Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ Add initial Maintainers Annotation parsing #3905

Merged
merged 72 commits into from
Apr 23, 2024
Merged

⚠️ Add initial Maintainers Annotation parsing #3905

merged 72 commits into from
Apr 23, 2024

Commits on Mar 29, 2024

  1. feat: Get maintainers annotation from repo 

    This commits adds functionality to read a scorecard.yml file from a repository and parse it to get the maintainers annotation. It introduces the concepts of exemptions, annotations, annotated checks, and annotation reasons.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    389e53b View commit details
    Browse the repository at this point in the history

  2. feat: Hand off maintainers annotation for SARIF 

    Hnad off maintainers annotation to SARIF formatting so it can decide to skip or not skip checks when creating the output.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    de0d98b View commit details
    Browse the repository at this point in the history

  3. feat: If check is annotated, skip in SARIF output 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    69c5e28 View commit details
    Browse the repository at this point in the history

  4. feat: Add other annotation reasons 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    a345120 View commit details
    Browse the repository at this point in the history

  5. feat: Add options to show maintainers annotations in output 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    df0427f View commit details
    Browse the repository at this point in the history

  6. feat: Output maintainers annotations in JSON 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    b21bdf7 View commit details
    Browse the repository at this point in the history

  7. fix: Remove unnecessary maintainers annotation param in SARIF 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    2ad4fab View commit details
    Browse the repository at this point in the history

  8. feat: Output maintainers annotations in string default result 

    This commit changes how data is appended to the table rows. Previously, we defined the table columns size and added information to each index. To avoid complicating the calculation of the index now that we are adding another optional column, the data is appended to the row as needed.

Also, the maintainers annotation was chosen to be displayed as last column to give space for Scorecard official reasoning and documentation to appear first.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    202005f View commit details
    Browse the repository at this point in the history

  9. feat: Ignore annotation if check has max score 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    dbea46b View commit details
    Browse the repository at this point in the history

  10. doc: Add documentation for maintainers annotation 

    Introduce what flag should be used to show maintainers annotation and how to configure maintainers annotation for your repository.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    3df6791 View commit details
    Browse the repository at this point in the history

  11. refactor: A maintainers annotation obj can verify if a check is exempted 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    765c63d View commit details
    Browse the repository at this point in the history

  12. refactor: Get annotations function can be private 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    6fe5b31 View commit details
    Browse the repository at this point in the history

  13. refactor: Find scorecard.yml file in the repository's root 

    Change to "GetFileContent" method since we're looking for a specific file instead of using "OnMatchingFileContentDo" method that looks files with a specific content.
This also removes the dependency from "checks/fileparser". This is necessary to move "IsCheckExempted" to checker.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    e41d439 View commit details
    Browse the repository at this point in the history

  14. fix: A check should know if it's exempted or not 

    Moving the verification "IsCheckExempted" from maintainers_annotation package to checker package. This way a check result will define, consulting maintainers annotation, if it is exempted or not.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    e23bf4a View commit details
    Browse the repository at this point in the history

  15. fix: Maintainers annotation can only be used in experimental mode 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    ae9f55a View commit details
    Browse the repository at this point in the history

  16. fix: Ignore if scorecard.yml does not exist 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    f55bf70 View commit details
    Browse the repository at this point in the history

  17. fix: Remove unnecessary maintainers annotation param 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    946bc1c View commit details
    Browse the repository at this point in the history

  18. docs: Move complete mantainers annotation doc to feature folder 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    0104fac View commit details
    Browse the repository at this point in the history

  19. fix: Error logs 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    6033a56 View commit details
    Browse the repository at this point in the history

  20. refactor: Rename AnnotationReason to Reason 

    Avoid repetition in variable references.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    b30dbf4 View commit details
    Browse the repository at this point in the history

  21. refactor: Reason documentation 

    Redo reason documentation as a switch case to be called when necessary instead of defining a global map. Another reason to redo this logic as switch is that switch should be more performatic then instantiating a local map.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    d3ef155 View commit details
    Browse the repository at this point in the history

  22. refactor: Rename ScorecardYml to ScorecardConfig 

    This is a better generic name to reference Scorecard configuration file and leave the file format for the implementation.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    258e896 View commit details
    Browse the repository at this point in the history

  23. fix: Check name comparison 

    The EqualFold comparison is already case insensitive.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    b2ff1ad View commit details
    Browse the repository at this point in the history

  24. refactor: Rename maintainers annotation folder/file to config 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    362c05f View commit details
    Browse the repository at this point in the history

  25. refactor: Rename and simplify parsing the config 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    472601e View commit details
    Browse the repository at this point in the history

  26. refactor: Check parses its reasons 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    6d60fc3 View commit details
    Browse the repository at this point in the history

  27. fix: Is check exempted 

    Fix config struture renaming and collect all annotation reasons for a check. Don't stop in the first annotation that the check is exempted.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    84d659d View commit details
    Browse the repository at this point in the history

  28. refactor: Rename maintainers annotation to annotations 

    Renaming flags, function params, docs and fixing config renamings.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    cd9266a View commit details
    Browse the repository at this point in the history

  29. refactor: Separate annotations content from config parsing 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    696b76b View commit details
    Browse the repository at this point in the history

  30. fix: Omit empty annotations in JSON results 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    37d77b2 View commit details
    Browse the repository at this point in the history

