✨ Feature: Dependency-diff Visualization in the Scorecard Action (version 0 - part 1) #780
Conversation
aidenwang9867
changed the title
There was a problem hiding this comment.
Thanks, @aidenwang9867!
Could you please add unit tests? It adds reliability.
It is critical that we have tests.
Of course! Should I change this to a draft PR for now / add the tests in a follow-up PR? It might take me some extra effort to have the tests covered since I'm not very familiar with testing for an action app. |
The tests are standard go tests. Can we add unit tests for this PR? Probably certain things are possible with a Unit test, which makes sense to skip for e2e. |
np, will do :-) |
|
|
||
| func asPointerStr(s string) *string { | ||
| return &s | ||
| } |
There was a problem hiding this comment.
Unit tests added for visualization-as-a-comment. Thanks for the suggestion! @naveensrinivasan
|
Closing this PR due to age, and also ossf/scorecard#3125 |
What kind of change does this PR introduce?
Introduce the Dependency-diff Visualization in the Scorecard Action (version 0) feature.
What is the new behavior (if this is a feature change)?**
This is a new mode of Scorecard Action that can run on a pull request, analyze the dependency-diffs, surface the Scorecard checks for them and visualize them in the (1) PR comment and (2) check run annotations. This PR only introduces (1), (2) will be given in a separate one.
TODO (#issue number): add e2e tests for this feature to make sure the run won't crash on a pull request.
Which issue(s) this PR fixes
Fixes #772 (the dependency package deps.dev page will be given in the PR comment if the page exists)
Does this PR introduce a user-facing change?
Yes.