N8BWert
diff --git a/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 0 deletions b/‎Makefile‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎attestor/command/check.go‎
Lines changed: 1 addition & 0 deletions b/‎attestor/command/check.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎attestor/e2e/command_test.go‎
Lines changed: 1 addition & 0 deletions b/‎attestor/e2e/command_test.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎checks/binary_artifact_test.go‎
Lines changed: 1 addition & 1 deletion b/‎checks/binary_artifact_test.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎checks/license_test.go‎
Lines changed: 1 addition & 1 deletion b/‎checks/license_test.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎checks/raw/security_policy.go‎
Lines changed: 2 additions & 2 deletions b/‎checks/raw/security_policy.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎clients/githubrepo/client.go‎
Lines changed: 10 additions & 4 deletions b/‎clients/githubrepo/client.go‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎clients/githubrepo/graphql.go‎
Lines changed: 52 additions & 10 deletions b/‎clients/githubrepo/graphql.go‎
Lines changed: 52 additions & 10 deletions
diff --git a/‎clients/githubrepo/graphql_e2e_test.go‎
Lines changed: 109 additions & 3 deletions b/‎clients/githubrepo/graphql_e2e_test.go‎
Lines changed: 109 additions & 3 deletions
@@ -61,6 +61,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
+
       uses: github/codeql-action/init@678fc3afe258fb2e0cdc165ccf77b85719de7b3c # v1
       with:
         languages: ${{ matrix.language }}
 
@@ -243,6 +243,7 @@ build-attestor: ## Runs go build on scorecard attestor
 	# Run go build on scorecard attestor
 	cd attestor/; CGO_ENABLED=0 go build -trimpath -a -tags netgo -ldflags '$(LDFLAGS)' -o scorecard-attestor
 
+
 build-attestor-docker: ## Build scorecard-attestor Docker image
 build-attestor-docker:
 	DOCKER_BUILDKIT=1 docker build . --file attestor/Dockerfile \
 
@@ -97,6 +97,7 @@ func runCheck() (policy.PolicyResult, error) {
 		ctx,
 		repo,
 		commitSHA,
+		0,
 		enabledChecks,
 		repoClient,
 		ossFuzzRepoClient,
 
@@ -18,6 +18,7 @@ import (
 	"strings"
 	"testing"
 
+
 	"github.com/spf13/cobra"
 
 	"github.com/ossf/scorecard-attestor/command"
 
@@ -71,7 +71,7 @@ func TestBinaryArtifacts(t *testing.T) {
 			ctx := context.Background()
 
 			client := localdir.CreateLocalDirClient(ctx, logger)
-			if err := client.InitRepo(repo, clients.HeadSHA); err != nil {
+			if err := client.InitRepo(repo, clients.HeadSHA, 0); err != nil {
 				t.Errorf("InitRepo: %v", err)
 			}
 
 
@@ -75,7 +75,7 @@ func TestLicenseFileSubdirectory(t *testing.T) {
 			ctx := context.Background()
 
 			client := localdir.CreateLocalDirClient(ctx, logger)
-			if err := client.InitRepo(repo, clients.HeadSHA); err != nil {
+			if err := client.InitRepo(repo, clients.HeadSHA, 0); err != nil {
 				t.Errorf("InitRepo: %v", err)
 			}
 
 
@@ -72,10 +72,10 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error)
 		if err != nil {
 			return checker.SecurityPolicyData{}, fmt.Errorf("unable to create gitlab client: %w", err)
 		}
-		err = client.InitRepo(c.Repo, clients.HeadSHA)
+		err = client.InitRepo(c.Repo, clients.HeadSHA, 0)
 	} else {
 		client = githubrepo.CreateGithubRepoClient(c.Ctx, logger)
-		err = client.InitRepo(c.Repo.Org(), clients.HeadSHA)
+		err = client.InitRepo(c.Repo.Org(), clients.HeadSHA, 0)
 	}
 	switch {
 	case err == nil:
 
@@ -55,10 +55,11 @@ type Client struct {
 	languages     *languagesHandler
 	ctx           context.Context
 	tarball       tarballHandler
+	commitDepth   int
 }
 
