Skip to content

test: add temporary Justice-bot test workflow#371

Merged
nullvariant merged 1 commit into
mainfrom
test/justice-bot-add-test-workflow
Mar 18, 2026
Merged

test: add temporary Justice-bot test workflow#371
nullvariant merged 1 commit into
mainfrom
test/justice-bot-add-test-workflow

Conversation

@nullvariant
Copy link
Copy Markdown
Owner

@nullvariant nullvariant commented Mar 18, 2026

Summary

  • Add temporary workflow_dispatch-based test harness for Justice-bot dependency review
  • Accepts a PR number as input, runs the same analysis logic without actor verification
  • To be deleted after testing is complete

Test plan

  • Merge this PR first
  • Then trigger against PR test: Justice-bot smoke test (TEMPORARY) #370: gh workflow run justice-bot-test.yml -f pr_number=370
  • Verify verdict comments appear correctly
  • Delete both test PRs and branches when done

🤖 Generated with Claude Code

@nullvariant @claude
test: add temporary Justice-bot test workflow
be39702 
TEMPORARY: workflow_dispatch-based test harness for Justice-bot
dependency review. Accepts a PR number and runs the same analysis
logic without actor verification. To be deleted after testing.

🖥️ IDE: [Cursor](https://cursor.sh)
🔌 Extension: [Claude Code](https://claude.ai/download)

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Model-Raw: claude-opus-4-6[1m]
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 18, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout de0fac2e4500dabe0009e67214ff5f5447ce83dd 🟢 5.9
Details
CheckScoreReason
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 8SAST tool detected but not run on all commits
actions/step-security/harden-runner fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 🟢 8.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1012 out of 12 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 109 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 55 existing vulnerabilities detected
actions/tibdex/github-app-token 3beb63f4bd073e61482598c45c71c1019b59b73a 🟢 3.6
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/26 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 0project is archived
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • .github/workflows/justice-bot-test.yml

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 18, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nullvariant nullvariant merged commit 3a9b3c4 into main Mar 18, 2026
23 of 24 checks passed
@nullvariant nullvariant deleted the test/justice-bot-add-test-workflow branch March 18, 2026 12:53
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 18, 2026

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nullvariant @codecov-commenter