Skip empty repositories for Allstar policy enforcement #471
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
|
Looking at https://docs.github.com/en/rest/metrics/statistics?apiVersion=2022-11-28#best-practices-for-caching and https://pkg.go.dev/github.com/google/go-github/v56/github#RepositoriesService.ListContributorsStats This doesn't seem like a good option to use. It will likely result in an error/202 and we don't need this expensive operation to tell if the repo is empty. Is using something like https://pkg.go.dev/github.com/google/go-github/v56/github#RepositoriesService.GetContents an option and seeing if the top-level is empty? |
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
|
Yes, that API makes sense. Updated! |
jeffmendoza
reviewed
Nov 9, 2023
jeffmendoza
approved these changes
Nov 21, 2023
jeffmendoza
added a commit
to jeffmendoza/allstar
that referenced
this pull request
Nov 22, 2023
Signed-off-by: Jeff Mendoza <jlm@jlm.name>
jeffmendoza
added a commit
that referenced
this pull request
Nov 22, 2023
Signed-off-by: Jeff Mendoza <jlm@jlm.name>
karankohli-cf
added a commit
to contentful/allstar
that referenced
this pull request
Jun 10, 2024
commit 0ae052c Author: Stephen Augustus <foo@auggie.dev> Date: Tue May 28 11:10:53 2024 +0200 docs: Allstar is now a part of the OpenSSF Scorecard project Signed-off-by: Stephen Augustus <foo@auggie.dev> commit 3dc172e Author: Stephen Augustus <foo@auggie.dev> Date: Tue May 28 15:50:53 2024 +0200 docs: Adopt OpenSSF Scorecard contributor ladder Signed-off-by: Stephen Augustus <foo@auggie.dev> commit cc8cc68 Author: Jeff Mendoza <jlm@jlm.name> Date: Fri May 3 12:30:32 2024 -0700 Fix name of ko in cloudbuild Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 80ddc24 Author: Jeff Mendoza <jlm@jlm.name> Date: Fri May 3 12:18:56 2024 -0700 Update go modules Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 27c8070 Author: Jeff Mendoza <jlm@jlm.name> Date: Fri May 3 12:06:48 2024 -0700 Update sc client mock Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 5388811 Author: Jeff Mendoza <jlm@jlm.name> Date: Wed Mar 27 16:13:32 2024 -0700 Update scorecard and Go versions. Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 3d71f35 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Mar 22 13:21:37 2024 +0000 Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.9.0 to 2.10.0 Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.9.0 to 2.10.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](bradleyfalzon/ghinstallation@v2.9.0...v2.10.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit f42d035 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Mar 13 13:38:46 2024 +0000 Bump gocloud.dev from 0.36.0 to 0.37.0 Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.36.0 to 0.37.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](google/go-cloud@v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit c26edb2 Author: twelsh-aw <84401379+twelsh-aw@users.noreply.github.com> Date: Tue Mar 19 20:06:46 2024 -0400 Update issue in IssueRepo when change detected This was trying (and depending on app permissions, succeeding) at changing issue descriptions in repos directly even when IssueRepo was set. We update to obey IssueRepo config setting in this case Signed-off-by: twelsh-aw <84401379+twelsh-aw@users.noreply.github.com> commit 964a34c Author: Jeff Mendoza <jlm@jlm.name> Date: Thu Mar 7 14:23:29 2024 -0800 Switch to using a single worker Change "workers" cli option to be in pkg/config/operator and use ALLSTAR_NUM_WORKERS envvar with same default at 5. Update staging and prod config to use 1 worker to save concurrent memory usage. Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 9c5f410 Author: Jeff Mendoza <jlm@jlm.name> Date: Wed Mar 6 15:23:58 2024 -0800 Change cache to avoid memory use Orignally, the cache was intended to be long lived to handle incoming webhooks at any time. Currently, we are just polling, and just need the cache to handle a single "EnforceAll" run, where we hit the same paths multiple times in that run. Therefore, change the cache to be per-installation, and free it after each "EnforceAll". Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 24b20ac Author: Jeff Mendoza <jlm@jlm.name> Date: Fri Mar 1 14:31:05 2024 -0800 Avoid panic when workflow dir contains other dirs. Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 68e3449 Author: Jeff Mendoza <jlm@jlm.name> Date: Fri Mar 1 11:42:41 2024 -0800 Avoid panic with scorecard logs. Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit c532eed Author: Jeff Mendoza <jlm@jlm.name> Date: Fri Mar 1 11:33:01 2024 -0800 Fix parsing of github action name. Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 609be43 Author: Jeff Mendoza <jlm@jlm.name> Date: Fri Mar 1 08:35:46 2024 -0800 Catch unknown scorecard check. Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 26a969c Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu Feb 29 13:13:07 2024 +0000 Bump sigstore/cosign-installer from 3.2.0 to 3.4.0 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.2.0 to 3.4.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@1fc5bd3...e1523de) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 61a80e1 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu Feb 29 13:13:04 2024 +0000 Bump actions/dependency-review-action from 3 to 4 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3 to 4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@v3...v4) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> commit c4fc8c4 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Feb 28 13:54:26 2024 +0000 Bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> commit a4b662a Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Feb 28 13:54:20 2024 +0000 Bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> commit 1192f07 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Feb 28 13:54:13 2024 +0000 Bump golangci/golangci-lint-action from 3 to 4 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v3...v4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> commit b48eddb Author: Jeff Mendoza <jlm@jlm.name> Date: Tue Feb 27 15:29:58 2024 -0800 Update a lot of go deps. Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 92f6ce6 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Nov 8 13:31:30 2023 +0000 Bump sigstore/cosign-installer from 3.0.5 to 3.2.0 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.2.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@dd6b2e2...1fc5bd3) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 83b10b5 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Sep 4 14:00:13 2023 +0000 Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> commit 3521ed8 Author: Colm O hEigeartaigh <coheigea@apache.org> Date: Mon Jan 8 11:45:27 2024 +0000 Don't create issues for dangerous workflows when we have an inconclusive result Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org> commit 2767817 Author: Raghav Kaul <raghavkaul@google.com> Date: Wed Nov 22 20:56:33 2023 +0000 Update scorecard Signed-off-by: Raghav Kaul <raghavkaul@google.com> update scorecard Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit c2c6202 Author: Raghav Kaul <raghavkaul@google.com> Date: Mon Nov 27 20:10:52 2023 +0000 Lock entire cleanup method * (Not sure if this is needed, githubclient.Close() is thread safe) Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit cd0a83b Author: Raghav Kaul <raghavkaul@google.com> Date: Mon Nov 27 20:10:07 2023 +0000 Initialize scClients map once globally Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit b9a43c0 Author: Raghav Kaul <raghavkaul@google.com> Date: Mon Nov 27 17:06:38 2023 +0000 Don't recreate scorecard clients multiple times Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit 968a887 Author: Raghav Kaul <raghavkaul@google.com> Date: Mon Nov 27 15:49:51 2023 +0000 Parameterize max goroutines Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit 00e8917 Author: Evan Anderson <evan@stacklok.com> Date: Sat Jun 24 11:33:33 2023 -0700 Rename `boolArgPtr` to 'runOnce` Signed-off-by: Evan Anderson <evan@stacklok.com> commit 1c18a33 Author: Jeff Mendoza <jlm@jlm.name> Date: Wed Nov 22 08:10:06 2023 -0800 Revert ossf#471 empty check Signed-off-by: Jeff Mendoza <jlm@jlm.name> commit 5bc0d49 Author: Raghav Kaul <raghavkaul@google.com> Date: Thu Nov 9 20:51:36 2023 +0000 update Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit 210e999 Author: Raghav Kaul <raghavkaul@google.com> Date: Wed Nov 8 20:45:11 2023 +0000 Use GitHub RepositoriesService.GetContent API Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit 4b3f718 Author: Raghav Kaul <raghavkaul@google.com> Date: Tue Nov 7 14:31:45 2023 +0000 Fix tests Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit 2531796 Author: Raghav Kaul <raghavkaul@google.com> Date: Mon Nov 6 20:30:18 2023 +0000 Skip empty repositories for enforcement Signed-off-by: Raghav Kaul <raghavkaul@google.com> commit 2ec2dca Author: Raghav Kaul <raghavkaul@google.com> Date: Thu Nov 16 16:26:40 2023 +0000 Update nocache condition Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Skip empty repositories for Allstar policy enforcement. Check whether they're empty using GitHub REST API.