diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml index e1206208..1edd8f20 100644 --- a/.github/workflows/docker-image.yaml +++ b/.github/workflows/docker-image.yaml @@ -7,6 +7,7 @@ on: push: branches: - "main" + pull_request: env: REGISTRY: ghcr.io diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml deleted file mode 100644 index a10d5d2e..00000000 --- a/.github/workflows/pr.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: Pull Request -on: pull_request -permissions: - contents: read -jobs: - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v4 - with: - go-version: '1.20' - check-latest: true - - uses: golangci/golangci-lint-action@v6 - with: - args: --timeout 3m --verbose - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v4 - with: - go-version: '1.20' - check-latest: true - - run: go build -v ./... - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v4 - with: - go-version: '1.20' - check-latest: true - - run: go test -v ./... - - run: go vet ./... - dependency-review: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/dependency-review-action@v4 diff --git a/MAINTAINERS.md b/MAINTAINERS.md new file mode 100644 index 00000000..9070adb5 --- /dev/null +++ b/MAINTAINERS.md @@ -0,0 +1,23 @@ +# Maintainers + +## `allstar-maintainers` + +- @jeffmendoza + +## Contributors + +- @coheigea +- @danielbankhead +- @five510 +- @justaugustus +- @markdboyd +- @naveensrinivasan +- @olivekl +- @yorinasub17 + +## Emeritus + +Former maintainers are listed here. +Thanks for your contributions to Scorecard! + +- diff --git a/README.md b/README.md index 86d18435..a084b996 100644 --- a/README.md +++ b/README.md @@ -48,9 +48,7 @@ that affect the security of your projects. You can choose which security policies to monitor at both the organization and repository level, and how to handle policy violations. You can also develop or contribute new policies. -Allstar is developed under the [OpenSSF](https://openssf.org/) organization, as -a part of the [Securing Critical Projects Working -Group](https://github.com/ossf/wg-securing-critical-projects). +Allstar is developed as a part of the [OpenSSF Scorecard](https://github.com/ossf/scorecard) project. ## Getting Started diff --git a/allstar b/allstar new file mode 100755 index 00000000..8d3813de Binary files /dev/null and b/allstar differ diff --git a/cmd/allstar/main.go b/cmd/allstar/main.go index b37aff3d..b57c7b6a 100644 --- a/cmd/allstar/main.go +++ b/cmd/allstar/main.go @@ -25,9 +25,9 @@ import ( "syscall" "time" - "github.com/contentful/allstar/pkg/enforce" - "github.com/contentful/allstar/pkg/ghclients" - "github.com/contentful/allstar/pkg/policies" + "github.com/ossf/allstar/pkg/enforce" + "github.com/ossf/allstar/pkg/ghclients" + "github.com/ossf/allstar/pkg/policies" "github.com/rs/zerolog" "github.com/rs/zerolog/log" @@ -56,7 +56,8 @@ func main() { supportedPoliciesMsg += policyName } } - boolArgPtr := flag.Bool("once", false, "Run EnforceAll once, instead of in a continuous loop.") + var runOnce bool + flag.BoolVar(&runOnce, "once", false, "Run EnforceAll once, instead of in a continuous loop.") specificPolicyArg := flag.String("policy", "", fmt.Sprintf("Run a specific policy check. Supported policies: %s", supportedPoliciesMsg)) specificRepoArg := flag.String("repo", "", "Run on a specific \"owner/repo\". For example \"ossf/allstar\"") @@ -79,7 +80,7 @@ func main() { Msg(fmt.Sprintf("Allstar will only run on repository %s", *specificRepoArg)) } - if *boolArgPtr { + if runOnce { _, err := enforce.EnforceAll(ctx, ghc, *specificPolicyArg, *specificRepoArg) if err != nil { log.Fatal(). diff --git a/cmd/reviewbot/main.go b/cmd/reviewbot/main.go index b52cec72..ad1421e0 100644 --- a/cmd/reviewbot/main.go +++ b/cmd/reviewbot/main.go @@ -19,7 +19,7 @@ import ( "os" "strconv" - "github.com/contentful/allstar/pkg/reviewbot" + "github.com/ossf/allstar/pkg/reviewbot" "github.com/rs/zerolog" "github.com/rs/zerolog/log" ) diff --git a/go.mod b/go.mod index 11a10e19..cc5b6cff 100644 --- a/go.mod +++ b/go.mod @@ -1,24 +1,22 @@ -module github.com/contentful/allstar +module github.com/ossf/allstar -go 1.21 - -toolchain go1.21.4 +go 1.21.8 require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 - github.com/evanphx/json-patch v5.9.0+incompatible + github.com/evanphx/json-patch/v5 v5.9.0 github.com/gobwas/glob v0.2.3 github.com/google/go-cmp v0.6.0 - github.com/google/go-github/v50 v50.2.0 + github.com/google/go-github/v59 v59.0.0 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 - github.com/ossf/scorecard/v4 v4.10.5 + github.com/ossf/scorecard/v4 v4.13.2-0.20240326192505-153e06d99fed github.com/rhysd/actionlint v1.7.1 github.com/rs/zerolog v1.33.0 github.com/shurcooL/githubv4 v0.0.0-20210725200734-83ba7b4c9228 gocloud.dev v0.37.0 golang.org/x/sync v0.7.0 - sigs.k8s.io/yaml v1.3.0 + sigs.k8s.io/yaml v1.4.0 ) require ( @@ -28,11 +26,13 @@ require ( cloud.google.com/go/iam v1.1.6 // indirect cloud.google.com/go/secretmanager v1.11.5 // indirect cloud.google.com/go/storage v1.39.1 // indirect - github.com/BurntSushi/toml v1.2.1 // indirect - github.com/CycloneDX/cyclonedx-go v0.7.0 // indirect + dario.cat/mergo v1.0.0 // indirect + deps.dev/api/v3alpha v0.0.0-20240312000934-38ffc8dd1d92 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/CycloneDX/cyclonedx-go v0.8.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect - github.com/acomagu/bufpipe v1.0.3 // indirect + github.com/ProtonMail/go-crypto v1.0.0 // indirect + github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9 // indirect github.com/aws/aws-sdk-go v1.50.36 // indirect github.com/aws/aws-sdk-go-v2 v1.25.3 // indirect github.com/aws/aws-sdk-go-v2/config v1.27.7 // indirect @@ -50,33 +50,32 @@ require ( github.com/aws/smithy-go v1.20.1 // indirect github.com/bombsimon/logrusr/v2 v2.0.1 // indirect github.com/cloudflare/circl v1.3.7 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect - github.com/containerd/typeurl v1.0.2 // indirect - github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/docker/cli v23.0.5+incompatible // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v25.0.0+incompatible // indirect - github.com/docker/docker-credential-helpers v0.7.0 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect + github.com/containerd/typeurl/v2 v2.1.1 // indirect + github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/dghubble/trie v0.1.0 // indirect + github.com/docker/cli v25.0.3+incompatible // indirect + github.com/docker/distribution v2.8.3+incompatible // indirect + github.com/docker/docker v25.0.5+incompatible // indirect + github.com/docker/docker-credential-helpers v0.8.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/fatih/color v1.17.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/frankban/quicktest v1.14.5 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-git/gcfg v1.5.0 // indirect - github.com/go-git/go-billy/v5 v5.4.1 // indirect - github.com/go-git/go-git/v5 v5.5.2 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-git/go-billy/v5 v5.5.0 // indirect + github.com/go-git/go-git/v5 v5.11.