 // InitRepo sets up the GitHub repo in local storage for improving performance and GitHub token usage efficiency.
-func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error {
+func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitDepth int) error {
 	ghRepo, ok := inputRepo.(*repoURL)
 	if !ok {
 		return fmt.Errorf("%w: %v", errInputRepoType, inputRepo)
@@ -69,7 +70,11 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error {
 	if err != nil {
 		return sce.WithMessage(sce.ErrRepoUnreachable, err.Error())
 	}
-
+	if commitDepth <= 0 {
+		client.commitDepth = 30 // default
+	} else {
+		client.commitDepth = commitDepth
+	}
 	client.repo = repo
 	client.repourl = &repoURL{
 		owner:         repo.Owner.GetLogin(),
@@ -82,7 +87,7 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error {
 	client.tarball.init(client.ctx, client.repo, commitSHA)
 
 	// Setup GraphQL.
-	client.graphClient.init(client.ctx, client.repourl)
+	client.graphClient.init(client.ctx, client.repourl, client.commitDepth)
 
 	// Setup contributorsHandler.
 	client.contributors.init(client.ctx, client.repourl)
@@ -138,6 +143,7 @@ func (client *Client) ListCommits() ([]clients.Commit, error) {
 
 // ListIssues implements RepoClient.ListIssues.
 func (client *Client) ListIssues() ([]clients.Issue, error) {
+	// here you would need to pass commitDepth or something
 	return client.graphClient.getIssues()
 }
 
@@ -295,7 +301,7 @@ func CreateOssFuzzRepoClient(ctx context.Context, logger *log.Logger) (clients.R
 	}
 
 	ossFuzzRepoClient := CreateGithubRepoClient(ctx, logger)
-	if err := ossFuzzRepoClient.InitRepo(ossFuzzRepo, clients.HeadSHA); err != nil {
+	if err := ossFuzzRepoClient.InitRepo(ossFuzzRepo, clients.HeadSHA, 0); err != nil {
 		return nil, fmt.Errorf("error during InitRepo: %w", err)
 	}
 	return ossFuzzRepoClient, nil
 
@@ -36,7 +36,6 @@ const (
 	issueCommentsToAnalyze = 30
 	reviewsToAnalyze       = 30
 	labelsToAnalyze        = 30
-	commitsToAnalyze       = 30
 )
 
 var errNotCached = errors.New("result not cached")
@@ -100,7 +99,12 @@ type graphqlData struct {
 							}
 						} `graphql:"associatedPullRequests(first: $pullRequestsToAnalyze)"`
 					}
-				} `graphql:"history(first: $commitsToAnalyze)"`
+					PageInfo struct {
+						StartCursor githubv4.String
+						EndCursor   githubv4.String
+						HasNextPage bool
+					}
+				} `graphql:"history(first: $commitsToAnalyze, after: $historyCursor)"`
 			} `graphql:"... on Commit"`
 		} `graphql:"object(expression: $commitExpression)"`
 		Issues struct {
@@ -183,9 +187,10 @@ type graphqlHandler struct {
 	commits            []clients.Commit
 	issues             []clients.Issue
 	archived           bool
+	commitDepth        int
 }
 
-func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL) {
+func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL, commitDepth int) {
 	handler.ctx = ctx
 	handler.repourl = repourl
 	handler.data = new(graphqlData)
@@ -195,6 +200,32 @@ func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL) {
 	handler.setupCheckRunsOnce = new(sync.Once)
 	handler.checkRuns = checkRunCache{}
 	handler.logger = log.NewLogger(log.DefaultLevel)
+	handler.commitDepth = commitDepth
+}
+
+func populateCommits(handler *graphqlHandler, vars map[string]interface{}) ([]clients.Commit, error) {
+	var allCommits []clients.Commit
+	var commitsLeft githubv4.Int
+	commitsLeft, ok := vars["commitsToAnalyze"].(githubv4.Int)
+	if !ok {
+		return nil, nil
+	}
+	for vars["commitsToAnalyze"] = githubv4.Int(100); commitsLeft > 0; commitsLeft = commitsLeft - 100 {
+		if commitsLeft < 100 {
+			vars["commitsToAnalyze"] = commitsLeft
+		}
+		err := handler.client.Query(handler.ctx, handler.data, vars)
+		if err != nil {
+			return nil, fmt.Errorf("failed to populate commits: %w", err)
+		}
+		vars["historyCursor"] = handler.data.Repository.Object.Commit.History.PageInfo.EndCursor
+		tmp, err := commitsFrom(handler.data, handler.repourl.owner, handler.repourl.repo)
+		if err != nil {
+			return nil, fmt.Errorf("failed to populate commits: %w", err)
+		}
+		allCommits = append(allCommits, tmp...)
+	}
+	return allCommits, nil
 }
 
