KEMBAR78
🐛 do not allow unsupported `ListReleases` to fail a run by JamieMagee · Pull Request #4677 · ossf/scorecard · GitHub
Skip to content

🐛 do not allow unsupported ListReleases to fail a run #4677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 30, 2025
Merged

🐛 do not allow unsupported ListReleases to fail a run #4677

merged 3 commits into from
Jun 30, 2025

Conversation

JamieMagee
Copy link
Contributor

What kind of change does this PR introduce?

This check allows clients which currently do not support ListReleases to complete a Scorecard run. Currently azuredevopsrepo, localdir, and git do not support ListReleases.

This is a follow-up from #4533, with PR comments addressed, after I let that PR go stale.

What is the current behavior?

Currently, running scorecard against a client that does not support ListReleases results in a non-zero exit code, and an error printed to the console:

Error: check runtime error: Branch-Protection: internal error: unsupported feature
2025/06/26 20:08:25 error during command execution: check runtime error: Branch-Protection: internal error: unsupported feature

What is the new behavior (if this is a feature change)?**

Partial results for the checks that partially rely on ListReleases (Branch-Protection, SBOM) and no results for Signed-Releases.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Prevent unimplemented ListReleases from failing a run

@JamieMagee
🐛 do not allow unsupported ListReleases to fail a run
587dfb2 
Signed-off-by: Jamie Magee <jamie.magee@gmail.com>
@JamieMagee JamieMagee requested a review from a team as a code owner June 27, 2025 03:15
@JamieMagee JamieMagee requested review from justaugustus and raghavkaul and removed request for a team June 27, 2025 03:15
@JamieMagee JamieMagee temporarily deployed to integration-test June 27, 2025 03:15 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented Jun 27, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 66.72%. Comparing base (353ed60) to head (5105370).
Report is 190 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4677      +/-   ##
==========================================
- Coverage   66.80%   66.72%   -0.09%     
==========================================
  Files         230      249      +19     
  Lines       16602    18884    +2282     
==========================================
+ Hits        11091    12600    +1509     
- Misses       4808     5452     +644     
- Partials      703      832     +129
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

spencerschrock
spencerschrock reviewed Jun 27, 2025
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Branch-Protection and SBOM changes LGTM. Question about Signed-Releases

@JamieMagee JamieMagee temporarily deployed to integration-test June 27, 2025 17:19 — with GitHub Actions Inactive
@JamieMagee
Revert changes in signed_releases
ce861e1 
Signed-off-by: Jamie Magee <jamie.magee@gmail.com>
@JamieMagee JamieMagee force-pushed the jamiemagee/unsupported-list-releases branch from cffbf82 to ce861e1 Compare June 27, 2025 17:29
@JamieMagee JamieMagee temporarily deployed to integration-test June 27, 2025 17:30 — with GitHub Actions Inactive
@spencerschrock
Copy link
Member

/scdiff generate Branch-Protection,Signed-Releases

@github-actions
Copy link

Here's a link to the scdiff run

spencerschrock
spencerschrock approved these changes Jun 30, 2025
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@spencerschrock spencerschrock enabled auto-merge (squash) June 30, 2025 16:29
@spencerschrock spencerschrock merged commit 10a5557 into ossf:main Jun 30, 2025
37 of 38 checks passed
@JamieMagee JamieMagee deleted the jamiemagee/unsupported-list-releases branch June 30, 2025 16:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spencerschrock spencerschrock spencerschrock approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees

No one assigned

Labels

None yet

Projects

OpenSSF Scorecard
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JamieMagee @spencerschrock