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/go-containerregistry v0.15.2 // indirect - github.com/google/go-github/v38 v38.1.0 // indirect + github.com/google/go-containerregistry v0.19.1 // indirect + github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-github/v62 v62.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/osv-scanner v1.2.1-0.20230302232134-592acbc2539b // indirect - github.com/google/pprof v0.0.0-20240117000934-35fc243c5815 // indirect + github.com/google/osv-scanner v1.7.1 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/google/wire v0.6.0 // indirect @@ -85,39 +84,37 @@ require ( github.com/h2non/filetype v1.1.3 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.5.0 // indirect - github.com/hashicorp/go-retryablehttp v0.7.4 // indirect - github.com/imdario/mergo v0.3.16 // indirect + github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/jedib0t/go-pretty/v6 v6.4.4 // indirect + github.com/jedib0t/go-pretty/v6 v6.5.5 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/compress v1.17.4 // indirect - github.com/matryer/is v1.4.0 // indirect + github.com/klauspost/compress v1.17.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/moby/buildkit v0.11.4 // indirect - github.com/onsi/ginkgo/v2 v2.9.4 // indirect - github.com/onsi/gomega v1.27.6 // indirect + github.com/moby/buildkit v0.13.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc3 // indirect - github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 // indirect - github.com/pjbgf/sha1cd v0.2.3 // indirect + github.com/opencontainers/image-spec v1.1.0-rc5 // indirect + github.com/owenrumney/go-sarif/v2 v2.3.0 // indirect + github.com/package-url/packageurl-go v0.1.2 // indirect + github.com/pandatix/go-cvss v0.6.2 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/robfig/cron/v3 v3.0.1 // indirect - github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sergi/go-diff v1.3.1 // indirect github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/skeema/knownhosts v1.1.0 // indirect + github.com/skeema/knownhosts v1.2.1 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect - github.com/spdx/tools-golang v0.4.0 // indirect + github.com/spdx/tools-golang v0.5.3 // indirect github.com/stretchr/testify v1.9.0 // indirect - github.com/vbatts/tar-split v0.11.3 // indirect - github.com/xanzy/go-gitlab v0.83.0 // indirect + github.com/vbatts/tar-split v0.11.5 // indirect + github.com/xanzy/go-gitlab v0.101.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect @@ -125,17 +122,16 @@ require ( go.opentelemetry.io/otel v1.24.0 // indirect go.opentelemetry.io/otel/metric v1.24.0 // indirect go.opentelemetry.io/otel/trace v1.24.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f // indirect + golang.org/x/mod v0.16.0 // indirect + golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.17.0 // indirect - golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6 // indirect + golang.org/x/tools v0.19.0 // indirect + golang.org/x/vuln v1.0.4 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/api v0.169.0 // indirect google.golang.org/appengine v1.6.8 // indirect @@ -145,8 +141,7 @@ require ( google.golang.org/grpc v1.62.1 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gotest.tools/v3 v3.5.1 // indirect - mvdan.cc/sh/v3 v3.6.0 // indirect + mvdan.cc/sh/v3 v3.8.0 // indirect ) diff --git a/go.sum b/go.sum index cabedfb9..198c0de9 100644 --- a/go.sum +++ b/go.sum @@ -15,23 +15,28 @@ cloud.google.com/go/secretmanager v1.11.5 h1:82fpF5vBBvu9XW4qj0FU2C6qVMtj1RM/XHw cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4= cloud.google.com/go/storage v1.39.1 h1:MvraqHKhogCOTXTlct/9C3K3+Uy2jBmFYb3/Sp6dVtY= cloud.google.com/go/storage v1.39.1/go.mod h1:xK6xZmxZmo+fyP7+DEF6FhNc24/JAe95OLyOHCXFH1o= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +deps.dev/api/v3alpha v0.0.0-20240312000934-38ffc8dd1d92 h1:iOI1Nf2XI9FGluEmEFuKT6XgfFUb0LESmfUcVuOBNDA= +deps.dev/api/v3alpha v0.0.0-20240312000934-38ffc8dd1d92/go.mod h1:uRN72FJn1F0FD/2ZYUOqdyFMu8VUsyHxvmZAMW30/DA= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9QoSmhK/zg= -github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M= +github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= -github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= +github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= +github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9 h1:6COpXWpHbhWM1wgcQN95TdsmrLTba8KQfPgImBXzkjA= +github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= +github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.50.36 h1:PjWXHwZPuTLMR1NIb8nEjLucZBMzmf84TLoLbD8BZqk= @@ -82,62 +87,70 @@ github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 h1:R9d0v+iobRHSaE4wKUnXFiZp53 github.com/bradleyfalzon/ghinstallation/v2 v2.11.0/go.mod h1:0LWKQwOHewXO/1acI6TtyE0Xc4ObDb2rFN7eHBAG71M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= -github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= -github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY= -github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= +github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= +github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= +github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= +github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE= -github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v25.0.0+incompatible h1:g9b6wZTblhMgzOT2tspESstfw6ySZ9kdm94BLDKaZac= -github.com/docker/docker v25.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= -github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= +github.com/dghubble/trie v0.1.0 h1:kJnjBLFFElBwS60N4tkPvnLhnpcDxbBjIulgI8CpNGM= +github.com/dghubble/trie v0.1.0/go.mod h1:sOmnzfBNH7H92ow2292dDFWNsVQuh/izuD7otCYb1ak= +github.com/docker/cli v25.0.3+incompatible h1:KLeNs7zws74oFuVhgZQ5ONGZiXUUdgsdy6/EsX/6284= +github.com/docker/cli v25.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= +github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= +github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= +github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= -github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= -github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/gkampitakis/ciinfo v0.3.0 h1:gWZlOC2+RYYttL0hBqcoQhM7h1qNkVqvRCV1fOvpAv8= +github.com/gkampitakis/ciinfo v0.3.0/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= +github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZdC4M= +github.com/gkampitakis/go-diff v1.3.2/go.mod h1:LLgOrpqleQe26cte8s36HTWcTmMEur6OPYerdAAS9tk= +github.com/gkampitakis/go-snaps v0.5.2 h1:ay/6f7WHwRkOgpBec9DjMLRBAApziJommZ21NkOOCwY= +github.com/gkampitakis/go-snaps v0.5.2/go.mod h1:ZABkO14uCuVxBHAXAfKG+bqNz+aa1bGPAg8jkI0Nk8Y= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-billy/v5 v5.4.0/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= -github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= -github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.5.2 h1:v8lgZa5k9ylUw+OR/roJHTxR4QItsNFI5nKtAXFuynw= -github.com/go-git/go-git/v5 v5.5.2/go.mod h1:BE5hUJ5yaV2YMxhmaP4l6RBQ08kMxKSPD4BlxtH7OjI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= +github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= +github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= +github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= github.com/go-logr/logr v1.0.