  31. refactor: Read config file content 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    4ae0b28 View commit details
    Browse the repository at this point in the history

  32. refactor: JSON2 result options 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    6edd500 View commit details
    Browse the repository at this point in the history

  33. refactor: String result options 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    cbda605 View commit details
    Browse the repository at this point in the history

  34. test: Mock GetFileReader 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    54fde87 View commit details
    Browse the repository at this point in the history

  35. test: Annotation on Binary-Artifacts check 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    de8a965 View commit details
    Browse the repository at this point in the history

  36. feat: Validate annotated checks 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    952ca41 View commit details
    Browse the repository at this point in the history

  37. test: Annotating all checks 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    e5a6f6c View commit details
    Browse the repository at this point in the history

  38. feat: Validate annotated reasons 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    bdb4407 View commit details
    Browse the repository at this point in the history

  39. test: Annotating all reasons 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    2de2869 View commit details
    Browse the repository at this point in the history

  40. test: Multiple annotations 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 29, 2024
    Configuration menu
    Copy the full SHA
    0e70141 View commit details
    Browse the repository at this point in the history

Commits on Apr 1, 2024

  1. test: Binary-Artifacts exempted for testing 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    17e58c3 View commit details
    Browse the repository at this point in the history

  2. test: Binary-Artifacts not exempted 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    d9ad34c View commit details
    Browse the repository at this point in the history

  3. test: No checks exempted 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    b171872 View commit details
    Browse the repository at this point in the history

  4. test: Exemption is outdated 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    ceab1dd View commit details
    Browse the repository at this point in the history

  5. test: Improve reasons error comparison 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    ea1ca56 View commit details
    Browse the repository at this point in the history

  6. test: Multiple exemption reasons in a single annotation 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    b7a5d3f View commit details
    Browse the repository at this point in the history

  7. test: Multiple exemption reasons across annotations 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    b3950ab View commit details
    Browse the repository at this point in the history

  8. fix: cmd show annotations flag doc 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    8ca4fc7 View commit details
    Browse the repository at this point in the history

  9. test: Add show annotations flag 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    51b5fd1 View commit details
    Browse the repository at this point in the history

  10. fix: Remove unnecessary function 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    53ac96f View commit details
    Browse the repository at this point in the history

  11. test: Annotations string format 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    9d17753 View commit details
    Browse the repository at this point in the history

  12. test: Annotations json format 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    9006269 View commit details
    Browse the repository at this point in the history

  13. fix: Linter fallthrough 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    05f9aed View commit details
    Browse the repository at this point in the history

  14. fix: Linter imports 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    fe07f91 View commit details
    Browse the repository at this point in the history

  15. fix: Linter unnecessart struct type declaration 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    1a59b82 View commit details
    Browse the repository at this point in the history

  16. fix: Linter append combine 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    5cce247 View commit details
    Browse the repository at this point in the history

  17. fix: Linter struct memory 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    a45a4fc View commit details
    Browse the repository at this point in the history

  18. fix: Linter improve error msg in run scorecard 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    443a009 View commit details
    Browse the repository at this point in the history

  19. fix: Linter dynamic errors 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    b357f17 View commit details
    Browse the repository at this point in the history

  20. docs: Disable security alerts on SARIF output 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    494b6db View commit details
    Browse the repository at this point in the history

  21. docs: Redirect to configuration doc on main README 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    ad2a9b8 View commit details
    Browse the repository at this point in the history

  22. test: Invalid check in annotations 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    2b73436 View commit details
    Browse the repository at this point in the history

  23. test: Invalid reason in annotations 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    8234d6d View commit details
    Browse the repository at this point in the history

  24. test: Exempt check on SARIF output clears runs 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    997f030 View commit details
    Browse the repository at this point in the history

  25. test: Add check1 annotations json 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 1, 2024
    Configuration menu
    Copy the full SHA
    a36843e View commit details
    Browse the repository at this point in the history

Commits on Apr 22, 2024

  1. fix: On parse error return empty config file not a "dirty" one 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 22, 2024
    Configuration menu
    Copy the full SHA
    05fb5b1 View commit details
    Browse the repository at this point in the history

  2. fix: On parse config error continue execution 

    We log the error to the user but continue execution with empty config.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 22, 2024
    Configuration menu
    Copy the full SHA
    63b480c View commit details
    Browse the repository at this point in the history

  3. Merge branch 'main' into feat/maintainers-annotation 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti authored Apr 22, 2024
    Configuration menu
    Copy the full SHA
    ff88498 View commit details
    Browse the repository at this point in the history

  4. fix: Merge conflics importing rules 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 22, 2024
    Configuration menu
    Copy the full SHA
    f81871e View commit details
    Browse the repository at this point in the history

  5. fix: Readd is experimental enabled method 

    This method is necessary to validate if experimental feature is enabled so it can activate show annotations feature.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 22, 2024
    Configuration menu
    Copy the full SHA
    19f8ae1 View commit details
    Browse the repository at this point in the history

Commits on Apr 23, 2024

  1. feat: Wrap config parse under experimental flag 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Apr 23, 2024
    Configuration menu
    Copy the full SHA
    e7cd246 View commit details
    Browse the repository at this point in the history

  2. fix unit test by removing unused mock call 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
    @spencerschrock
    spencerschrock committed Apr 23, 2024
    Configuration menu
    Copy the full SHA
    b28295e View commit details
    Browse the repository at this point in the history