Skip to content

Add a pipeline to pull the OSSF Scorecard visualizer #901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
UlisesGascon wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add a pipeline to pull the OSSF Scorecard visualizer #901

UlisesGascon wants to merge 2 commits into from

Conversation

@UlisesGascon
Copy link
Member

@UlisesGascon UlisesGascon commented Nov 15, 2025
edited
Loading

Motivation

We want to host the official Scorecard Visualizer under the official Scorecard domain. This PR enables the existing Scorecard Viewer and the Visualizer to coexist in the same space while we plan the next steps (unification, deprecation, redirects, etc.).

Main Changes

A sample of an auto-generated update PR can be seen here (from my fork):
UlisesGascon#5

Screenshots

image

How the Update Process Works

A scheduled GitHub Action checks daily (and can be run manually) to detect if the Visualizer project has new changes.

  1. The workflow reads the last synced commit SHA from .last_commit.
  2. It fetches the latest commit SHA from ossf/scorecard-visualizer@main as we don't do releases
  3. If both SHAs match → no update is performed.
  4. If they differ →
    • The Visualizer repo is cloned
    • Dependencies are installed
    • A production build is generated
    • The output is copied into scorecards-site/static/scorecard-visualizer/
    • The .last_commit file is updated
    • The changes are committed to branch deps/upgrade-visualizer

PR Behavior

The workflow safely handles all scenarios:

PR already open

  • The existing deps/upgrade-visualizer branch is updated (force-with-lease)
  • The PR automatically reflects the new build
  • No new PR is created

PR merged

  • A new branch is created
  • A brand-new PR is opened for the next update

PR closed without merging

  • The workflow creates a new PR the next time updates are detected

No changes detected

  • The workflow exits early
  • No build, commit, or PR action occurs

Note: In the PR decription we have this information:

This update includes changes from commit:  
**`${{ steps.latest.outputs.sha }}`**  
https://github.com/ossf/scorecard-visualizer/commit/${{ steps.latest.outputs.sha }}

Context

@netlify
Copy link

netlify bot commented Nov 15, 2025
edited
Loading

Deploy Preview for ossf-scorecard ready!

Name Link
🔨 Latest commit c282caf
🔍 Latest deploy log https://app.netlify.com/projects/ossf-scorecard/deploys/6918c16efd26ae0008368816
😎 Deploy Preview https://deploy-preview-901--ossf-scorecard.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@UlisesGascon
docs: reference the new assets directoy
19b0f88 
Signed-off-by: Ulises Gascon <ulisesgascongonzalez@gmail.com>
@UlisesGascon UlisesGascon force-pushed the visualizer-integration branch from 1f3dfbb to 3bfbd59 Compare November 15, 2025 17:04
@UlisesGascon UlisesGascon changed the title feat: add pipeline to pull visualizer Add a pipeline to pull the OSSF Scorecard visualizer Nov 15, 2025
@UlisesGascon UlisesGascon changed the title Add a pipeline to pull the OSSF Scorecard visualizer WIP: Add a pipeline to pull the OSSF Scorecard visualizer Nov 15, 2025
@UlisesGascon UlisesGascon force-pushed the visualizer-integration branch from 3bfbd59 to 12bfd1a Compare November 15, 2025 17:59
@UlisesGascon UlisesGascon mentioned this pull request Nov 15, 2025
Draft
@UlisesGascon
feat: add pipeline to pull the OSSF Scorecard visualizer
c282caf 
Signed-off-by: Ulises Gascon <ulisesgascongonzalez@gmail.com>
@UlisesGascon UlisesGascon force-pushed the visualizer-integration branch from 12bfd1a to c282caf Compare November 15, 2025 18:07
@UlisesGascon UlisesGascon changed the title WIP: Add a pipeline to pull the OSSF Scorecard visualizer Add a pipeline to pull the OSSF Scorecard visualizer Nov 15, 2025
@UlisesGascon UlisesGascon self-assigned this Nov 15, 2025
@UlisesGascon UlisesGascon marked this pull request as ready for review November 15, 2025 18:21
@UlisesGascon UlisesGascon requested review from a team as code owners November 15, 2025 18:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

@AdamKorcz AdamKorcz Awaiting requested review from AdamKorcz AdamKorcz is a code owner automatically assigned from ossf/scorecard-maintainers

@justaugustus justaugustus Awaiting requested review from justaugustus

@spencerschrock spencerschrock Awaiting requested review from spencerschrock

@KoolTheba KoolTheba Awaiting requested review from KoolTheba

At least 1 approving review is required to merge this pull request.

Assignees

@UlisesGascon UlisesGascon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@UlisesGascon