✨ Initial experimental Azure DevOps client #4377
Conversation
JamieMagee
requested review from
justaugustus and
spencerschrock
and removed request for
a team
JamieMagee
temporarily deployed
to
integration-test
GitHub Actions
Inactive
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4377 +/- ##
==========================================
- Coverage 66.80% 59.36% -7.44%
==========================================
Files 230 216 -14
Lines 16602 16371 -231
==========================================
- Hits 11091 9719 -1372
- Misses 4808 5948 +1140
- Partials 703 704 +1 |
There was a problem hiding this comment.
It's the MVP for a scorecard scan to complete without panicing.
panicing, or completing without runtime errors? What's the manual testing of this look like for the maintainers? Are there any world-public azuredevops repos?
I'd like to get feedback at this stage, before I implement the remainder of the client.
In general, the pattern is good. You copied the existing structure, and you're working through it piece by piece.
Did you plan on finishing the client in this PR or followups? Breaking it up in separate PRs may be easier. Your first approach was "run scorecard without panicing", but I think a good next step is "run a specific check"
So start with something like go run main.go --repo <blah> --checks Maintained, which just needs some info about the repo, commits, and issues. Code-Review is probably in this group too.
Then you can move on to checks which need file content (Binary-Artifacts may be a good one?), and then some of the more involved ones that rely on CI/CD data etc.
|
There's a lot of linter errors that I'm sure you're waiting to resolve until after your approach got reviewed. So I didn't review any of that sort of thing, happy to give tips if desired. |
Completing without runtime errors. Here's the output, running against https://dev.azure.com/jamiemagee/jamiemagee/_git/jamiemagee, after my most recent changes: Details
I think I'd like to finish the client in a followup PR if that's possible? I think it'd be easier for you to review in smaller chunks instead of one, big bang, pull request. I plan to attend the scorecard APAC meeting on Thursday to gauge interest as well.
I'll tackle those in the next day or two. Thanks so much for the review! |
JamieMagee
temporarily deployed
to
integration-test
GitHub Actions
Inactive
There was a problem hiding this comment.
I think I'd like to finish the client in a followup PR if that's possible? I think it'd be easier for you to review in smaller chunks
Agreed. I went ahead and approved the boilerplate, pending linter fixes.
There's a lot of linter errors that I'm sure you're waiting to resolve until after your approach got reviewed. So I didn't review any of that sort of thing, happy to give tips if desired.
I'll tackle those in the next day or two.
make fix-linter may help with some auto-generated fixes.
Anything that complains about struct alignment you can usually fix with
go install golang.org/x/tools/go/analysis/passes/fieldalignment/cmd/fieldalignment
fieldalignment -fix ./clients/azuredevopsrepo
Happy to help with any others as well.
|
also your latest commit wasn't DCO'd. that will also be a blocker. The checkrun will have remediation info: |
JamieMagee
force-pushed
the
azure-devops-client
branch
from
2208766
to
ebd485a
Compare
JamieMagee
temporarily deployed
to
integration-test
GitHub Actions
Inactive
|
@spencerschrock I think I've addressed all your comments. If so, this should be ready to merge. |
|
This pull request has been marked stale because it has been open for 10 days with no activity |
I've been out on the office on personal time, will take a look in the next day or two. |
Signed-off-by: Jamie Magee <[email protected]>
Signed-off-by: Jamie Magee <[email protected]>
Signed-off-by: Jamie Magee <[email protected]>
Signed-off-by: Jamie Magee <[email protected]>
JamieMagee
force-pushed
the
azure-devops-client
branch
from
ebd485a
to
6044d50
Compare
JamieMagee
had a problem deploying
to
integration-test
GitHub Actions
Failure
Signed-off-by: Jamie Magee <[email protected]>
JamieMagee
force-pushed
the
azure-devops-client
branch
from
6044d50
to
ecf43e0
Compare
JamieMagee
temporarily deployed
to
integration-test
GitHub Actions
Inactive
|
Wooo, thanks for this contribution, @JamieMagee! |
What kind of change does this PR introduce?
This PR introduces early experimental support for Azure DevOps. It's the MVP for a scorecard scan to complete without panicing.
What is the current behavior?
No Support for Azure DevOps repository scanning
What is the new behavior (if this is a feature change)?**
This is a followup from #4178, and the next step for #4177. It is the minimal client implementation for Azure DevOps repository support.
I'd like to get feedback at this stage, before I implement the remainder of the client.
Which issue(s) this PR fixes
Continued work on #4177
Special notes for your reviewer
This change is currenltly gated behind the
SCORECARD_EXPERIMENTALenvironment variable, same as the initial GitLab client was.Does this PR introduce a user-facing change?
For user-facing changes, please add a concise, human-readable release note to
the
release-note(In particular, describe what changes users might need to make in their
application as a result of this pull request.)