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= @@ -161,7 +174,9 @@ github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -181,20 +196,17 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE= -github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= -github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= -github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= -github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk= -github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q= +github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= +github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI= +github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= +github.com/google/go-github/v59 v59.0.0 h1:7h6bgpF5as0YQLLkEiVqpgtJqjimMYhBkD4jT5aN3VA= +github.com/google/go-github/v59 v59.0.0/go.mod h1:rJU4R0rQHFVFDOkqGWxfLNo6vEk4dv40oDjhV/gH6wM= github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4= github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-replayers/grpcreplay v1.1.0 h1:S5+I3zYyZ+GQz68OfbURDdt/+cSMqCK1wrvNx7WBzTE= @@ -203,8 +215,8 @@ github.com/google/go-replayers/httpreplay v1.2.0 h1:VM1wEyyjaoU53BwrOnaf9VhAyQQE github.com/google/go-replayers/httpreplay v1.2.0/go.mod h1:WahEFFZZ7a1P4VM1qEeHy+tME4bwyqPcwWbNlUI1Mcg= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.2.1-0.20230302232134-592acbc2539b h1:i51oNIa4JdwBAKDnZjvxGq9jOHKZ3OPZtLrTz8aHaAA= -github.com/google/osv-scanner v1.2.1-0.20230302232134-592acbc2539b/go.mod h1:bzlupbn+xUEuPbu4cuCN4HlpD2eMPmMNj8Qqwu8s9vM= +github.com/google/osv-scanner v1.7.1 h1:xVLRp7nFNtBphuIF63++T1TW5ViO2eW5UrwyqvKauGk= +github.com/google/osv-scanner v1.7.1/go.mod h1:f1oLmNj+LnHwsJn5UYOY1FASeBL+C13JKI+O7HNahcs= github.com/google/pprof v0.0.0-20240117000934-35fc243c5815 h1:WzfWbQz/Ze8v6l++GGbGNFZnUShVpP/0xffCPLL+ax8= github.com/google/pprof v0.0.0-20240117000934-35fc243c5815/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= @@ -228,16 +240,14 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= -github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= -github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= +github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465 h1:KwWnWVWCNtNq/ewIX7HIKnELmEx2nDP42yskD/pi7QE= +github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jedib0t/go-pretty/v6 v6.4.4 h1:N+gz6UngBPF4M288kiMURPHELDMIhF/Em35aYuKrsSc= -github.com/jedib0t/go-pretty/v6 v6.4.4/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgOcwOkwBEkMDJI= -github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= +github.com/jedib0t/go-pretty/v6 v6.5.5 h1:PpIU8lOjxvVYGGKule0QxxJfNysUSbC9lggQU2cpZJc= +github.com/jedib0t/go-pretty/v6 v6.5.5/go.mod h1:5LQIxa52oJ/DlDSLv0HEkWOFMDGoWkJb9ss5KqPpJBg= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -246,8 +256,8 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg= +github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -257,9 +267,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= -github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= -github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= +github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= +github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -270,32 +279,33 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/moby/buildkit v0.11.4 h1:mleVHr+n7HUD65QNUkgkT3d8muTzhYUoHE9FM3Ej05s= -github.com/moby/buildkit v0.11.4/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= -github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= -github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= +github.com/moby/buildkit v0.13.1 h1:L8afOFhPq2RPJJSr/VyzbufwID7jquZVB7oFHbPRcPE= +github.com/moby/buildkit v0.13.1/go.mod h1:aNmNQKLBFYAOFuzQjR3VA27/FijlvtBD1pjNwTSN37k= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8= -github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= -github.com/ossf/scorecard/v4 v4.10.5 h1:V3ZxLj2rEwAllytkIfVQXEWr3Nl9Ad9NkxZSMaS/+iA= -github.com/ossf/scorecard/v4 v4.10.5/go.mod h1:3s+OtLNXoqpQCyBpV0XuCjV95uJHMUhRjwEg9xIKZ+k= -github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 h1:DiLBVp4DAcZlBVBEtJpNWZpZVq0AEeCY7Hqk8URVs4o= -github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= -github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI= -github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= +github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= +github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/ossf/scorecard/v4 v4.13.2-0.20240326192505-153e06d99fed h1:BpTIzoTU+eU/7ME6gS9T90goSpCt+4IqbK9EbTkc5d8= +github.com/ossf/scorecard/v4 v4.13.2-0.20240326192505-153e06d99fed/go.mod h1:nUXMMiLVSTrO1k0NDu2H8Jg8RUkbeurS+DJQzbItuk4= +github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= +github.com/owenrumney/go-sarif/v2 v2.3.0 h1:wP5yEpI53zr0v5cBmagXzLbHZp9Oylyo3AJDpfLBITs= +github.com/owenrumney/go-sarif/v2 v2.3.0/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= +github.com/package-url/packageurl-go v0.1.2 h1:0H2DQt6DHd/NeRlVwW4EZ4oEI6Bn40XlNPRqegcxuo4= +github.com/package-url/packageurl-go v0.1.2/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= +github.com/pandatix/go-cvss v0.6.2 h1:TFiHlzUkT67s6UkelHmK6s1INKVUG7nlKYiWWDTITGI= +github.com/pandatix/go-cvss v0.6.2/go.mod h1:jDXYlQBZrc8nvrMUVVvTG8PhmuShOnKrxP53nOFkt8Q= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -307,14 +317,11 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8= github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/shurcooL/githubv4 v0.0.0-20210725200734-83ba7b4c9228 h1:N5B+JgvM/DVYIxreItPJMM3yWrNO/GB2q4nESrtBisM= @@ -323,16 +330,15 @@ github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a h1:KikTa6HtAK8cS1 github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a/go.mod h1:AuYgA5Kyo4c7HfUmvRGs/6rGlMMV/6B1bVnB9JxJEEg= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= -github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= +github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= +github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 h1:dArkMwZ7Mf2JiU8OfdmqIv8QaHT4oyifLIe1UhsF1SY= github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= -github.com/spdx/tools-golang v0.4.0 h1:jdhnW8zYelURCbYTphiviFKZkWu51in0E4A1KT2csP0= -github.com/spdx/tools-golang v0.4.0/go.mod h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM= +github.com/spdx/tools-golang v0.5.3 h1:ialnHeEYUC4+hkm5vJm4qz2x+oEJbS0mAMFrNXdQraY= +github.com/spdx/tools-golang v0.5.3/go.mod h1:/ETOahiAo96Ob0/RAIBmFZw6XN0yTnyr/uFZm2NTMhI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -342,21 +348,39 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= -github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck= -github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= -github.com/xanzy/go-gitlab v0.83.0 h1:37p0MpTPNbsTMKX/JnmJtY8Ch1sFiJzVF342+RvZEGw= -github.com/xanzy/go-gitlab v0.83.