Merge pull request #21 from UlisesGascon/feat/12

feat: added commit reference to reports

dist/index.js

@@ -20004,15 +20004,15 @@ const generateScores = async ({ scope, database: currentDatabase, maxRequestInPa
  core.debug(`Processing chunk ${index + 1}/${chunks.length}`)
 
  const chunkScores = await Promise.all(chunk.map(async ({ org, repo }) => {
- const { score, date } = await getProjectScore({ platform, org, repo })
+ const { score, date, commit } = await getProjectScore({ platform, org, repo })
  core.debug(`Got project score for ${platform}/${org}/${repo}: ${score} (${date})`)
 
  const storedScore = getScore({ database, platform, org, repo })
 
- const scoreData = { platform, org, repo, score, date }
+ const scoreData = { platform, org, repo, score, date, commit }
  // If no stored score then record if score is different then:
  if (!storedScore || storedScore.score !== score) {
- saveScore({ database, platform, org, repo, score, date })
+ saveScore({ database, platform, org, repo, score, date, commit })
  }
 
  // Add previous score and date if available to the report
@@ -20062,24 +20062,24 @@ const { softAssign } = __nccwpck_require__(7348)
 const getProjectScore = async ({ platform, org, repo }) => {
  core.debug(`Getting project score for ${platform}/${org}/${repo}`)
  const response = await got(`https://api.securityscorecards.dev/projects/${platform}/${org}/${repo}`)
- const { score, date } = JSON.parse(response.body)
+ const { score, date, repo: { commit } = {} } = JSON.parse(response.body)
  core.debug(`Got project score for ${platform}/${org}/${repo}: ${score} (${date})`)
- return { platform, org, repo, score, date }
+ return { platform, org, repo, score, date, commit }
 }
 
 const getScore = ({ database, platform, org, repo }) => {
  const { current } = database?.[platform]?.[org]?.[repo] || {}
  return current || null
 }
 
-const saveScore = ({ database, platform, org, repo, score, date }) => {
+const saveScore = ({ database, platform, org, repo, score, date, commit }) => {
  softAssign(database, [platform, org, repo, 'previous'], [])
  const repoRef = database[platform][org][repo]
 
  if (repoRef.current) {
  repoRef.previous.push(repoRef.current)
  }
- repoRef.current = { score, date }
+ repoRef.current = { score, date, commit }
 }
 
 const generateReportContent = async (scores) => {

dist/issue.ejs

@@ -9,11 +9,11 @@ Please review the following changes and take action if necessary.
 There are changes in the following repositories:
 
 <%_ if (scores.length) { -%>
-| Repository | Score | Difference | Report Link |
-| -- | -- | -- | -- |
+| Repository | Commit | Score | Difference | Report Link |
+| -- | -- | -- | -- | -- |
 <%_ } -%>
 <%_ scores.forEach( score => { -%>
-| [<%= score.org %>/<%= score.repo %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>) | <%= score.score %> | <%= score.currentDiff || 0 %> | [Full Report](https://deps.dev/project/github/<%= score.org.toLowerCase() %>%2F<%= score.repo.toLowerCase() %>) |
+| [<%= score.org %>/<%= score.repo %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>) | [<%= score.commit.slice(0, 7) %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>/commit/<%= score.commit %>) | <%= score.score %> | <%= score.currentDiff || 0 %> | [Full Report](https://deps.dev/project/github/<%= score.org.toLowerCase() %>%2F<%= score.repo.toLowerCase() %>) |
 <%_ }); -%> 
 
 _Report generated by [UlisesGascon/openssf-scorecard-monitor](https://github.com/UlisesGascon/openssf-scorecard-monitor)._

dist/report.ejs

@@ -3,11 +3,11 @@
 ## Summary
 
 <%_ if (scores.length) { -%>
-| Repository | Score | Date | Difference | Report Link |
-| -- | -- | -- | -- | -- |
+| Repository | Commit | Score | Date | Difference | Report Link |
+| -- | -- | -- | -- | -- | -- |
 <%_ } -%>
 <%_ scores.forEach( score => { -%>
-| [<%= score.org %>/<%= score.repo %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>) | <%= score.score %> | <%= score.date %> | <%= score.currentDiff || 0 %> | [Full Report](https://deps.dev/project/github/<%= score.org.toLowerCase() %>%2F<%= score.repo.toLowerCase() %>) |
+| [<%= score.org %>/<%= score.repo %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>) | [<%= score.commit.slice(0, 7) %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>/commit/<%= score.commit %>) | <%= score.score %> | <%= score.date %> | <%= score.currentDiff || 0 %> | [Full Report](https://deps.dev/project/github/<%= score.org.toLowerCase() %>%2F<%= score.repo.toLowerCase() %>) |
 <%_ }); -%>
 
