Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add http_pattern_matcher as dependency for envoy dataplane_core #15506

Closed
qiwzhang opened this issue Mar 16, 2021 · 12 comments
Closed

Add http_pattern_matcher as dependency for envoy dataplane_core #15506

qiwzhang opened this issue Mar 16, 2021 · 12 comments
Labels
area/http stale stalebot believes this issue/PR has not been touched recently

Comments

@qiwzhang
Copy link
Contributor

This is for #15299 to address #7763

This issue replaced issue #15304

Description:
url_template is implemented in this http_pattern_matcher repo
In order to support url_template in RouteMatch, need to add this repo as envoy dataplane_core dependency.

Actually, this http_pattern_matcher repo split from grpc_httpjson_transcoding. Just moved path_matcher related code to the new repo.
@qiwzhang qiwzhang added the triage Issue requires triage label Mar 16, 2021
@qiwzhang
Copy link
Contributor Author

@envoyproxy/dependency-shepherds @envoyproxy/security-team

@qiwzhang qiwzhang mentioned this issue Mar 16, 2021
Closed
@jmarantz jmarantz added the enhancement Feature requests. Not bugs or questions. label Mar 16, 2021
@mattklein123 mattklein123 added area/http and removed enhancement Feature requests. Not bugs or questions. triage Issue requires triage labels Mar 16, 2021
@qiwzhang
Copy link
Contributor Author

We have added CI and fuzz tested into this repo.

@moderation could you help to score it?

@moderation
Copy link
Contributor

Even though I can see the fuzzing added to the repo the score is unchanged - grpc-ecosystem/grpc-httpjson-transcoding@0b74abc. The fuzzing check is at https://github.com/ossf/scorecard/blob/main/checks/fuzzing.go and I think you need to follow some more steps including adding a project.yaml file documented at https://google.github.io/oss-fuzz/getting-started/new-project-guide/#creating-the-file-structure

RESULTS
-------
Active: Pass 10
Branch-Protection: Fail 0
CI-Tests: Fail 5
CII-Best-Practices: Fail 10
Code-Review: Pass 10
Contributors: Pass 10
Frozen-Deps: Fail 5
Fuzzing: Fail 10
Packaging: Fail 0
Pull-Requests: Pass 10
SAST: Fail 10
Security-Policy: Pass 10
Signed-Releases: Fail 0
Signed-Tags: Fail 0

@qiwzhang
Copy link
Contributor Author

@moderation were you checking grpc_httpjson-transcoding repo? If so, it is wrong. We should check http_pattern_matcher repo under google.

@moderation
Copy link
Contributor

Yes! Wrong repo. scorecard --repo=https://github.com/google/http_pattern_matcher

RESULTS
-------
Active: Pass 10
Branch-Protection: Fail 0
CI-Tests: Fail 10
CII-Best-Practices: Fail 10
Code-Review: Pass 10
Contributors: Pass 10
Frozen-Deps: Fail 5
Fuzzing: Fail 10
Packaging: Fail 0
Pull-Requests: Fail 4
SAST: Fail 10
Security-Policy: Pass 10
Signed-Releases: Fail 0
Signed-Tags: Fail 0

Your CI and Fuzzing are not being picked up by the OSS Scorecard

@qiwzhang
Copy link
Contributor Author

@nareddyt could you help to check with CI and Fuzzing not been picked up?

@nareddyt
Copy link
Contributor

I assume fuzzing will be picked up once google/oss-fuzz#5427 is merged.
Not sure why CI is not detected. We are using prow, which is listed as a supported system in the documentation: https://github.com/ossf/scorecard/blob/main/checks.md#ci-tests

@github-actions
Copy link

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale stalebot believes this issue/PR has not been touched recently label Apr 22, 2021
@qiwzhang
Copy link
Contributor Author

Hi @moderation, could you re-run the score card for this rero?

@qiwzhang
Copy link
Contributor Author

@envoyproxy/dependency-shepherds @envoyproxy/security-team

Can you approve this proposal? Thanks

@github-actions github-actions bot removed the stale stalebot believes this issue/PR has not been touched recently label Apr 23, 2021
@github-actions
Copy link

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale stalebot believes this issue/PR has not been touched recently label May 23, 2021
@github-actions
Copy link

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/http stale stalebot believes this issue/PR has not been touched recently
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@moderation @jmarantz @mattklein123 @nareddyt @qiwzhang