Packaging checks for packages.
(c *checker.CheckRequest)
| 30 | |
| 31 | // Packaging checks for packages. |
| 32 | func Packaging(c *checker.CheckRequest) (checker.PackagingData, error) { |
| 33 | var data checker.PackagingData |
| 34 | matchedFiles, err := c.RepoClient.ListFiles(fileparser.IsGithubWorkflowFileCb) |
| 35 | if err != nil { |
| 36 | return data, fmt.Errorf("%w", err) |
| 37 | } |
| 38 | if err != nil { |
| 39 | return data, fmt.Errorf("RepoClient.ListFiles: %w", err) |
| 40 | } |
| 41 | |
| 42 | for _, fp := range matchedFiles { |
| 43 | fr, err := c.RepoClient.GetFileReader(fp) |
| 44 | if err != nil { |
| 45 | return data, fmt.Errorf("RepoClient.GetFileReader: %w", err) |
| 46 | } |
| 47 | fc, err := io.ReadAll(fr) |
| 48 | fr.Close() |
| 49 | if err != nil { |
| 50 | return data, fmt.Errorf("reading file: %w", err) |
| 51 | } |
| 52 | |
| 53 | workflow, errs := actionlint.Parse(fc) |
| 54 | if len(errs) > 0 && workflow == nil { |
| 55 | e := fileparser.FormatActionlintError(errs) |
| 56 | return data, e |
| 57 | } |
| 58 | |
| 59 | // Check if it's a packaging workflow. |
| 60 | match, ok := fileparser.IsPackagingWorkflow(workflow, fp) |
| 61 | // Always print debug messages. |
| 62 | data.Packages = append(data.Packages, |
| 63 | checker.Package{ |
| 64 | Msg: &match.Msg, |
| 65 | File: &checker.File{ |
| 66 | Path: fp, |
| 67 | Type: finding.FileTypeSource, |
| 68 | Offset: checker.OffsetDefault, |
| 69 | }, |
| 70 | }, |
| 71 | ) |
| 72 | if !ok { |
| 73 | continue |
| 74 | } |
| 75 | |
| 76 | runs, err := c.RepoClient.ListSuccessfulWorkflowRuns(filepath.Base(fp)) |
| 77 | if err != nil { |
| 78 | // assume the workflow will have run for localdir client |
| 79 | if errors.Is(err, clients.ErrUnsupportedFeature) { |
| 80 | runs = append(runs, clients.WorkflowRun{}) |
| 81 | } else { |
| 82 | return data, fmt.Errorf("Client.Actions.ListWorkflowRunsByFileName: %w", err) |
| 83 | } |
| 84 | } |
| 85 | |
| 86 | if len(runs) > 0 { |
| 87 | // Create package. |
| 88 | pkg := checker.Package{ |
| 89 | File: &checker.File{ |
no test coverage detected