 func (handler *graphqlHandler) setup() error {
@@ -208,19 +239,24 @@ func (handler *graphqlHandler) setup() error {
 			"issueCommentsToAnalyze": githubv4.Int(issueCommentsToAnalyze),
 			"reviewsToAnalyze":       githubv4.Int(reviewsToAnalyze),
 			"labelsToAnalyze":        githubv4.Int(labelsToAnalyze),
-			"commitsToAnalyze":       githubv4.Int(commitsToAnalyze),
+			"commitsToAnalyze":       githubv4.Int(handler.commitDepth),
 			"commitExpression":       githubv4.String(commitExpression),
+			"historyCursor":          (*githubv4.String)(nil),
+		}
+		// if NumberOfCommits set to < 99 we are required by the graphql to page by 100 commits.
+		if handler.commitDepth > 99 {
+			handler.commits, handler.errSetup = populateCommits(handler, vars)
+			handler.issues = issuesFrom(handler.data)
+			handler.archived = bool(handler.data.Repository.IsArchived)
+			return
 		}
 		if err := handler.client.Query(handler.ctx, handler.data, vars); err != nil {
 			handler.errSetup = sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("githubv4.Query: %v", err))
 			return
 		}
-		handler.archived = bool(handler.data.Repository.IsArchived)
 		handler.commits, handler.errSetup = commitsFrom(handler.data, handler.repourl.owner, handler.repourl.repo)
-		if handler.errSetup != nil {
-			return
-		}
 		handler.issues = issuesFrom(handler.data)
+		handler.archived = bool(handler.data.Repository.IsArchived)
 	})
 	return handler.errSetup
 }
@@ -232,10 +268,16 @@ func (handler *graphqlHandler) setupCheckRuns() error {
 			"owner":                 githubv4.String(handler.repourl.owner),
 			"name":                  githubv4.String(handler.repourl.repo),
 			"pullRequestsToAnalyze": githubv4.Int(pullRequestsToAnalyze),
-			"commitsToAnalyze":      githubv4.Int(commitsToAnalyze),
+			"commitsToAnalyze":      githubv4.Int(handler.commitDepth),
 			"commitExpression":      githubv4.String(commitExpression),
 			"checksToAnalyze":       githubv4.Int(checksToAnalyze),
 		}
+		// TODO(#2224):
+		// sast and ci checks causes cache miss if commits dont match number of check runs.
+		// paging for this needs to be implemented if using higher than 100 --number-of-commits
+		if handler.commitDepth > 99 {
+			vars["commitsToAnalyze"] = githubv4.Int(99)
+		}
 		if err := handler.client.Query(handler.ctx, handler.checkData, vars); err != nil {
 			// quit early without setting crsErrSetup for "Resource not accessible by integration" error
 			// for whatever reason, this check doesn't work with a GITHUB_TOKEN, only a PAT
@@ -325,7 +367,7 @@ func parseCheckRuns(data *checkRunsGraphqlData) checkRunCache {
 	return checkCache
 }
 
-//nolint
+// nolint
 func commitsFrom(data *graphqlData, repoOwner, repoName string) ([]clients.Commit, error) {
 	ret := make([]clients.Commit, 0)
 	for _, commit := range data.Repository.Object.Commit.History.Nodes {
 
@@ -16,11 +16,15 @@ package githubrepo
 
 import (
 	"context"
+	"net/http"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"github.com/shurcooL/githubv4"
 
 	"github.com/ossf/scorecard/v4/clients"
+	"github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper"
+	"github.com/ossf/scorecard/v4/log"
 )
 
 var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() {
@@ -32,14 +36,116 @@ var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() {
 		}
 	})
 
