntrustedCheckout/impl.go Outdated Show resolved Hide resolved
@AdamKorcz AdamKorcz temporarily deployed to gitlab October 20, 2023 13:24 — with GitHub Actions Inactive
@AdamKorcz AdamKorcz temporarily deployed to gitlab October 20, 2023 14:56 — with GitHub Actions Inactive
@AdamKorcz AdamKorcz temporarily deployed to integration-test October 20, 2023 14:56 — with GitHub Actions Inactive
raghavkaul
raghavkaul approved these changes Oct 24, 2023
View reviewed changes
Copy link
Contributor

@raghavkaul raghavkaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like comments were addressed, thanks

@AdamKorcz
🌱 Convert Dangerous Workflow check to probes
fe86d7e 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz
remove hasAnyWorkflows probe
f7b76c9 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz
combine two conditionals into one
6ced972 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz
preserve logging from original evaluation
e06b5e7 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz
rebase
1aa59fe 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz AdamKorcz requested a review from a team as a code owner October 31, 2023 18:38
@AdamKorcz AdamKorcz temporarily deployed to gitlab October 31, 2023 18:38 — with GitHub Actions Inactive
@AdamKorcz AdamKorcz temporarily deployed to integration-test October 31, 2023 18:38 — with GitHub Actions Inactive
@raghavkaul raghavkaul enabled auto-merge (squash) November 6, 2023 16:18
@raghavkaul raghavkaul merged commit f422f69 into ossf:main Nov 6, 2023
38 checks passed
diogoteles08 pushed a commit to diogoteles08/scorecard that referenced this pull request Nov 13, 2023
@AdamKorcz @diogoteles08
🌱 Convert Dangerous Workflow check to probes (ossf#3521)
b984da5 
* 🌱 Convert Dangerous Workflow check to probes

Signed-off-by: AdamKorcz <adam@adalogics.com>

* remove hasAnyWorkflows probe

Signed-off-by: AdamKorcz <adam@adalogics.com>

* combine two conditionals into one

Signed-off-by: AdamKorcz <adam@adalogics.com>

* preserve logging from original evaluation

Signed-off-by: AdamKorcz <adam@adalogics.com>

* rebase

Signed-off-by: AdamKorcz <adam@adalogics.com>

---------

Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
ashearin pushed a commit to kgangerlm/scorecard-gitlab that referenced this pull request Nov 13, 2023
@AdamKorcz @ashearin
🌱 Convert Dangerous Workflow check to probes (ossf#3521)
230f169 
* 🌱 Convert Dangerous Workflow check to probes

Signed-off-by: AdamKorcz <adam@adalogics.com>

* remove hasAnyWorkflows probe

Signed-off-by: AdamKorcz <adam@adalogics.com>

* combine two conditionals into one

Signed-off-by: AdamKorcz <adam@adalogics.com>

* preserve logging from original evaluation

Signed-off-by: AdamKorcz <adam@adalogics.com>

* rebase

Signed-off-by: AdamKorcz <adam@adalogics.com>

---------

Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Allen Shearin <allen.p.shearin@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spencerschrock spencerschrock spencerschrock left review comments

@raghavkaul raghavkaul raghavkaul approved these changes

@azeemshaikh38 azeemshaikh38 Awaiting requested review from azeemshaikh38

@justaugustus justaugustus Awaiting requested review from justaugustus

@laurentsimon laurentsimon Awaiting requested review from laurentsimon

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AdamKorcz @spencerschrock @raghavkaul