MCPcopy
hub / github.com/ossf/scorecard / codeReviewRun

Function codeReviewRun

probes/codeReviewOneReviewers/impl.go:53–118  ·  view source on GitHub ↗

Looks through the data and validates author and reviewers of a changeset Scorecard currently only supports GitHub revisions and generates a true score in the case of other platforms. This probe is created to ensure that there are a number of unique reviewers for each changeset.

(reviewData *checker.CodeReviewData, fs embed.FS, probeID string,
	trueOutcome, falseOutcome finding.Outcome,
)

Source from the content-addressed store, hash-verified

51// score in the case of other platforms. This probe is created to ensure that
52// there are a number of unique reviewers for each changeset.
53func codeReviewRun(reviewData *checker.CodeReviewData, fs embed.FS, probeID string,
54 trueOutcome, falseOutcome finding.Outcome,
55) ([]finding.Finding, string, error) {
56 changesets := reviewData.DefaultBranchChangesets
57 var findings []finding.Finding
58 foundHumanActivity := false
59 leastFoundReviewers := 0
60 nChangesets := len(changesets)
61 if nChangesets == 0 {
62 return nil, probeID, utils.ErrNoChangesets
63 }
64 // Loops through all changesets, if an author login cannot be retrieved: returns OutcomeNotAvailabe.
65 // leastFoundReviewers will be the lowest number of unique reviewers found among the changesets.
66 for i := range changesets {
67 data := &changesets[i]
68 if data.Author.Login == "" {
69 f, err := finding.NewNotAvailable(fs, probeID, "Could not retrieve the author of a changeset.", nil)
70 if err != nil {
71 return nil, probeID, fmt.Errorf("create finding: %w", err)
72 }
73 findings = append(findings, *f)
74 return findings, probeID, nil
75 }
76 if !data.Author.IsBot {
77 foundHumanActivity = true
78 }
79 nReviewers, err := uniqueReviewers(data.Author.Login, data.Reviews)
80 if err != nil {
81 f, err := finding.NewNotAvailable(fs, probeID, "Could not retrieve the reviewer of a changeset.", nil)
82 if err != nil {
83 return nil, probeID, fmt.Errorf("create finding: %w", err)
84 }
85 findings = append(findings, *f)
86 return findings, probeID, nil
87 } else if i == 0 || nReviewers < leastFoundReviewers {
88 leastFoundReviewers = nReviewers
89 }
90 }
91 switch {
92 case !foundHumanActivity:
93 // returns a NotAvailable outcome if all changesets were authored by bots
94 f, err := finding.NewNotAvailable(fs, probeID, "All changesets authored by bot(s).", nil)
95 if err != nil {
96 return nil, probeID, fmt.Errorf("create finding: %w", err)
97 }
98 findings = append(findings, *f)
99 return findings, probeID, nil
100 case leastFoundReviewers < minimumReviewers:
101 // returns FalseOutcome if even a single changeset was reviewed by fewer than minimumReviewers (1).
102 f, err := finding.NewWith(fs, probeID, fmt.Sprintf("some changesets had <%d reviewers",
103 minimumReviewers), nil, falseOutcome)
104 if err != nil {
105 return nil, probeID, fmt.Errorf("create finding: %w", err)
106 }
107 findings = append(findings, *f)
108 default:
109 // returns TrueOutcome if the lowest number of unique reviewers is at least as high as minimumReviewers (1).
110 f, err := finding.NewWith(fs, probeID, fmt.Sprintf(">%d reviewers found for all changesets",

Callers 1

RunFunction · 0.85

Calls 3

NewNotAvailableFunction · 0.92
NewWithFunction · 0.92
uniqueReviewersFunction · 0.85

Tested by

no test coverage detected