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/terminalstatic/go-xsd-validate v0.1.5 h1:RqpJnf6HGE2CB/lZB1A8BYguk8uRtcvYAPLCF15qguo= +github.com/terminalstatic/go-xsd-validate v0.1.5/go.mod h1:18lsvYFofBflqCrvo1umpABZ99+GneNTw2kEEc8UPJw= +github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= +github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= +github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= +github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= +github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= +github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/xanzy/go-gitlab v0.101.0 h1:qRgvX8DNE19zRugB6rnnZMZ5ubhITSKPLNWEyc6UIPg= +github.com/xanzy/go-gitlab v0.101.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= @@ -377,17 +401,16 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f h1:3CW0unweImhOzd5FmYuRsD4Y4oQFKZIjAnKbjV4WIrw= +golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -396,28 +419,31 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= +golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= @@ -438,25 +464,19 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210608053332-aa57babbf139/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -468,21 +488,24 @@ golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= @@ -500,10 +523,11 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= -golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6 h1:XZD8apnMaMVuqE3ZEzf5JJncKMlOsMnnov7U+JRT/d4= -golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6/go.mod h1:cBP4HMKv0X+x96j8IJWCKk0eqpakBmmHjKGSSC0NaYE= +golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= +golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= +golang.org/x/vuln v1.0.4 h1:SP0mPeg2PmGCu03V+61EcQiOjmpri2XijexKdzv8Z1I= +golang.org/x/vuln v1.0.4/go.mod h1:NbJdUQhX8jY++FtuhrXs2Eyx0yePo9pF7nPlIjo9aaQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -514,6 +538,7 @@ google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY= google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -543,36 +568,30 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= -gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk= -honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= -mvdan.cc/sh/v3 v3.6.0 h1:gtva4EXJ0dFNvl5bHjcUEvws+KRcDslT8VKheTYkbGU= -mvdan.cc/sh/v3 v3.6.0/go.mod h1:U4mhtBLZ32iWhif5/lD+ygy1zrgaQhUu+XFy7C8+TTA= -mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5 h1:Jh3LAeMt1eGpxomyu3jVkmVZWW2MxZ1qIIV2TZ/nRio= -mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5/go.mod h1:b8RRCBm0eeiWR8cfN88xeq2G5SG3VKGO+5UPWi5FSOY= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +mvdan.cc/sh/v3 v3.8.0 h1:ZxuJipLZwr/HLbASonmXtcvvC9HXY9d2lXZHnKGjFc8= +mvdan.cc/sh/v3 v3.8.0/go.mod h1:w04623xkgBVo7/IUK89E0g8hBykgEpN0vgOj3RJr6MY= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/config/config.go b/pkg/config/config.go index 37ed8779..7658ea60 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -22,10 +22,10 @@ import ( "path" "strings" - "github.com/contentful/allstar/pkg/config/operator" + "github.com/ossf/allstar/pkg/config/operator" - jsonpatch "github.com/evanphx/json-patch" - "github.com/google/go-github/v50/github" + jsonpatch "github.com/evanphx/json-patch/v5" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" "sigs.k8s.io/yaml" ) diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 61a2d5ed..c4452134 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -22,9 +22,9 @@ import ( "strings" "testing" - "github.com/contentful/allstar/pkg/config/operator" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config/operator" "sigs.k8s.io/yaml" ) diff --git a/pkg/config/contents.go b/pkg/config/contents.go index 2e37b45c..c1044e0f 100644 --- a/pkg/config/contents.go +++ b/pkg/config/contents.go @@ -20,7 +20,7 @@ import ( "net/http" "path" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" ) func walkGetContents(ctx context.Context, r repositories, owner, repo, p string, diff --git a/pkg/config/location.go b/pkg/config/location.go index a3b5a795..97a17178 100644 --- a/pkg/config/location.go +++ b/pkg/config/location.go @@ -19,7 +19,7 @@ import ( "net/http" "sync" - "github.com/contentful/allstar/pkg/config/operator" + "github.com/ossf/allstar/pkg/config/operator" ) type instLoc struct { diff --git a/pkg/config/operator/operator.go b/pkg/config/operator/operator.go index 1b1d1541..636138a9 100644 --- a/pkg/config/operator/operator.go +++ b/pkg/config/operator/operator.go @@ -82,7 +82,7 @@ const GitHubIssueLabel = "allstar" // GitHubIssueFooter is added to the end of GitHub issues. const GitHubIssueFooter = `This issue will auto resolve when the policy is in compliance. -Issue created by Allstar. See https://github.com/contentful/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.` +Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.` // AllowedOrganizations is the set of GitHub repositories on which this Allstar instance // is allowed to be installed. This allows a public GitHub app to be shared between GitHub @@ -95,6 +95,12 @@ const setNoticePingDurationHrs = (24 * time.Hour) var NoticePingDuration time.Duration +// NumWorkers is the number of concurrent orginazations/installations the +// Allstar binary will scan concurrently. +const setNumWorkers = 5 + +var NumWorkers int + var osGetenv func(string) string func init() { @@ -147,4 +153,12 @@ func setVars() { allowedOrgs := osGetenv("GITHUB_ALLOWED_ORGS") AllowedOrganizations = strings.Split(allowedOrgs, ",") + + nws := osGetenv("ALLSTAR_NUM_WORKERS") + nw, err := strconv.Atoi(nws) + if err == nil { + NumWorkers = nw + } else { + NumWorkers = setNumWorkers + } } diff --git a/pkg/config/schedule/schedule.go b/pkg/config/schedule/schedule.go index df75569e..feefd6f6 100644 --- a/pkg/config/schedule/schedule.go +++ b/pkg/config/schedule/schedule.go @@ -20,7 +20,7 @@ import ( "strings" "time" - "github.com/contentful/allstar/pkg/config" + "github.com/ossf/allstar/pkg/config" "github.com/rs/zerolog/log" ) diff --git a/pkg/config/schedule/schedule_test.go b/pkg/config/schedule/schedule_test.go index 29158b4c..7c61ef1e 100644 --- a/pkg/config/schedule/schedule_test.go +++ b/pkg/config/schedule/schedule_test.go @@ -18,7 +18,7 @@ import ( "testing" "time" - "github.com/contentful/allstar/pkg/config" + "github.com/ossf/allstar/pkg/config" ) func timeFromDay(wd time.Weekday) time.Time { diff --git a/pkg/enforce/enforce.go b/pkg/enforce/enforce.go index 5c1d3302..afee5c0d 100644 --- a/pkg/enforce/enforce.go +++ b/pkg/enforce/enforce.go @@ -22,16 +22,16 @@ import ( "sync" "time" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/config/operator" - "github.com/contentful/allstar/pkg/ghclients" - "github.com/contentful/allstar/pkg/issue" - "github.com/contentful/allstar/pkg/policies" - "github.com/contentful/allstar/pkg/policydef" - "github.com/contentful/allstar/pkg/scorecard" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/config/operator" + "github.com/ossf/allstar/pkg/ghclients" + "github.com/ossf/allstar/pkg/issue" + "github.com/ossf/allstar/pkg/policies" + "github.com/ossf/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/scorecard" "golang.org/x/sync/errgroup" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) @@ -85,10 +85,13 @@ func EnforceAll(ctx context.Context, ghc ghclients.GhClientsInterface, specificP Msg("Enforcing policies on installations.") g, ctx := errgroup.WithContext(ctx) - g.SetLimit(5) + g.SetLimit(operator.NumWorkers) var mu sync.Mutex for _, i := range insts { + if ctx.Err() != nil { + break + } if i.SuspendedAt != nil { log.Info(). Str("area", "bot"). @@ -156,6 +159,7 @@ func EnforceAll(ctx context.Context, ghc ghclients.GhClientsInterface, specificP } enforceAllResults[policyName]["totalFailed"] += results["totalFailed"] } + ghc.Free(iid) mu.Unlock() if err != nil { @@ -170,7 +174,6 @@ func EnforceAll(ctx context.Context, ghc ghclients.GhClientsInterface, specificP if err := g.Wait(); err != nil { return enforceAllResults, err } - ghc.LogCacheSize() log.Info(). Str("area", "bot"). Int("count", repoCount). @@ -356,6 +359,7 @@ func runPoliciesReal(ctx context.Context, c *github.Client, owner, repo string, Msg("Policy run skipped as repo is not enabled and doNothingOnOptOut is configured.") continue } + r, err := p.Check(ctx, c, owner, repo) if err != nil { return nil, err diff --git a/pkg/enforce/enforce_test.go b/pkg/enforce/enforce_test.go index da042f38..28e97d7c 100644 --- a/pkg/enforce/enforce_test.go +++ b/pkg/enforce/enforce_test.go @@ -23,10 +23,10 @@ import ( "strings" "testing" - "github.com/contentful/allstar/pkg/config/operator" - "github.com/contentful/allstar/pkg/policydef" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config/operator" + "github.com/ossf/allstar/pkg/policydef" ) var policy1Results policyRepoResults @@ -89,7 +89,7 @@ func (m MockGhClients) Get(i int64) (*github.Client, error) { return github.NewClient(&http.Client{}), nil } -func (m MockGhClients) LogCacheSize() {} +func (m MockGhClients) Free(i int64) {} func TestRunPolicies(t *testing.T) { policiesGetPolicies = func() []policydef.Policy { diff --git a/pkg/ghclients/ghclients.go b/pkg/ghclients/ghclients.go index 6bafe7f9..187e8032 100644 --- a/pkg/ghclients/ghclients.go +++ b/pkg/ghclients/ghclients.go @@ -21,9 +21,9 @@ import ( "net/http" "github.com/bradleyfalzon/ghinstallation/v2" - "github.com/contentful/allstar/pkg/config/operator" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/gregjones/httpcache" + "github.com/ossf/allstar/pkg/config/operator" "gocloud.dev/runtimevar" _ "gocloud.dev/runtimevar/awssecretsmanager" _ "gocloud.dev/runtimevar/filevar" @@ -49,7 +49,7 @@ func init() { type GhClientsInterface interface { Get(i int64) (*github.Client, error) - LogCacheSize() + Free(i int64) } // GHClients stores clients per-installation for re-use throughout a process. @@ -57,7 +57,6 @@ type GHClients struct { clients map[int64]*github.Client tr http.RoundTripper key []byte - cache *memoryCache } // NewGHClients returns a new GHClients. The provided RoundTripper will be @@ -71,10 +70,13 @@ func NewGHClients(ctx context.Context, t http.RoundTripper) (*GHClients, error) clients: make(map[int64]*github.Client), tr: t, key: key, - cache: newMemoryCache(), }, nil } +func (g *GHClients) Free(i int64) { + delete(g.clients, i) +} + // Get gets the client for installation id i, If i is 0 it gets the client for // the app-level api. If a stored client is not available, it creates a new // client with auth and caching built in. @@ -85,7 +87,7 @@ func (g *GHClients) Get(i int64) (*github.Client, error) { ctr := &httpcache.Transport{ Transport: g.tr, - Cache: g.cache, + Cache: newMemoryCache(), MarkCachedResponses: true, } @@ -103,10 +105,6 @@ func (g *GHClients) Get(i int64) (*github.Client, error) { return g.clients[i], nil } -func (g *GHClients) LogCacheSize() { - g.cache.LogCacheSize() -} - func getKeyFromSecretReal(ctx context.Context, keySecretVal string) ([]byte, error) { v, err := runtimevar.OpenVariable(ctx, keySecretVal) if err != nil { diff --git a/pkg/ghclients/memorycache.go b/pkg/ghclients/memorycache.go index 2ba191e9..aa60cded 100644 --- a/pkg/ghclients/memorycache.go +++ b/pkg/ghclients/memorycache.go @@ -53,10 +53,12 @@ func (c *memoryCache) Get(key string) (resp []byte, ok bool) { // Set saves response resp to the cache with key func (c *memoryCache) Set(key string, resp []byte) { - if strings.Contains(key, ".tar.gz") { + if strings.Contains(key, ".tar.gz") || strings.Contains(key, "tarball/") { // Don't cache tarballs. Currently GitHub redirects tarball downloads to a // URL that looks like this: // "https://codeload.github.com///legacy.tar.gz/refs/heads/main" + // Scorecard requests tarballs that look like: + // "https://api.github.com/repos///tarball/" // Hopefully this continues to have ".tar.gz" in it. return } diff --git a/pkg/issue/issue.go b/pkg/issue/issue.go index d27e715f..5e9e5ae2 100644 --- a/pkg/issue/issue.go +++ b/pkg/issue/issue.go @@ -24,12 +24,12 @@ import ( "strings" "time" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/config/operator" - "github.com/contentful/allstar/pkg/config/schedule" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/config/operator" + "github.com/ossf/allstar/pkg/config/schedule" "github.com/rs/zerolog/log" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" ) const issueRepoTitle = "Security Policy violation for repository %q %v" @@ -139,7 +139,7 @@ func ensure(ctx context.Context, c *github.Client, issues issues, owner, repo, p if !strings.Contains(issue.GetBody(), hash) && hasIssueSection(issue.GetBody(), updateSectionName) { // Comment update and update issue body commentBody := fmt.Sprintf("The policy result has been updated.