Skip to content

Commit e0739b4

Browse files
committed
merge security-policy test branch with upstream:main
Signed-off-by: Scott Hissam <[email protected]>
2 parents 776d4d6 + 043a720 commit e0739b4

7 files changed

Lines changed: 20 additions & 17 deletions

File tree

.github/workflows/integration.yml

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -77,8 +77,8 @@ jobs:
7777
timeout_minutes: 30
7878
command: make e2e-pat
7979

80-
- name: Run attestor e2e
81-
run: make e2e-attestor
80+
- name: Run attestor e2e #using retry because the GitHub token is being throttled.
81+
uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482
8282
env:
8383
GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
8484
with:
@@ -90,13 +90,8 @@ jobs:
9090
- name: codecov
9191
uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0
9292
with:
93-
files: ./e2e-coverage.out
94-
verbose: true
95-
96-
- name: codecov attestor
97-
uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0
98-
with:
99-
files: ./attestor/e2e/e2e-coverage.out
93+
fail_ci_if_error: true
94+
files: ./e2e-coverage.out,./attestor/e2e/e2e-coverage.out
10095
verbose: true
10196

10297
- name: find comment

.github/workflows/main.yml

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -68,12 +68,8 @@ jobs:
6868
- name: Upload codecoverage
6969
uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0
7070
with:
71-
files: ./unit-coverage.out
72-
verbose: true
73-
- name: Upload codecoverage attestor
74-
uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0
75-
with:
76-
files: ./attestor/unit-coverage.out
71+
fail_ci_if_error: true
72+
files: ./unit-coverage.out,./attestor/unit-coverage.out
7773
verbose: true
7874
generate-mocks:
7975
name: generate-mocks

.github/workflows/scorecard-analysis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
2727

2828
- name: "Run analysis"
29-
uses: ossf/scorecard-action@08dd0cebb088ac0fd6364339b1b3b68b75041ea8 # v2.0.0-alpha.2
29+
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
3030
with:
3131
results_file: results.sarif
3232
results_format: sarif

attestor/go.mod

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ require (
5757
golang.org/x/sync v0.1.0 // indirect
5858
golang.org/x/term v0.1.0 // indirect
5959
golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
60+
golang.org/x/tools v0.2.0 // indirect
6061
gopkg.in/inf.v0 v0.9.1 // indirect
6162
gopkg.in/yaml.v3 v3.0.1 // indirect
6263
k8s.io/api v0.18.8 // indirect

attestor/go.sum

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1206,6 +1206,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
12061206
golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
12071207
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
12081208
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
1209+
golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
1210+
golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
12091211
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
12101212
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
12111213
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

checks/raw/binary_artifact.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ package raw
1616

1717
import (
1818
"fmt"
19+
"log"
20+
"os"
1921
"path/filepath"
2022
"regexp"
2123
"strings"
@@ -25,6 +27,7 @@ import (
2527
"github.com/h2non/filetype"
2628
"github.com/h2non/filetype/types"
2729
"github.com/rhysd/actionlint"
30+
"golang.org/x/tools/godoc/util"
2831

2932
"github.com/ossf/scorecard/v4/checker"
3033
"github.com/ossf/scorecard/v4/checks/fileparser"
@@ -155,7 +158,11 @@ var checkBinaryFileContent fileparser.DoWhileTrueOnFileContent = func(path strin
155158
}
156159

157160
exists2 := binaryFileTypes[strings.ReplaceAll(filepath.Ext(path), ".", "")]
158-
if !isText(content) && exists2 {
161+
isTextFile := isText(content)
162+
if _, enabled := os.LookupEnv("SCORECARD_COMPARE_ISTEXT"); enabled && isTextFile != util.IsText(content) {
163+
log.Printf("isText implementations differ for file: %s", path)
164+
}
165+
if !isTextFile && exists2 {
159166
*pfiles = append(*pfiles, checker.File{
160167
Path: path,
161168
Type: checker.FileTypeBinary,

cron/k8s/worker.release.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,8 @@ spec:
4444
value: "10.4.4.210:80"
4545
- name: "SCORECARD_API_RESULTS_BUCKET_URL"
4646
value: "gs://ossf-scorecard-cron-releasetest-results"
47+
- name: SCORECARD_COMPARE_ISTEXT
48+
value: "1"
4749
resources:
4850
requests:
4951
memory: 5Gi

0 commit comments

Comments
 (0)