gojp / goreportcard Goto Github PK

It seems like the error banner always shows: Oops! There was an error processing your request: Internal Server Error, even though the backend is sending a more descriptive error

should add Godeps

Please forgive me if it behaves differently on a desktop, I've only tried mobile.

I tried out goreportcard and naturally used my own account first. I couldn't remember the name of any of my go repos and entering just the username presents an error flash.

If I enter just the username it would be neat to be displayed a list of available repositories to run the report on.

Optionally then repositories with go code (via the languages api call) could be promoted or the set could be filtered to avoid showing ineligible repos.

Thanks

I'll do it. Please contact me at [email protected] or +1 425 260 5292

This error happens a lot. It brings the site down and then I have to manually restart it.

integration test should be pretty quick to put together

https://github.com/rsc/grind

Original report by @shawnps:

errcheck checks whether a package is checking errors returned by functions. For example, it detects both of these:

recover()

and

_ := recover()

but unfortunately:

shawnps [9:59 PM]
but it runs at the package level 😞

shawnps [9:59 PM]
and the package needs to be in your gopath too so we'd have to like clone the repo into repos/src/github.com/org/reponame and then run it on there

We could still use it but we'd have to hack the repos dir a bit and set GOPATH to it. Then we'd have to clone the GitHub repo into repos/src/github.com/orgname/reponame and run errcheck on there.

I wouldn't call this A+, but maybe I'm too picky.

Anyways .. thanks making such a nice service.

n

http://goreportcard.com/report/ugorji/go

A+ Excellent!
Found 22 issues across 28 files

gocyclo 53%
gofmt 85%
golint 32%
go_vet 82%

Oops! There was an error processing your request and 500 Internal Server Error are not really informative. Here is an example for illustration. I have no clue what's wrong with it and I'm not able to reproduce the error locally (the same repo but uppercased works as expected).

github.com/peter-edge/flights-go

I cloned goreportcard locally and ran it, it works fine and shows 0 issues across 3 files.

Can we debug? Maybe also add a way to see what the error is when running?

I messed this up and only ignored "Godeps" but noticed some repos use other conventions

Not sure I would give or deduct points, but nice to see.

https://github.com/client9/misspell

On goreportcard.com (not seeing on local) if I click Update Now I get an error, and in the log it says git pull exited status 1. Clicking it twice works

The quality of dependencies an important point about the quality of the project.

By including the scores of dependencies it makes it visible. It would also encourage collaboration, e.g. i write a package and get a score C because of a dependencies then I'm more motivated to improve that dependency.

There's the question how to aggregate those dependencies. Minimum seems the most appropriate, chain is as weak as its weakest link.

this is way in the future probably but would be cool to expose an API for people to hit

some users may not realize that clicking Test Now pulls data from a cache unless they explicitly click Update now. maybe the last refresh text could be colored red if it's quite old or something

this is probably discouraging to anyone trying to develop locally, if you aren't running mongo and you try to get a report, the gopher spins for a minute or two then you get the following error:

Failed to get mongo collection during GET: no reachable servers

Thanks to goreportcard a bunch of false positives have been fixed.

More importantly

• Long blocks of text with no whitespace are ignored. This eliminates false positives in urls and big chunks of base64 text that sometimes are in source files.
• For Golang files only comments are checked for spelling (for now). You can change this behavior to check everything with -source=text. I may expand this to include raw strings but only if it behaves nicely.
• Big API update... to make sure you install with

go get -u github.com/client9/misspell/cmd/misspell

(maybe do this first to make double sure)

rm `which misspell`

onward!

Goreportcard does not check a presence of ../ in repo url and thus it is possible to start a check for all available repo directories by using it as url parameter. And multiple ../../ let us make the system scan everything beginning from the root (/).
All this create a vector for Denial of Service attack.

For illustration, goreportcard stores go getted repos inside repos/src. And when a scan of path/to/example is requested, the project from repos/src/path/to/example is checked. However, if we request the scan of ../ it will try to check repos/src/../ (i.e. repos/). In case of ../../ it will be just ./ and so forth.
As the process of rescanning (to check gofmt-ness, golint-ness, etc.) of all available projects isn't fast, it is potentially dangerous because an attacker may exploit this to DoS the service.

Like how Travis does it. cc @hermanschaaf

Currently, goreportcard clones a repo just once. Every subsequent attempt to update info about a project triggers git pull. Is my understanding correct?

    if os.IsNotExist(err) {
        cmd := exec.Command("git", "clone", "--depth", "1", "--single-branch", url, dir)
        if err := cmd.Run(); err != nil {
            return fmt.Errorf("could not run git clone: %v", err)
        }
    } else if err != nil {
        return fmt.Errorf("could not stat dir: %v", err)
    } else {
        cmd := exec.Command("git", "-C", dir, "pull")
        if err := cmd.Run(); err != nil {
            return fmt.Errorf("could not pull repo: %v", err)
        }
    }

If so, there is a flaw in this approach:

1. git pull will always fail if I rewrite my git history;
2. if I change my GH username (what I've recently done), a person who decides to use my old one will not be able to test his/her projects that have the same names as my projects had.

I think, if git pull fails it should remove the old directory and clone the project again instead of just returning an error.

I found a D!!