\n\n---\n\n%s", text) - comment, _, err := issues.CreateComment(ctx, owner, repo, issue.GetNumber(), &github.IssueComment{ + comment, _, err := issues.CreateComment(ctx, owner, issueRepo, issue.GetNumber(), &github.IssueComment{ Body: &commentBody, }) if err != nil { @@ -159,7 +159,7 @@ func ensure(ctx context.Context, c *github.Client, issues issues, owner, repo, p } // Ensure issue is open as well state := "open" - _, _, err = issues.Edit(ctx, owner, repo, issue.GetNumber(), &github.IssueRequest{ + _, _, err = issues.Edit(ctx, owner, issueRepo, issue.GetNumber(), &github.IssueRequest{ State: &state, Body: &newBody, }) @@ -287,7 +287,7 @@ func createIssueBody(owner, repo, text, hash, footer string, isIssueRepo bool) s refersTo = fmt.Sprintf(" and refers to [%s](https://github.com/%s)", ownerRepo, ownerRepo) } editHeader := issueSectionHeader(updateSectionName) - return fmt.Sprintf("_This issue was automatically created by [Allstar](https://github.com/contentful/allstar/)%s._\n\n**Security Policy Violation**\n"+ + return fmt.Sprintf("_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/)%s._\n\n**Security Policy Violation**\n"+ "%v\n\n---\n\n%s%s%s\n%v", refersTo, text, editHeader, fmt.Sprintf(resultTextHashCommentFormat, hash), editHeader, footer) } diff --git a/pkg/issue/issue_test.go b/pkg/issue/issue_test.go index c87fc82f..21e8d6cd 100644 --- a/pkg/issue/issue_test.go +++ b/pkg/issue/issue_test.go @@ -21,10 +21,10 @@ import ( "testing" "time" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/config/operator" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/config/operator" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" ) var listByRepo func(context.Context, string, string, @@ -70,8 +70,8 @@ func TestEnsure(t *testing.T) { issueTitleOtherRepo := "Security Policy violation for repository \"\" thispolicy" closed := "closed" open := "open" - body := "_This issue was automatically created by [Allstar](https://github.com/contentful/allstar/)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/contentful/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer." - bodyOtherRepo := "_This issue was automatically created by [Allstar](https://github.com/contentful/allstar/) and refers to [/](https://github.com//)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/contentful/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer." + body := "_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer." + bodyOtherRepo := "_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/) and refers to [/](https://github.com//)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer." configGetAppConfigs = func(context.Context, *github.Client, string, string) (*config.OrgConfig, *config.RepoConfig, *config.RepoConfig) { return &config.OrgConfig{}, &config.RepoConfig{}, &config.RepoConfig{} } @@ -142,7 +142,7 @@ func TestEnsure(t *testing.T) { configGetAppConfigs = func(context.Context, *github.Client, string, string) (*config.OrgConfig, *config.RepoConfig, *config.RepoConfig) { return &config.OrgConfig{IssueFooter: "CustomFooter"}, &config.RepoConfig{}, &config.RepoConfig{} } - bodyWithFooter := "_This issue was automatically created by [Allstar](https://github.com/contentful/allstar/)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n\nCustomFooter\n\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/contentful/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer." + bodyWithFooter := "_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n\nCustomFooter\n\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer." listByRepo = func(ctx context.Context, owner string, repo string, opts *github.IssueListByRepoOptions) ([]*github.Issue, *github.Response, error) { return make([]*github.Issue, 0), &github.Response{NextPage: 0}, nil diff --git a/pkg/policies/action/action.go b/pkg/policies/action/action.go index 6f7d3f33..da8aba08 100644 --- a/pkg/policies/action/action.go +++ b/pkg/policies/action/action.go @@ -18,24 +18,21 @@ package action import ( "context" "fmt" - "regexp" "sort" "strings" "github.com/Masterminds/semver/v3" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" "github.com/rhysd/actionlint" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) const configFile = "actions.yaml" const polName = "GitHub Actions" -var actionNameVersionRegex = regexp.MustCompile(`^([a-zA-Z0-9_\-.]+\/[a-zA-Z0-9_\-.]+)@([a-zA-Z0-9\-.]+)$`) - const failText = "This policy, specified at the organization level, sets requirements for Action use by repos within the organization. This repo is failing to fully comply with organization policies, as explained below.\n\n```\n%s```\n\nSee the org-level %s policy configuration for details." const maxWorkflows = 50 @@ -270,8 +267,8 @@ func (a Action) Check(ctx context.Context, c *github.Client, owner, // Missing uses in step continue } - sm := actionNameVersionRegex.FindStringSubmatch(actionStep.Uses.Value) - if sm == nil { + sm := strings.SplitN(actionStep.Uses.Value, "@", 2) + if len(sm) != 2 { // Ignore invalid Action log.Warn(). Str("org", owner). @@ -281,8 +278,8 @@ func (a Action) Check(ctx context.Context, c *github.Client, owner, Msg("Ignoring invalid action") continue } - name := sm[1] - version := sm[2] + name := sm[0] + version := sm[1] actions = append(actions, &actionMetadata{ name: name, version: version, @@ -715,6 +712,10 @@ func listWorkflowsReal(ctx context.Context, c *github.Client, owner, repo string if err != nil { return nil, err } + if fc == nil { + // skip directories + continue + } content, err := fc.GetContent() if err != nil { return nil, err diff --git a/pkg/policies/action/action_test.go b/pkg/policies/action/action_test.go index 64b592bf..09de5616 100644 --- a/pkg/policies/action/action_test.go +++ b/pkg/policies/action/action_test.go @@ -21,9 +21,9 @@ import ( "path/filepath" "testing" - "github.com/contentful/allstar/pkg/config" "github.com/gobwas/glob" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" "github.com/rhysd/actionlint" ) diff --git a/pkg/policies/action/eval.go b/pkg/policies/action/eval.go index 9e56ef7d..47710056 100644 --- a/pkg/policies/action/eval.go +++ b/pkg/policies/action/eval.go @@ -18,7 +18,7 @@ import ( "context" "fmt" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" ) var requireWorkflowOnForRequire = []string{"pull_request", "push"} diff --git a/pkg/policies/admin/admin.go b/pkg/policies/admin/admin.go index 9f70731d..e2270a54 100644 --- a/pkg/policies/admin/admin.go +++ b/pkg/policies/admin/admin.go @@ -18,11 +18,11 @@ package admin import ( "context" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" "github.com/gobwas/glob" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) diff --git a/pkg/policies/admin/admin_test.go b/pkg/policies/admin/admin_test.go index 9228a163..af9a4b55 100644 --- a/pkg/policies/admin/admin_test.go +++ b/pkg/policies/admin/admin_test.go @@ -18,10 +18,10 @@ import ( "context" "testing" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" ) var listCollaborators func(context.Context, string, string, diff --git a/pkg/policies/binary/binary.go b/pkg/policies/binary/binary.go index a304c0c6..ba16d45b 100644 --- a/pkg/policies/binary/binary.go +++ b/pkg/policies/binary/binary.go @@ -21,13 +21,13 @@ import ( "fmt" "path/filepath" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" - "github.com/contentful/allstar/pkg/scorecard" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/scorecard" "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) diff --git a/pkg/policies/binary/binary_test.go b/pkg/policies/binary/binary_test.go index 873c57df..0d6db96b 100644 --- a/pkg/policies/binary/binary_test.go +++ b/pkg/policies/binary/binary_test.go @@ -18,9 +18,9 @@ import ( "context" "testing" - "github.com/contentful/allstar/pkg/config" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" ) func TestConfigPrecedence(t *testing.T) { diff --git a/pkg/policies/branch/branch.go b/pkg/policies/branch/branch.go index 2be7bdc4..db2e338f 