KEMBAR78
:sparkles: feat: Refactor scorecard serve cmd by gcanlin · Pull Request #4665 · ossf/scorecard · GitHub
Skip to content

✨ feat: Refactor scorecard serve cmd #4665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 10, 2025
Merged

✨ feat: Refactor scorecard serve cmd #4665

merged 6 commits into from
Sep 10, 2025

Conversation

gcanlin
Copy link
Contributor

@gcanlin gcanlin commented Jun 17, 2025
edited
Loading

What kind of change does this PR introduce?

feature

What is the current behavior?

The current serve uses Go’s built-in http package, which lacks modern features. And It fails to correctly aggregate the total score, and parameters and details cannot be retrieved properly.

What is the new behavior (if this is a feature change)?**

This PR refactors the serve component by migrating the original CLI-based parameter input to a RESTful API interface. Additionally, I replaced the native net/http logic with the chi router, which is lightweight yet expressive and well-suited for modular HTTP services in Go.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Related to #4627

@gcanlin gcanlin changed the title ✨ feat: Refactor scorecard serve cmd (#4627) ✨ feat: Refactor scorecard serve cmd Jun 17, 2025
@spencerschrock
Copy link
Member

Don't have time to look in-depth, but wanted to make one comment:

The current serve uses Go’s built-in http package, which lacks modern features

What features specifically? Go 1.22 made good strides at least for the routing
https://go.dev/blog/routing-enhancements

@gcanlin
Copy link
Contributor Author

gcanlin commented Jun 19, 2025

Sorry. I'm unfamiliar with new features of Go. It seems that chi isn't necessary. I will revert it. Thx.

@gcanlin
✨ Refactor scorecard serve cmd
3060b2a 
Signed-off-by: fixedpoint <961750412@qq.com>
@gcanlin gcanlin marked this pull request as ready for review June 22, 2025 16:45
@gcanlin gcanlin requested a review from a team as a code owner June 22, 2025 16:45
@gcanlin gcanlin requested review from raghavkaul and spencerschrock and removed request for a team June 22, 2025 16:45
spencerschrock
spencerschrock reviewed Jun 24, 2025
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At a high level this looks like what we want, an http wrapper around the CLI. You said MCP will be built on top of this API, so is it matching what you need for that?

There are a few things that need changed, which I've left individual comments on. The linter also has some thoughts with this file.

@gcanlin gcanlin temporarily deployed to integration-test June 24, 2025 17:38 — with GitHub Actions Inactive
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 24, 2025
View reviewed changes
@codecov
Copy link

codecov bot commented Jun 24, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 189 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.86%. Comparing base (353ed60) to head (327a826).
⚠️ Report is 231 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4665      +/-   ##
==========================================
+ Coverage   66.80%   67.86%   +1.05%     
==========================================
  Files         230      249      +19     
  Lines       16602    19069    +2467     
==========================================
+ Hits        11091    12941    +1850     
- Misses       4808     5268     +460     
- Partials      703      860     +157
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link

github-actions bot commented Jul 5, 2025

This pull request has been marked stale because it has been open for 10 days with no activity

@github-actions github-actions bot added Stale and removed Stale labels Jul 5, 2025
@github-actions
Copy link

This pull request has been marked stale because it has been open for 10 days with no activity

@github-actions github-actions bot added the Stale label Jul 17, 2025
@github-actions github-actions bot removed the Stale label Jul 27, 2025
@gcanlin gcanlin requested a review from spencerschrock July 28, 2025 06:11
@github-actions
Copy link

github-actions bot commented Aug 8, 2025

This pull request has been marked stale because it has been open for 10 days with no activity

@github-actions github-actions bot added the Stale label Aug 8, 2025
@github-actions github-actions bot closed this Aug 29, 2025
@spencerschrock
Copy link
Member

Back from vacation, going through my backlog from before and reopenning PRs that went stale waiting for me.

@spencerschrock spencerschrock reopened this Sep 3, 2025
@github-actions github-actions bot removed the Stale label Sep 4, 2025
@spencerschrock
Merge branch 'main' into main
9ef72d0
@spencerschrock
fix linter issues
327a826 
Signed-off-by: Spencer Schrock <sschrock@google.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 10, 2025
View reviewed changes
spencerschrock
spencerschrock approved these changes Sep 10, 2025
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your patience waiting on my review, and for fixing up the serve command!

@spencerschrock spencerschrock merged commit c2bf137 into ossf:main Sep 10, 2025
36 checks passed
@spencerschrock spencerschrock mentioned this pull request Sep 10, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spencerschrock spencerschrock spencerschrock approved these changes

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees

No one assigned

Labels

None yet

Projects

OpenSSF Scorecard
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gcanlin @spencerschrock