⚠️ Add ProjectPackageVersions to raw data collection

checker/raw_result.go

@@ -20,6 +20,7 @@ import (
 
 	"github.com/ossf/scorecard/v5/clients"
 	"github.com/ossf/scorecard/v5/finding"
+	"github.com/ossf/scorecard/v5/internal/packageclient"
 )
 
 // RawResults contains results before a policy
@@ -286,7 +287,8 @@ type BinaryArtifactData struct {
 // SignedReleasesData contains the raw results
 // for the Signed-Releases check.
 type SignedReleasesData struct {
-	Releases []clients.Release
+	Releases               []clients.Release
+	ProjectPackageVersions packageclient.ProjectPackageVersions
 }
 
 // DependencyUpdateToolData contains the raw results

checks/raw/code_review.go

@@ -39,10 +39,6 @@ func CodeReview(c clients.RepoClient) (checker.CodeReviewData, error) {
 
 	changesets := getChangesets(commits)
 
-	if err != nil {
-		return checker.CodeReviewData{}, fmt.Errorf("%w", err)
-	}
-
 	return checker.CodeReviewData{
 		DefaultBranchChangesets: changesets,
 	}, nil

checks/raw/signed_releases.go

@@ -27,7 +27,13 @@ func SignedReleases(c *checker.CheckRequest) (checker.SignedReleasesData, error)
 		return checker.SignedReleasesData{}, fmt.Errorf("%w", err)
 	}
 
+	versions, err := c.ProjectClient.GetProjectPackageVersions(c.Ctx, c.Repo.Host(), c.Repo.Path())
+	if err != nil {
+		return checker.SignedReleasesData{}, fmt.Errorf("GetProjectPackageVersions: %w", err)
+	}
+
 	return checker.SignedReleasesData{
-		Releases: releases,
+		Releases:               releases,
+		ProjectPackageVersions: *versions,
 	}, nil
 }

checks/signed_releases_test.go

@@ -15,6 +15,7 @@
 package checks
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"testing"
@@ -24,6 +25,7 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/clients"
 	mockrepo "github.com/ossf/scorecard/v5/clients/mockclients"
+	"github.com/ossf/scorecard/v5/internal/packageclient"
 	scut "github.com/ossf/scorecard/v5/utests"
 )
 
@@ -435,8 +437,8 @@ func TestSignedRelease(t *testing.T) {
 
 			ctrl := gomock.NewController(t)
 
-			mockRepo := mockrepo.NewMockRepoClient(ctrl)
-			mockRepo.EXPECT().ListReleases().DoAndReturn(
+			mockRepoC := mockrepo.NewMockRepoClient(ctrl)
+			mockRepoC.EXPECT().ListReleases().DoAndReturn(
 				func() ([]clients.Release, error) {
 					if tt.err != nil {
 						return nil, tt.err
@@ -445,8 +447,30 @@ func TestSignedRelease(t *testing.T) {
 				},
 			).MinTimes(1)
 
+			mockRepo := mockrepo.NewMockRepo(ctrl)
+			mockRepo.EXPECT().Host().DoAndReturn(
+				func() string {
+					return ""
+				},
+			).AnyTimes()
+			mockRepo.EXPECT().Path().DoAndReturn(
+				func() string {
+					return ""
+				},
+			).AnyTimes()
+
+			mockPkgC := mockrepo.NewMockProjectPackageClient(ctrl)
+			mockPkgC.EXPECT().GetProjectPackageVersions(gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(
+				func(ctx context.Context, host, project string) (*packageclient.ProjectPackageVersions, error) {
+					v := packageclient.ProjectPackageVersions{}
+					return &v, nil
+				},
+			).AnyTimes()
+
 			req := checker.CheckRequest{
-				RepoClient: mockRepo,
+				RepoClient:    mockRepoC,
+				Repo:          mockRepo,
+				ProjectClient: mockPkgC,
 			}
 			req.Dlogger = &scut.TestDetailLogger{}
 			res := SignedReleases(&req)

clients/githubrepo/repo.go

@@ -132,3 +132,8 @@ func MakeGithubRepo(input string) (clients.Repo, error) {
 	}
 	return &repo, nil
 }
+
+// Path() implements RepoClient.Path.
+func (r *repoURL) Path() string {
+	return fmt.Sprintf("%s/%s", r.owner, r.repo)
+}

clients/gitlabrepo/repo.go

@@ -165,6 +165,11 @@ func (r *repoURL) Metadata() []string {
 	return r.metadata
 }
 
+// Path() implements RepoClient.Path.
+func (r *repoURL) Path() string {
+	return fmt.Sprintf("%s/%s", r.owner, r.project)
+}
+
 // MakeGitlabRepo takes input of forms in parse and returns and implementation
 // of clients.Repo interface.
 func MakeGitlabRepo(input string) (clients.Repo, error) {

clients/localdir/repo.go

@@ -69,6 +69,11 @@ func (r *repoLocal) AppendMetadata(m ...string) {
 	r.metadata = append(r.metadata, m...)
 }
 
+// Path() implements RepoClient.Path.
+func (r *repoLocal) Path() string {
+	return r.path
+}
+
 // MakeLocalDirRepo returns an implementation of clients.Repo interface.
 func MakeLocalDirRepo(pathfn string) (clients.Repo, error) {
 	p := path.Clean(pathfn)

clients/repo.go

@@ -16,6 +16,7 @@ package clients
 
 // Repo interface uniquely identifies a repo.
 type Repo interface {
+	Path() string
 	URI() string
 	Host() string
 	String() string