+	Context("E2E TEST: Confirm Paging Commits Works", func() {
+		It("Should only have 1 commit", func() {
+			_repourl := &repoURL{
+				owner:     "ossf",
+				repo:      "scorecard",
+				commitSHA: clients.HeadSHA,
+			}
+			_vars := map[string]interface{}{
+				"owner":                  githubv4.String("ossf"),
+				"name":                   githubv4.String("scorecard"),
+				"pullRequestsToAnalyze":  githubv4.Int(1),
+				"issuesToAnalyze":        githubv4.Int(30),
+				"issueCommentsToAnalyze": githubv4.Int(30),
+				"reviewsToAnalyze":       githubv4.Int(30),
+				"labelsToAnalyze":        githubv4.Int(30),
+				"commitsToAnalyze":       githubv4.Int(1),
+				"commitExpression":       githubv4.String("heads/main"),
+				"historyCursor":          (*githubv4.String)(nil),
+			}
+			_ctx := context.Background()
+			_logger := log.NewLogger(log.DebugLevel)
+			_rt := roundtripper.NewTransport(_ctx, _logger)
+			_httpClient := &http.Client{
+				Transport: _rt,
+			}
+			_graphClient := githubv4.NewClient(_httpClient)
+			_handler := &graphqlHandler{
+				client: _graphClient,
+			}
+			_handler.init(context.Background(), _repourl, 1)
+			commits, err := populateCommits(_handler, _vars)
+			Expect(err).To(BeNil())
+			Expect(len(commits)).Should(BeEquivalentTo(1))
+		})
+		It("Should have 30 commits", func() {
+			_repourl := &repoURL{
+				owner:     "ossf",
+				repo:      "scorecard",
+				commitSHA: clients.HeadSHA,
+			}
+			_vars := map[string]interface{}{
+				"owner":                  githubv4.String("ossf"),
+				"name":                   githubv4.String("scorecard"),
+				"pullRequestsToAnalyze":  githubv4.Int(1),
+				"issuesToAnalyze":        githubv4.Int(30),
+				"issueCommentsToAnalyze": githubv4.Int(30),
+				"reviewsToAnalyze":       githubv4.Int(30),
+				"labelsToAnalyze":        githubv4.Int(30),
+				"commitsToAnalyze":       githubv4.Int(30),
+				"commitExpression":       githubv4.String("heads/main"),
+				"historyCursor":          (*githubv4.String)(nil),
+			}
+			_ctx := context.Background()
+			_logger := log.NewLogger(log.DebugLevel)
+			_rt := roundtripper.NewTransport(_ctx, _logger)
+			_httpClient := &http.Client{
+				Transport: _rt,
+			}
+			_graphClient := githubv4.NewClient(_httpClient)
+			_handler := &graphqlHandler{
+				client: _graphClient,
+			}
+			_handler.init(context.Background(), _repourl, 30)
+			commits, err := populateCommits(_handler, _vars)
+			Expect(err).To(BeNil())
+			Expect(len(commits)).Should(BeEquivalentTo(30))
+		})
+		It("Should have 101 commits", func() {
+			_repourl := &repoURL{
+				owner:     "ossf",
+				repo:      "scorecard",
+				commitSHA: clients.HeadSHA,
+			}
+			_vars := map[string]interface{}{
+				"owner":                  githubv4.String("ossf"),
+				"name":                   githubv4.String("scorecard"),
+				"pullRequestsToAnalyze":  githubv4.Int(1),
+				"issuesToAnalyze":        githubv4.Int(30),
+				"issueCommentsToAnalyze": githubv4.Int(30),
+				"reviewsToAnalyze":       githubv4.Int(30),
+				"labelsToAnalyze":        githubv4.Int(30),
+				"commitsToAnalyze":       githubv4.Int(101),
+				"commitExpression":       githubv4.String("heads/main"),
+				"historyCursor":          (*githubv4.String)(nil),
+			}
+			_ctx := context.Background()
+			_logger := log.NewLogger(log.DebugLevel)
+			_rt := roundtripper.NewTransport(_ctx, _logger)
