Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Ignore unpinned dependencies in Dockerfiles in vendored directories #3675

Merged
merged 2 commits into from
Nov 16, 2023
Merged

🐛 Ignore unpinned dependencies in Dockerfiles in vendored directories #3675

merged 2 commits into from
Nov 16, 2023

Conversation

AdamKorcz
Copy link
Contributor

What kind of change does this PR introduce?

This checks whether Dockerfiles being checked by Pinned Dependencies are in a vendor or third_party directory.

(Is it a bug fix, feature, docs update, something else?)

What is the current behavior?

What is the new behavior (if this is a feature change)?**

With this PR, Scorecard will check whether any of the subdirectories that a file exists in is called either vendor or third_party.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

#1095

Special notes for your reviewer

Does this PR introduce a user-facing change?

Yes, scores will change, but that is inherited from #1095

Scorecard no longer considers unpinned Dockerfiles in `vendor` and `third_party` directories.

@AdamKorcz AdamKorcz requested a review from a team as a code owner November 14, 2023 13:02
@AdamKorcz AdamKorcz requested review from justaugustus and laurentsimon and removed request for a team November 14, 2023 13:02
@codecov Codecov
Copy link

codecov bot commented Nov 14, 2023
edited
Loading

Codecov Report

Merging #3675 (0310029) into main (92470de) will decrease coverage by 5.60%.
The diff coverage is 83.33%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3675      +/-   ##
==========================================
- Coverage   76.12%   70.52%   -5.60%     
==========================================
  Files         205      205              
  Lines       14050    14068      +18     
==========================================
- Hits        10696     9922     -774     
- Misses       2723     3570     +847     
+ Partials      631      576      -55

raghavkaul
raghavkaul approved these changes Nov 16, 2023
View reviewed changes
checks/raw/pinned_dependencies.go Outdated Show resolved Hide resolved
@AdamKorcz
🐛 Ignore unpinned dependencies in Dockerfiles in vendored directories
72b59f3 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz
remove unnecessary check
0310029 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz AdamKorcz force-pushed the ignore-vendored-unpinned-dependencies branch from 4962379 to 0310029 Compare November 16, 2023 21:49
@raghavkaul raghavkaul enabled auto-merge (squash) November 16, 2023 21:52
@raghavkaul raghavkaul merged commit be0b915 into ossf:main Nov 16, 2023
38 checks passed
@AdamKorcz AdamKorcz mentioned this pull request Nov 16, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raghavkaul raghavkaul raghavkaul approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

@laurentsimon laurentsimon Awaiting requested review from laurentsimon laurentsimon is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AdamKorcz @raghavkaul