MCPcopy
hub / github.com/ossf/scorecard / Packaging

Function Packaging

checks/raw/github/packaging.go:32–129  ·  view source on GitHub ↗

Packaging checks for packages.

(c *checker.CheckRequest)

Source from the content-addressed store, hash-verified

30
31// Packaging checks for packages.
32func Packaging(c *checker.CheckRequest) (checker.PackagingData, error) {
33 var data checker.PackagingData
34 matchedFiles, err := c.RepoClient.ListFiles(fileparser.IsGithubWorkflowFileCb)
35 if err != nil {
36 return data, fmt.Errorf("%w", err)
37 }
38 if err != nil {
39 return data, fmt.Errorf("RepoClient.ListFiles: %w", err)
40 }
41
42 for _, fp := range matchedFiles {
43 fr, err := c.RepoClient.GetFileReader(fp)
44 if err != nil {
45 return data, fmt.Errorf("RepoClient.GetFileReader: %w", err)
46 }
47 fc, err := io.ReadAll(fr)
48 fr.Close()
49 if err != nil {
50 return data, fmt.Errorf("reading file: %w", err)
51 }
52
53 workflow, errs := actionlint.Parse(fc)
54 if len(errs) > 0 && workflow == nil {
55 e := fileparser.FormatActionlintError(errs)
56 return data, e
57 }
58
59 // Check if it's a packaging workflow.
60 match, ok := fileparser.IsPackagingWorkflow(workflow, fp)
61 // Always print debug messages.
62 data.Packages = append(data.Packages,
63 checker.Package{
64 Msg: &match.Msg,
65 File: &checker.File{
66 Path: fp,
67 Type: finding.FileTypeSource,
68 Offset: checker.OffsetDefault,
69 },
70 },
71 )
72 if !ok {
73 continue
74 }
75
76 runs, err := c.RepoClient.ListSuccessfulWorkflowRuns(filepath.Base(fp))
77 if err != nil {
78 // assume the workflow will have run for localdir client
79 if errors.Is(err, clients.ErrUnsupportedFeature) {
80 runs = append(runs, clients.WorkflowRun{})
81 } else {
82 return data, fmt.Errorf("Client.Actions.ListWorkflowRunsByFileName: %w", err)
83 }
84 }
85
86 if len(runs) > 0 {
87 // Create package.
88 pkg := checker.Package{
89 File: &checker.File{

Callers 2

PackagingFunction · 0.92
assignRawDataFunction · 0.92

Calls 7

FormatActionlintErrorFunction · 0.92
IsPackagingWorkflowFunction · 0.92
StringPointerFunction · 0.70
ListFilesMethod · 0.65
GetFileReaderMethod · 0.65
CloseMethod · 0.65

Tested by

no test coverage detected