+			_httpClient := &http.Client{
+				Transport: _rt,
+			}
+			_graphClient := githubv4.NewClient(_httpClient)
+			_handler := &graphqlHandler{
+				client: _graphClient,
+			}
+			_handler.init(context.Background(), _repourl, 101)
+			commits, err := populateCommits(_handler, _vars)
+			Expect(err).To(BeNil())
+			Expect(len(commits)).Should(BeEquivalentTo(101))
+		})
+	})
+
 	Context("E2E TEST: Validate query cost", func() {
 		It("Should not have increased for HEAD query", func() {
 			repourl := &repoURL{
 				owner:     "ossf",
 				repo:      "scorecard",
 				commitSHA: clients.HeadSHA,
 			}
-			graphqlhandler.init(context.Background(), repourl)
+			graphqlhandler.init(context.Background(), repourl, 30)
 			Expect(graphqlhandler.setup()).Should(BeNil())
 			Expect(graphqlhandler.data).ShouldNot(BeNil())
 			Expect(graphqlhandler.data.RateLimit.Cost).ShouldNot(BeNil())
@@ -51,7 +157,7 @@ var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() {
 				repo:      "scorecard",
 				commitSHA: "de5224bbc56eceb7a25aece55d2d53bbc561ed2d",
 			}
-			graphqlhandler.init(context.Background(), repourl)
+			graphqlhandler.init(context.Background(), repourl, 30)
 			Expect(graphqlhandler.setup()).Should(BeNil())
 			Expect(graphqlhandler.data).ShouldNot(BeNil())
 			Expect(graphqlhandler.data.RateLimit.Cost).ShouldNot(BeNil())
@@ -63,7 +169,7 @@ var _ = Describe("E2E TEST: githubrepo.graphqlHandler", func() {
 				repo:      "scorecard",
 				commitSHA: clients.HeadSHA,
 			}
-			graphqlhandler.init(context.Background(), repourl)
+			graphqlhandler.init(context.Background(), repourl, 30)
 			Expect(graphqlhandler.setupCheckRuns()).Should(BeNil())
 			Expect(graphqlhandler.checkData).ShouldNot(BeNil())
 			Expect(graphqlhandler.checkData.RateLimit.Cost).ShouldNot(BeNil())
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ func TestBinaryArtifacts(t *testing.T) {`
`71`	`71`	`ctx := context.Background()`
`72`	`72`
`73`	`73`	`client := localdir.CreateLocalDirClient(ctx, logger)`
`74`		`- if err := client.InitRepo(repo, clients.HeadSHA); err != nil {`
	`74`	`+ if err := client.InitRepo(repo, clients.HeadSHA, 0); err != nil {`
`75`	`75`	`t.Errorf("InitRepo: %v", err)`
`76`	`76`	`}`
`77`	`77`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ func TestLicenseFileSubdirectory(t *testing.T) {`
`75`	`75`	`ctx := context.Background()`
`76`	`76`
`77`	`77`	`client := localdir.CreateLocalDirClient(ctx, logger)`
`78`		`- if err := client.InitRepo(repo, clients.HeadSHA); err != nil {`
	`78`	`+ if err := client.InitRepo(repo, clients.HeadSHA, 0); err != nil {`
`79`	`79`	`t.Errorf("InitRepo: %v", err)`
`80`	`80`	`}`
`81`	`81`
Original file line number	Diff line number	Diff line change
`@@ -72,10 +72,10 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error)`
`72`	`72`	`if err != nil {`
`73`	`73`	`return checker.SecurityPolicyData{}, fmt.Errorf("unable to create gitlab client: %w", err)`
`74`	`74`	`}`
`75`		`- err = client.InitRepo(c.Repo, clients.HeadSHA)`
	`75`	`+ err = client.InitRepo(c.Repo, clients.HeadSHA, 0)`
`76`	`76`	`} else {`
`77`	`77`	`client = githubrepo.CreateGithubRepoClient(c.Ctx, logger)`
`78`		`- err = client.InitRepo(c.Repo.Org(), clients.HeadSHA)`
	`78`	`+ err = client.InitRepo(c.Repo.Org(), clients.HeadSHA, 0)`
`79`	`79`	`}`
`80`	`80`	`switch {`
`81`	`81`	`case err == nil:`