Skip to content

🌱 Allow for publish URL override #811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Aug 18, 2022
Merged

🌱 Allow for publish URL override #811

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
12f1cdb
Allow for URL override
azeemshaikh38 Aug 18, 2022
763b09d
Tag a new release
azeemshaikh38 Aug 18, 2022
2999130
Unit test
azeemshaikh38 Aug 18, 2022
d20a4c9
Merge branch 'main' into azeems/bug
azeemshaikh38 Aug 18, 2022
dbafa32
Merge branch 'main' into azeems/bug
azeemshaikh38 Aug 18, 2022
74bde01
Update to internal_publish_base_url
azeemshaikh38 Aug 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ inputs:
required: false
default: false

publish_base_url:
description: "INPUT: Base URL for publishing results. Used for testing."
required: false
default: "https://api.securityscorecards.dev"

internal_default_token:
description: "INPUT: Default GitHub token. (Internal purpose only, not intended for developers to set. Used for pull requests configured with a PAT)."
required: false
Expand All @@ -48,4 +53,4 @@ branding:

runs:
using: "docker"
image: "docker://gcr.io/openssf/scorecard-action:v2.0.0-alpha.1"
image: "docker://gcr.io/openssf/scorecard-action:v2.0.0-alpha.2"
1 change: 1 addition & 0 deletions options/env.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ const (
EnvInputResultsFile = "INPUT_RESULTS_FILE"
EnvInputResultsFormat = "INPUT_RESULTS_FORMAT"
EnvInputPublishResults = "INPUT_PUBLISH_RESULTS"
EnvInputPublishBaseURL = "INPUT_PUBLISH_BASE_URL"
)

// Errors
Expand Down
7 changes: 1 addition & 6 deletions signing/signing.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,6 @@ import (
"github.com/sigstore/cosign/cmd/cosign/cli/sign"
)

const scorecardAPI = "https://api.securityscorecards.dev"

// SignScorecardResult signs the results file and uploads the attestation to the Rekor transparency log.
func SignScorecardResult(scorecardResultsFile string) error {
if err := os.Setenv("COSIGN_EXPERIMENTAL", "true"); err != nil {
Expand Down Expand Up @@ -108,10 +106,7 @@ func ProcessSignature(jsonPayload []byte, repoName, repoRef, accessToken string)

// Call scorecard-webapp-api to process and upload signature.
// Setup HTTP request and context.
apiURL := scorecardAPI
if scorecardURL, exists := os.LookupEnv("SCORECARD_API_URL"); exists {
apiURL = scorecardURL
}
apiURL := os.Getenv(options.EnvInputPublishBaseURL)
rawURL := fmt.Sprintf("%s/projects/github.com/%s", apiURL, repoName)
parsedURL, err := url.Parse(rawURL)
if err != nil {
Expand Down
1 change: 1 addition & 0 deletions signing/signing_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ func Test_ProcessSignature(t *testing.T) {
repoName := "ossf-tests/scorecard-action"
repoRef := "refs/heads/main"
accessToken := os.Getenv("GITHUB_AUTH_TOKEN")
os.Setenv("INPUT_PUBLISH_BASE_URL", "https://api.securityscorecards.dev")

if err != nil {
t.Errorf("Error reading testdata:, %v", err)
Expand Down