The message is Needs lots improvement .. I think it should be Needs lots _of_ improvement

has a lot of nice tools 👶

...a request we have received many times, and something I personally want too 😺

https://github.com/alecthomas/gometalinter

We should serve the badges ourselves so we can fix caching: github/markup#224 (comment)

this maybe be of interest to you

https://github.com/karolgorecki/goprove

$ goprove .
Passed tests: 7 of 11
---------------------------------------------------------------
[✔] README Presence: Does the project's include a documentation entrypoint?
[✔] Licensed: Does the project have a license?
[✔] gofmt Correctness: Is the code formatted correctly?
[✔] golint Correctness: Is the linter satisfied?
[✔] go tool vet Correctness: Is the Go vet satisfied?
[✔] Compiles: Does the project build?
[✔] Are the tests passing?
---------------------------------------------------------------
[✗] Contribution Process: Does the project document a contribution process?
[✗] Blackbox Tests: In addition to standard tests, does the project have blackbox tests?
[✗] Benchmarks: In addition to tests, does the project have benchmarks?
[✗] Directory Names and Packages Match: Does each package <pkg> statement's package name match the containing directory name?

Hello,

When I try to test https://godoc.org/github.com/minimaxir/big-list-of-naughty-strings/naughtystrings site is showing empty error:
Oops! There was an error processing your request: {}

Right now a repo will only appear on /high_scores if it has > 100 files. That was just a number that I chose arbitrarily. There are probably plenty of great repos that have 1-99 files :) Could probably pass the min number in a query parameter or something.

good stuff guys.

Found a nit on highscore page:

3   golang/crypto   185 86.49
44  Golang/crypto   185 86.49

http://goreportcard.com is down for me. Is there a better place to note this?

something like "org/repo got an A on goreportcard.com!"

I started a handler for returning high scores here:

https://github.com/gojp/goreportcard/blob/master/handlers/high_scores.go

We should add a view 📟 (or maybe multiple views since this one is just for repos > 100 files)

We log that we didn't find the repo in the cache, but not which repo. would be nice to have more specific log statement

Not sure if this is the best place to report this, but I don't know of anywhere else :)

When trying to update the score for my repo bwmarrin/discordgo I am getting the below error

Oops! There was an error processing your request: {}

But this seems to work fine for other repo's I have so I'm unsure if somehow there's something I've done in my discordgo repo that's causing a problem :( I would like to get it updated as I've fixed a bunch of things and like anybody else I want a good score :)

i've noticed the git clone failing with exit status 128 the first time a new repo is entered

Github allows for usernames, org names, and repo names to include periods, but currently goreportcard.com does not. If a period is present in the URL route goreportcard throws a 404.

I suggest allowing for periods by updating the makeHandler method in the main.go file to include them:
^/%s/([a-zA-Z0-9\-_]+)/([a-zA-Z0-9\-_]+)$ -> ^/%s/([a-zA-Z0-9\-_]+)/([a-zA-Z0-9\-_.]+)$

This way goreportcard will be compatible with the same characters github allows for users/orgs repos.

*** updated ***

would be cool to set up some sort of simple deployment process on pushes to master

Whether it's locally using the library I extracted (see issue #28) or online using http://goreportcard.com/report/awslabs/aws-sdk-go it seems this package hangs halfway through.

Right now we just return internal server error, but we can actually tell when a repo has no go files in it so we should return a more specific error

It would be better if we can include any other git repositories.

Hi,

Not an issue, just a heads up.
I needed to score projects programmatically so I extracted the relevant parts and made a package out of it.
It might be just me needing this but IMHO it'd be nice if the official project split the "web part" and the "scoring part", to separate concerns and avoid such forks.

Cheers!

Doing some experiments I found that some repos don't have a description set in github. It would be nice if go-reportcard mentioned this. It might help to get people to add a description.

2015/10/18 17:17:56 cloudflare/gokeyless: Go implementation of the keyless protocol
2015/10/18 17:17:56 cloudflare/service:  <--- ???
2015/10/18 17:17:56 cloudflare/dns: Clone of https://github.com/miekg/dns

2015/10/18 17:17:57 coreos/coreos-metadata: A simple cloud-provider metadata agent
2015/10/18 17:17:57 coreos/fuze: Convert YAML to JSON
2015/10/18 17:17:57 coreos/mayday: <--- ???
2015/10/18 17:17:57 coreos/sqlbuilder: a SQL query composition library for Go
2015/10/18 17:17:57 coreos/discovery.etcd.io: <--- ???
2015/10/18 17:17:57 coreos/update-ssh-keys: <--- ???
2015/10/18 17:17:57 coreos/etcd-ca: <--- ???

2015/10/18 17:17:58 docker/notary: <--- ???
2015/10/18 17:17:58 docker/libcompose: <--- ???
2015/10/18 17:17:58 docker/machine: Machine management for a container-centric world

Seeing this in the server log when clicking Update Now:

2015/02/08 08:46:08 Writing to mongo...
2015/02/08 08:46:08 Writing to mongo...
2015/02/08 08:46:10 Writing to mongo...
2015/02/08 08:46:10 Writing to mongo...
2015/02/08 08:46:14 Writing to mongo...
2015/02/08 08:46:14 Writing to mongo...
2015/02/08 08:46:17 Writing to mongo...
2015/02/08 08:46:17 Writing to mongo...
2015/02/08 08:46:19 Writing to mongo...
2015/02/08 08:46:19 Writing to mongo...

Doesn't happen locally I think

We could maybe add some links to recent or popular searches on the bottom of the page

the mongo info is just global vars in the handlers package right now, would be nice to make those flags with defaults in main.go and pass them to a struct or something.

Original comment by @shawnps:

Check the coverage percent of the package. We might not do this if we can't properly sandbox stuff.