100644 --- a/pkg/policies/branch/branch.go +++ b/pkg/policies/branch/branch.go @@ -20,10 +20,10 @@ import ( "fmt" "net/http" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) diff --git a/pkg/policies/branch/branch_test.go b/pkg/policies/branch/branch_test.go index a5905bf1..7c66cd29 100644 --- a/pkg/policies/branch/branch_test.go +++ b/pkg/policies/branch/branch_test.go @@ -21,10 +21,10 @@ import ( "sort" "testing" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" ) var get func(context.Context, string, string) (*github.Repository, diff --git a/pkg/policies/catalog/catalog.go b/pkg/policies/catalog/catalog.go index 8da9c4d3..88e775ba 100644 --- a/pkg/policies/catalog/catalog.go +++ b/pkg/policies/catalog/catalog.go @@ -19,11 +19,11 @@ import ( "context" "fmt" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" "github.com/shurcooL/githubv4" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) @@ -72,7 +72,7 @@ type mergedConfig struct { } type details struct { - Enabled bool + Enabled bool } var configFetchConfig func(context.Context, *github.Client, string, string, string, config.ConfigLevel, interface{}) error diff --git a/pkg/policies/catalog/catalog_test.go b/pkg/policies/catalog/catalog_test.go index 3b5508ba..78306ef5 100644 --- a/pkg/policies/catalog/catalog_test.go +++ b/pkg/policies/catalog/catalog_test.go @@ -19,10 +19,10 @@ import ( "fmt" "testing" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" ) var query func(context.Context, interface{}, map[string]interface{}) error diff --git a/pkg/policies/codeowners/codeowners.go b/pkg/policies/codeowners/codeowners.go index 33172e80..e2bfb044 100644 --- a/pkg/policies/codeowners/codeowners.go +++ b/pkg/policies/codeowners/codeowners.go @@ -20,10 +20,10 @@ import ( "fmt" "net/http" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) @@ -63,7 +63,7 @@ type RepoConfig struct { } type repositories interface { - GetCodeownersErrors(ctx context.Context, owner, repo string) (*github.CodeownersErrors, *github.Response, error) + GetCodeownersErrors(ctx context.Context, owner, repo string, op *github.GetCodeownersErrorsOptions) (*github.CodeownersErrors, *github.Response, error) } type mergedConfig struct { @@ -131,7 +131,7 @@ func check(ctx context.Context, rep repositories, c *github.Client, owner, Bool("enabled", enabled). Msg("Check repo enabled") - codeownererrors, resp, err := rep.GetCodeownersErrors(ctx, owner, repo) + codeownererrors, resp, err := rep.GetCodeownersErrors(ctx, owner, repo, nil) if err == nil { // "CODEOWNERS" exists diff --git a/pkg/policies/codeowners/codeowners_test.go b/pkg/policies/codeowners/codeowners_test.go index 63da4b30..1b4494aa 100644 --- a/pkg/policies/codeowners/codeowners_test.go +++ b/pkg/policies/codeowners/codeowners_test.go @@ -20,18 +20,18 @@ import ( "net/http" "testing" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" ) -var GetCodeownersErrors func(ctx context.Context, owner, repo string) (*github.CodeownersErrors, *github.Response, error) +var GetCodeownersErrors func(ctx context.Context, owner, repo string, op *github.GetCodeownersErrorsOptions) (*github.CodeownersErrors, *github.Response, error) type mockRepos struct{} -func (m mockRepos) GetCodeownersErrors(ctx context.Context, owner, repo string) (*github.CodeownersErrors, *github.Response, error) { - return GetCodeownersErrors(ctx, owner, repo) +func (m mockRepos) GetCodeownersErrors(ctx context.Context, owner, repo string, op *github.GetCodeownersErrorsOptions) (*github.CodeownersErrors, *github.Response, error) { + return GetCodeownersErrors(ctx, owner, repo, op) } type MockGhClient struct{} @@ -236,7 +236,7 @@ func TestCheck(t *testing.T) { } return nil } - GetCodeownersErrors = func(ctx context.Context, owner, repo string) (*github.CodeownersErrors, *github.Response, error) { + GetCodeownersErrors = func(ctx context.Context, owner, repo string, op *github.GetCodeownersErrorsOptions) (*github.CodeownersErrors, *github.Response, error) { if test.CodeOwnPresent { if test.ErrorCount > 0 { return &test.CodeOwnErrs, nil, nil diff --git a/pkg/policies/outside/outside.go b/pkg/policies/outside/outside.go index 4093e123..e4819318 100644 --- a/pkg/policies/outside/outside.go +++ b/pkg/policies/outside/outside.go @@ -19,11 +19,11 @@ import ( "context" "fmt" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" "github.com/gobwas/glob" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) diff --git a/pkg/policies/outside/outside_test.go b/pkg/policies/outside/outside_test.go index 4d927b06..d308bbac 100644 --- a/pkg/policies/outside/outside_test.go +++ b/pkg/policies/outside/outside_test.go @@ -18,10 +18,10 @@ import ( "context" "testing" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" ) var listCollaborators func(context.Context, string, string, diff --git a/pkg/policies/policies.go b/pkg/policies/policies.go index c2b07ac9..1ad9dcdc 100644 --- a/pkg/policies/policies.go +++ b/pkg/policies/policies.go @@ -17,17 +17,17 @@ package policies import ( - "github.com/contentful/allstar/pkg/policies/action" - "github.com/contentful/allstar/pkg/policies/admin" - "github.com/contentful/allstar/pkg/policies/binary" - "github.com/contentful/allstar/pkg/policies/branch" - "github.com/contentful/allstar/pkg/policies/catalog" - "github.com/contentful/allstar/pkg/policies/codeowners" - "github.com/contentful/allstar/pkg/policies/outside" - "github.com/contentful/allstar/pkg/policies/scorecard" - "github.com/contentful/allstar/pkg/policies/security" - "github.com/contentful/allstar/pkg/policies/workflow" - "github.com/contentful/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/policies/action" + "github.com/ossf/allstar/pkg/policies/admin" + "github.com/ossf/allstar/pkg/policies/binary" + "github.com/ossf/allstar/pkg/policies/branch" + "github.com/ossf/allstar/pkg/policies/catalog" + "github.com/ossf/allstar/pkg/policies/codeowners" + "github.com/ossf/allstar/pkg/policies/outside" + "github.com/ossf/allstar/pkg/policies/scorecard" + "github.com/ossf/allstar/pkg/policies/security" + "github.com/ossf/allstar/pkg/policies/workflow" + "github.com/ossf/allstar/pkg/policydef" ) // GetPolicies returns a slice of all policies in Allstar. diff --git a/pkg/policies/scorecard/scorecard.go b/pkg/policies/scorecard/scorecard.go index a74b4b51..66f68bd6 100644 --- a/pkg/policies/scorecard/scorecard.go +++ b/pkg/policies/scorecard/scorecard.go @@ -20,13 +20,13 @@ import ( "fmt" "net/http" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" - "github.com/contentful/allstar/pkg/scorecard" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/scorecard" "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) @@ -161,7 +161,18 @@ func (b Scorecard) Check(ctx context.Context, c *github.Client, owner, Dlogger: l, } - res := checksAllChecks[n].Fn(cr) + check, ok := checksAllChecks[n] + if !ok { + log.Warn(). + Str("org", owner). + Str("repo", repo). + Str("area", polName). + Str("check", n). + Msg("Unknown scorecard check specified.") + break + } + + res := check.Fn(cr) if