ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.63k stars 504 forks source link

:warning: Rename top level package to scorecard and reduce name duplication #4227

Closed spencerschrock closed 4 months ago

spencerschrock commented 4 months ago

What kind of change does this PR introduce?

package rename, which is a breaking change

What is the current behavior?

The top level entry point (where RunScorecard lived) was called pkg.

package pkg

Avoiding the discussion about whether or not pkg folders make sense in 2024, having a package named pkg was never how the structure was supposed to be used. This led to code snippets such as: https://github.com/ossf/scorecard/blob/32b59637667c9abb7c4d2ecd9c1293634de2d80f/cmd/root.go#L134-L138 or https://github.com/ossf/scorecard/blob/32b59637667c9abb7c4d2ecd9c1293634de2d80f/cmd/internal/scdiff/app/compare/compare.go#L19-L21

What is the new behavior (if this is a feature change)?**

This leads to snippets such as: https://github.com/ossf/scorecard/blob/4747dd33a8fe60bb34af6d58d316a181655be89b/cmd/root.go#L147-L153 and https://github.com/ossf/scorecard/blob/4747dd33a8fe60bb34af6d58d316a181655be89b/cmd/internal/scdiff/app/compare.go#L96-L101

Which issue(s) this PR fixes

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to the release-note

(In particular, describe what changes users might need to make in their application as a result of this pull request.)

Everything under `github.com/ossf/scorecard/v5/pkg` now lives in `github.com/ossf/scorecard/v5/pkg/scorecard`
codecov[bot] commented 4 months ago

Codecov Report

Attention: Patch coverage is 52.45902% with 29 lines in your changes missing coverage. Please review.

Project coverage is 66.65%. Comparing base (da0f2b4) to head (4747dd3). Report is 28 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #4227 +/- ## ========================================== + Coverage 60.17% 66.65% +6.47% ========================================== Files 212 229 +17 Lines 15556 16498 +942 ========================================== + Hits 9361 10996 +1635 + Misses 5492 4801 -691 + Partials 703 701 -2 ```
spencerschrock commented 4 months ago

/scdiff generate Security-Policy,Branch-Protection,Contributors,CI-Tests,Binary-Artifacts,Packaging,Dependency-Update-Tool,Signed-Releases,SAST,Vulnerabilities,Pinned-Dependencies,Maintained,Token-Permissions,CII-Best-Practices,Fuzzing,Code-Review,License,Dangerous-Workflow

github-actions[bot] commented 4 months ago

Here's a link to the scdiff run