Documentation
¶
Overview ¶
Package workflow implements the Dangerous Workflow security policy check from scorecard.
Index ¶
- func NewWorkflow() policydef.Policy
- type OrgConfig
- type RepoConfig
- type Workflow
- func (b Workflow) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
- func (b Workflow) Fix(ctx context.Context, c *github.Client, owner, repo string) error
- func (b Workflow) GetAction(ctx context.Context, c *github.Client, owner, repo string) string
- func (b Workflow) IsEnabled(ctx context.Context, c *github.Client, owner, repo string) (bool, error)
- func (b Workflow) Name() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewWorkflow ¶
NewWorkflow returns a new Dangerous Workflow policy.
Types ¶
type OrgConfig ¶
type OrgConfig struct {
// OptConfig is the standard org-level opt in/out config, RepoOverride applies to all
// config.
OptConfig config.OrgOptConfig `json:"optConfig"`
// Action defines which action to take, default log, other: issue...
Action string `json:"action"`
// Comma-separated branch list to scan for Dangerous Workflows. Blank to
// scan all branches. The string "default" will be replaced with the git
// default branch. Must use format "refs/remotes/origin/branch_name".
BranchList string `json:"branchList"`
}
OrgConfig is the org-level config definition for this policy.
type RepoConfig ¶
type RepoConfig struct {
// OptConfig is the standard repo-level opt in/out config.
OptConfig config.RepoOptConfig `json:"optConfig"`
// Action overrides the same setting in org-level, only if present.
Action *string `json:"action"`
// Comma-separated branch list to scan for Dangerous Workflows. Blank to
// scan all branches. The string "default" will be replaced with the git
// default branch. Must use format
// "refs/remotes/origin/branch_name". Repo-level list is additive to
// org-level list, it does not replace org-level list.
BranchList string `json:"branchList"`
}
RepoConfig is the repo-level config for this policy.
type Workflow ¶
type Workflow bool
Workflow is the Dangerous Workflow policy object, implements policydef.Policy.
func (Workflow) Check ¶
func (b Workflow) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
Check performs the policy check for this policy based on the configuration stored in the org/repo, implementing policydef.Policy.Check()
func (Workflow) Fix ¶
Fix implementing policydef.Policy.Fix(). Scorecard checks will not have a Fix option.
func (Workflow) GetAction ¶
GetAction returns the configured action from this policy's configuration stored in the org-level repo, default log. Implementing policydef.Policy.GetAction()
Source Files