 _Report generated by [UlisesGascon/openssf-scorecard-monitor](https://github.com/UlisesGascon/openssf-scorecard-monitor)._

src/index.js

@@ -19,15 +19,15 @@ const generateScores = async ({ scope, database: currentDatabase, maxRequestInPa
  core.debug(`Processing chunk ${index + 1}/${chunks.length}`)
 
  const chunkScores = await Promise.all(chunk.map(async ({ org, repo }) => {
- const { score, date } = await getProjectScore({ platform, org, repo })
+ const { score, date, commit } = await getProjectScore({ platform, org, repo })
  core.debug(`Got project score for ${platform}/${org}/${repo}: ${score} (${date})`)
 
  const storedScore = getScore({ database, platform, org, repo })
 
- const scoreData = { platform, org, repo, score, date }
+ const scoreData = { platform, org, repo, score, date, commit }
  // If no stored score then record if score is different then:
  if (!storedScore || storedScore.score !== score) {
- saveScore({ database, platform, org, repo, score, date })
+ saveScore({ database, platform, org, repo, score, date, commit })
  }
 
  // Add previous score and date if available to the report

src/utils.js

@@ -8,24 +8,24 @@ const { softAssign } = require('@ulisesgascon/soft-assign-deep-property')
 const getProjectScore = async ({ platform, org, repo }) => {
  core.debug(`Getting project score for ${platform}/${org}/${repo}`)
  const response = await got(`https://api.securityscorecards.dev/projects/${platform}/${org}/${repo}`)
- const { score, date } = JSON.parse(response.body)
+ const { score, date, repo: { commit } = {} } = JSON.parse(response.body)
  core.debug(`Got project score for ${platform}/${org}/${repo}: ${score} (${date})`)
- return { platform, org, repo, score, date }
+ return { platform, org, repo, score, date, commit }
 }
 
 const getScore = ({ database, platform, org, repo }) => {
  const { current } = database?.[platform]?.[org]?.[repo] || {}
  return current || null
 }
 
-const saveScore = ({ database, platform, org, repo, score, date }) => {
+const saveScore = ({ database, platform, org, repo, score, date, commit }) => {
  softAssign(database, [platform, org, repo, 'previous'], [])
  const repoRef = database[platform][org][repo]
 
  if (repoRef.current) {
  repoRef.previous.push(repoRef.current)
  }
- repoRef.current = { score, date }
+ repoRef.current = { score, date, commit }
 }
 
 const generateReportContent = async (scores) => {

templates/issue.ejs

@@ -9,11 +9,11 @@ Please review the following changes and take action if necessary.
 There are changes in the following repositories:
 
 <%_ if (scores.length) { -%>
-| Repository | Score | Difference | Report Link |
-| -- | -- | -- | -- |
+| Repository | Commit | Score | Difference | Report Link |
+| -- | -- | -- | -- | -- |
 <%_ } -%>
 <%_ scores.forEach( score => { -%>
-| [<%= score.org %>/<%= score.repo %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>) | <%= score.score %> | <%= score.currentDiff || 0 %> | [Full Report](https://deps.dev/project/github/<%= score.org.toLowerCase() %>%2F<%= score.repo.toLowerCase() %>) |
+| [<%= score.org %>/<%= score.repo %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>) | [<%= score.commit.slice(0, 7) %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>/commit/<%= score.commit %>) | <%= score.score %> | <%= score.currentDiff || 0 %> | [Full Report](https://deps.dev/project/github/<%= score.org.toLowerCase() %>%2F<%= score.repo.toLowerCase() %>) |
 <%_ }); -%> 
 
 _Report generated by [UlisesGascon/openssf-scorecard-monitor](https://github.com/UlisesGascon/openssf-scorecard-monitor)._

templates/report.ejs

@@ -3,11 +3,11 @@
 ## Summary
 
 <%_ if (scores.length) { -%>
-| Repository | Score | Date | Difference | Report Link |
-| -- | -- | -- | -- | -- |
+| Repository | Commit | Score | Date | Difference | Report Link |
+| -- | -- | -- | -- | -- | -- |
 <%_ } -%>
 <%_ scores.forEach( score => { -%>
-| [<%= score.org %>/<%= score.repo %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>) | <%= score.score %> | <%= score.date %> | <%= score.currentDiff || 0 %> | [Full Report](https://deps.dev/project/github/<%= score.org.toLowerCase() %>%2F<%= score.repo.toLowerCase() %>) |
+| [<%= score.org %>/<%= score.repo %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>) | [<%= score.commit.slice(0, 7) %>](https://<%= score.platform %>/<%= score.org %>/<%= score.repo %>/commit/<%= score.commit %>) | <%= score.score %> | <%= score.date %> | <%= score.currentDiff || 0 %> | [Full Report](https://deps.dev/project/github/<%= score.org.toLowerCase() %>%2F<%= score.repo.toLowerCase() %>) |
 <%_ }); -%>
 
 _Report generated by [UlisesGascon/openssf-scorecard-monitor](https://github.com/UlisesGascon/openssf-scorecard-monitor)._