From 6f2e88794970489f9293022e477e1a76cb83a34a Mon Sep 17 00:00:00 2001 From: Gustavo Carvalho Date: Tue, 9 Dec 2025 06:44:12 -0300 Subject: [PATCH 1/3] feat: adds support for release-related policies Signed-off-by: Gustavo Carvalho --- main.go | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index 03ce658..ad301b0 100644 --- a/main.go +++ b/main.go @@ -54,6 +54,7 @@ type SaturatedRepository struct { // RequiredStatusChecks maps branch name -> required status checks configuration RequiredStatusChecks map[string]*github.RequiredStatusChecks `json:"required_status_checks"` SBOM *github.SBOM `json:"sbom"` + LastRelease *github.RepositoryRelease `json:"last_release"` OpenPullRequests []*github.PullRequest `json:"pull_requests"` } @@ -175,13 +176,20 @@ func (l *GithubReposPlugin) Eval(req *proto.EvalRequest, apiHelper runner.ApiHel Status: proto.ExecutionStatus_FAILURE, }, err } - + release, err := l.FecthLatestRelease(ctx, repo) + if err != nil { + l.Logger.Error("error gathering latest release", "error", err) + return &proto.EvalResponse{ + Status: proto.ExecutionStatus_FAILURE, + }, err + } data := &SaturatedRepository{ Settings: repo, Workflows: workflows, WorkflowRuns: workflowRuns, ProtectedBranches: branchNames, RequiredStatusChecks: requiredChecks, + LastRelease: release, SBOM: sbom, OpenPullRequests: pullRequests, } @@ -202,6 +210,11 @@ func (l *GithubReposPlugin) Eval(req *proto.EvalRequest, apiHelper runner.ApiHel Status: proto.ExecutionStatus_FAILURE, }, err } + evidenceJson, err := json.MarshalIndent(evidences, "", " ") + if err != nil { + l.Logger.Error("failed to marshal evidences", "error", err) + } + l.Logger.Debug("Evidence", "evidence", string(evidenceJson)) if err := apiHelper.CreateEvidence(ctx, evidences); err != nil { l.Logger.Error("Error creating evidence", "error", err) @@ -282,6 +295,23 @@ func (l *GithubReposPlugin) FetchRepositories(ctx context.Context, req *proto.Ev return repochan, errchan } +func (l *GithubReposPlugin) FecthLatestRelease(ctx context.Context, repo *github.Repository) (*github.RepositoryRelease, error) { + owner := repo.GetOwner().GetLogin() + name := repo.GetName() + + release, resp, err := l.githubClient.Repositories.GetLatestRelease(ctx, owner, name) + if err != nil { + // If there is simply no release, GitHub returns 404. Treat this as "no release" rather than a hard error. + if resp != nil && resp.Response != nil && resp.StatusCode == 404 { + l.Logger.Trace("No releases found for repository", "repo", repo.GetFullName()) + return nil, nil + } + return nil, err + } + + return release, nil +} + func (l *GithubReposPlugin) GatherConfiguredWorkflows(ctx context.Context, repo *github.Repository) ([]*github.Workflow, error) { workflows, _, err := l.githubClient.Actions.ListWorkflows(ctx, repo.GetOwner().GetLogin(), repo.GetName(), nil) if err != nil { From c7af9b4d4616c567cb327d9b0eb98fdfbdd25976 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Tue, 9 Dec 2025 09:33:49 -0300 Subject: [PATCH 2/3] fix: remove debug line --- main.go | 1 - 1 file changed, 1 deletion(-) diff --git a/main.go b/main.go index ad301b0..4913905 100644 --- a/main.go +++ b/main.go @@ -214,7 +214,6 @@ func (l *GithubReposPlugin) Eval(req *proto.EvalRequest, apiHelper runner.ApiHel if err != nil { l.Logger.Error("failed to marshal evidences", "error", err) } - l.Logger.Debug("Evidence", "evidence", string(evidenceJson)) if err := apiHelper.CreateEvidence(ctx, evidences); err != nil { l.Logger.Error("Error creating evidence", "error", err) From b258b48cb702f301d3562461d72e066da4973f3b Mon Sep 17 00:00:00 2001 From: Gustavo Carvalho Date: Tue, 9 Dec 2025 09:35:01 -0300 Subject: [PATCH 3/3] fix: remove evidenceJson Signed-off-by: Gustavo Carvalho --- main.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/main.go b/main.go index 4913905..e1e950b 100644 --- a/main.go +++ b/main.go @@ -210,10 +210,6 @@ func (l *GithubReposPlugin) Eval(req *proto.EvalRequest, apiHelper runner.ApiHel Status: proto.ExecutionStatus_FAILURE, }, err } - evidenceJson, err := json.MarshalIndent(evidences, "", " ") - if err != nil { - l.Logger.Error("failed to marshal evidences", "error", err) - } if err := apiHelper.CreateEvidence(ctx, evidences); err != nil { l.Logger.Error("Error creating evidence", "error", err)