Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup ossf scorecard and codql workflows #466

Merged
merged 3 commits into from
Jan 6, 2024
Merged

setup ossf scorecard and codql workflows #466

merged 3 commits into from
Jan 6, 2024

Conversation

mmorel-35
Copy link
Contributor

@mmorel-35 mmorel-35 commented Jan 5, 2024
edited
Loading

Signed-off-by: Matthieu MOREL matthieu.morel35@gmail.com

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@mmorel-35
setup ossf scorecard and codql workflows
2d493c5 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@mmorel-35 mmorel-35 marked this pull request as ready for review January 5, 2024 10:44
@mmorel-35
Copy link
Contributor Author

cc @phlax ,
Noticed that there is a formatter for the yaml files.

phlax
phlax reviewed Jan 5, 2024
View reviewed changes
Copy link
Member

@phlax phlax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mmorel-35 thanks - same style nits - indents/ordering etc - but otherwise lgtm

@mmorel-35
Update scorecard.yml
42b51fa 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@phlax
Copy link
Member

phlax commented Jan 5, 2024

Noticed that there is a formatter for the yaml files.

yeah yamllint - we wrap it with envoy.code.check - would be good to add that and glint to all of the repos (maintainers willing) as we did in toolshed

https://github.com/envoyproxy/toolshed/blob/fa87bda6b7edd8e426fded6587b5e773e45a026e/.github/workflows/ci.yml#L54-L63

@mmorel-35
Copy link
Contributor Author

@phlax would it be a lack of rights that explains the failure ?

@phlax
Copy link
Member

phlax commented Jan 5, 2024

seems there are 2 issues - the build issue looks a lot to me like a network transient

not sure about pre-commit issue but it seems to have gone away in last push

@phlax
Copy link
Member

phlax commented Jan 5, 2024

i dont think it can be permissions as such - its a pull_request trigger which is ~permissionless

@mmorel-35
Copy link
Contributor Author

OK ! Everything seems to work now.
Anything to add to merge this ?

@phlax
Copy link
Member

phlax commented Jan 5, 2024

could you fix the indents please - othewise lgtm

cc @ysawa0 @mattklein123 would be good to get signoff from a repo maintainer

@mmorel-35
Copy link
Contributor Author

mmorel-35 commented Jan 5, 2024
edited
Loading

"Fixing" the indent means changing the way it is actually done. It seems out of the scope of this PR.
Can it be done in another PR ?

@mmorel-35
Update main.yaml
15f4cca 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
ysawa0
ysawa0 reviewed Jan 6, 2024
View reviewed changes
integration-test/Dockerfile.tester
@@ -1,4 +1,4 @@
FROM alpine:latest
FROM alpine@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So moving forward we should always ref a sha for images and such?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah its generally preferable - but probs we can let dependabot or similar take care of it

ysawa0
ysawa0 approved these changes Jan 6, 2024
View reviewed changes
Copy link
Member

@ysawa0 ysawa0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, thank you.

@ysawa0 ysawa0 merged commit 9a18294 into envoyproxy:main Jan 6, 2024
6 checks passed
@mmorel-35 mmorel-35 deleted the ossf branch January 6, 2024 20:36
timcovar pushed a commit to goatapp/ratelimit that referenced this pull request Jan 16, 2024
@mmorel-35 @timcovar
setup ossf scorecard and codql workflows (envoyproxy#466)
04e95cc 
* setup ossf scorecard and codql workflows

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>

* Update scorecard.yml

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>

* Update main.yaml

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>

---------

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phlax phlax phlax left review comments

@ysawa0 ysawa0 ysawa0 approved these changes

Assignees

@ysawa0 ysawa0

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mmorel-35 @phlax @ysawa0