res.Error != nil { // We are not sure that all checks are safe to run inside Allstar, some // might error, and we don't want to abort a whole org enforcement loop @@ -227,10 +238,10 @@ func convertLogs(logs []checker.CheckDetail) []string { var s []string for _, l := range logs { if l.Msg.Finding != nil { - if l.Msg.Finding.Location == nil { + if l.Msg.Finding.Location == nil || l.Msg.Finding.Location.Snippet == nil || l.Msg.Finding.Location.LineStart == nil { s = append(s, fmt.Sprintf("%v", l.Msg.Finding.Message)) } else { - s = append(s, fmt.Sprintf("%v[%v]:%v", l.Msg.Finding.Location.Value, *l.Msg.Finding.Location.LineStart, l.Msg.Finding.Message)) + s = append(s, fmt.Sprintf("%v[%v]:%v", *l.Msg.Finding.Location.Snippet, *l.Msg.Finding.Location.LineStart, l.Msg.Finding.Message)) } } else { s = append(s, fmt.Sprintf("%v[%v]:%v", l.Msg.Path, l.Msg.Offset, l.Msg.Text)) diff --git a/pkg/policies/scorecard/scorecard_test.go b/pkg/policies/scorecard/scorecard_test.go index e0086602..aad95db3 100644 --- a/pkg/policies/scorecard/scorecard_test.go +++ b/pkg/policies/scorecard/scorecard_test.go @@ -19,10 +19,10 @@ import ( "net/http" "testing" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/scorecard" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/scorecard" "github.com/ossf/scorecard/v4/checker" ) diff --git a/pkg/policies/security/security.go b/pkg/policies/security/security.go index dcc0d960..29297a8c 100644 --- a/pkg/policies/security/security.go +++ b/pkg/policies/security/security.go @@ -19,10 +19,10 @@ import ( "context" "fmt" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" "github.com/shurcooL/githubv4" ) diff --git a/pkg/policies/security/security_test.go b/pkg/policies/security/security_test.go index fb9953db..90f78e4b 100644 --- a/pkg/policies/security/security_test.go +++ b/pkg/policies/security/security_test.go @@ -18,10 +18,10 @@ import ( "context" "testing" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" ) var query func(context.Context, interface{}, map[string]interface{}) error diff --git a/pkg/policies/workflow/workflow.go b/pkg/policies/workflow/workflow.go index 991bda69..f0e87370 100644 --- a/pkg/policies/workflow/workflow.go +++ b/pkg/policies/workflow/workflow.go @@ -20,13 +20,13 @@ import ( "context" "fmt" - "github.com/contentful/allstar/pkg/config" - "github.com/contentful/allstar/pkg/policydef" - "github.com/contentful/allstar/pkg/scorecard" + "github.com/ossf/allstar/pkg/config" + "github.com/ossf/allstar/pkg/policydef" + "github.com/ossf/allstar/pkg/scorecard" "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) @@ -136,7 +136,7 @@ func (b Workflow) Check(ctx context.Context, c *github.Client, owner, } logs := convertLogs(l.Flush()) - pass := res.Score >= checker.MaxResultScore + pass := res.Score >= checker.MaxResultScore || res.Score == checker.InconclusiveResultScore var notify string if !pass { notify = fmt.Sprintf(`Project is out of compliance with Dangerous Workflow policy: %v diff --git a/pkg/policies/workflow/workflow_test.go b/pkg/policies/workflow/workflow_test.go index 09ff73e7..13ddea3f 100644 --- a/pkg/policies/workflow/workflow_test.go +++ b/pkg/policies/workflow/workflow_test.go @@ -18,9 +18,9 @@ import ( "context" "testing" - "github.com/contentful/allstar/pkg/config" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" + "github.com/ossf/allstar/pkg/config" ) func TestConfigPrecedence(t *testing.T) { diff --git a/pkg/policydef/policydef.go b/pkg/policydef/policydef.go index 0c23251d..7d2f11d8 100644 --- a/pkg/policydef/policydef.go +++ b/pkg/policydef/policydef.go @@ -18,7 +18,7 @@ // Policies should define and retrieve their own config in the same way that // Allstar does. There should be an org-level config and repo-level // config. Each config should include the OptConfig defined in -// github.com/contentful/allstar/pkg/config to determine if the policy is enabled or +// github.com/ossf/allstar/pkg/config to determine if the policy is enabled or // disabled. The config package also provided helper functions to retrieve // config from the repo. package policydef @@ -26,7 +26,7 @@ package policydef import ( "context" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" ) // Result is returned from a policy check. diff --git a/pkg/reviewbot/checks.go b/pkg/reviewbot/checks.go index 78e1d377..bac4d1cf 100644 --- a/pkg/reviewbot/checks.go +++ b/pkg/reviewbot/checks.go @@ -7,7 +7,7 @@ import ( "time" "github.com/bradleyfalzon/ghinstallation/v2" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) diff --git a/pkg/reviewbot/reviewbot.go b/pkg/reviewbot/reviewbot.go index 91ab25a6..3e703934 100644 --- a/pkg/reviewbot/reviewbot.go +++ b/pkg/reviewbot/reviewbot.go @@ -4,7 +4,7 @@ import ( "fmt" "net/http" - "github.com/google/go-github/v50/github" + "github.com/google/go-github/v59/github" "github.com/rs/zerolog/log" ) diff --git a/pkg/scorecard/scorecard.go b/pkg/scorecard/scorecard.go index e25d8d19..9a409f1b 100644 --- a/pkg/scorecard/scorecard.go +++ b/pkg/scorecard/scorecard.go @@ -36,7 +36,7 @@ type ScClient struct { ScRepoClient clients.RepoClient } -var scClients map[string]*ScClient +var scClients map[string]*ScClient = make(map[string]*ScClient) var mMutex sync.RWMutex const defaultGitRef = "HEAD" @@ -53,26 +53,16 @@ func init() { // exist. The github repo is initialized, which means the tarball is // downloaded. func Get(ctx context.Context, fullRepo string, tr http.RoundTripper) (*ScClient, error) { - mMutex.RLock() - if scClients == nil { - mMutex.RUnlock() - mMutex.Lock() - scClients = make(map[string]*ScClient) - mMutex.Unlock() - } else { - mMutex.RUnlock() - } - mMutex.RLock() + mMutex.Lock() if scc, ok := scClients[fullRepo]; ok { - mMutex.RUnlock() + mMutex.Unlock() return scc, nil } - mMutex.RUnlock() scc, err := create(ctx, fullRepo, tr) if err != nil { + mMutex.Unlock() return nil, err } - mMutex.Lock() scClients[fullRepo] = scc mMutex.Unlock() return scc, nil @@ -81,18 +71,13 @@ func Get(ctx context.Context, fullRepo string, tr http.RoundTripper) (*ScClient, // Function Close will close the scorecard clients. This cleans up the // downloaded tarball. func Close(fullRepo string) { - mMutex.RLock() - if scClients == nil { - mMutex.RUnlock() - return - } + mMutex.Lock() scc, ok := scClients[fullRepo] - mMutex.RUnlock() if !ok { + mMutex.Unlock() return } scc.ScRepoClient.Close() - mMutex.Lock() delete(scClients, fullRepo) mMutex.Unlock() } diff --git a/pkg/scorecard/scorecard_test.go b/pkg/scorecard/scorecard_test.go index 2febc489..33056dff 100644 --- a/pkg/scorecard/scorecard_test.go +++ b/pkg/scorecard/scorecard_test.go @@ -16,6 +16,7 @@ package scorecard import ( "context" + "io" "net/http" "testing" time "time" @@ -128,6 +129,10 @@ func (m mockRC) Close() error { return close() } +func (m mockRC) GetFileReader(filename string) (io.ReadCloser, error) { + return nil, nil +} + func TestGetNew(t *testing.T) { var makeCalled, createCalled, initCalled bool githubrepoMakeGitHubRepo = func(s string) (clients.Repo, error) {