cloud-platform-repository-checker 1.0.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/Gemfile.lock +15 -0
- data/bin/check.rb +27 -0
- data/bin/cloud-platform-repository-checker +3 -5
- data/lib/repository_lister.rb +1 -1
- data/lib/repository_report.rb +6 -6
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e8cf546dab8f2551ca91e723bb23195baa4de9ca433c0b01f5cbd8d62405781
|
|
4
|
+
data.tar.gz: 36787f13af08b887b4289964411164f0a8a636346f25002ea7d84170e644c257
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2b04b7f8e2b4d75b273e19d65006a47fd65f5d8ef1c9e3d817c713fb716944686cd596b574deb54970dbda32cfe4387cad0097c525c9005ecaed8e8e12b80adb
|
|
7
|
+
data.tar.gz: 01a1858cacaba240aa9a1193b39072518a70c7108b148ab0e9de04dd673e0dfa447a0d353f571307235b64083aead7740afad030dafeccf8b044370825c7bf92
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -5,6 +5,7 @@ GEM
|
|
|
5
5
|
public_suffix (>= 2.0.2, < 5.0)
|
|
6
6
|
byebug (11.1.3)
|
|
7
7
|
coderay (1.1.2)
|
|
8
|
+
diff-lcs (1.3)
|
|
8
9
|
faraday (1.0.1)
|
|
9
10
|
multipart-post (>= 1.2, < 3)
|
|
10
11
|
method_source (1.0.0)
|
|
@@ -19,6 +20,19 @@ GEM
|
|
|
19
20
|
byebug (~> 11.0)
|
|
20
21
|
pry (~> 0.13.0)
|
|
21
22
|
public_suffix (4.0.5)
|
|
23
|
+
rspec (3.9.0)
|
|
24
|
+
rspec-core (~> 3.9.0)
|
|
25
|
+
rspec-expectations (~> 3.9.0)
|
|
26
|
+
rspec-mocks (~> 3.9.0)
|
|
27
|
+
rspec-core (3.9.2)
|
|
28
|
+
rspec-support (~> 3.9.3)
|
|
29
|
+
rspec-expectations (3.9.2)
|
|
30
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
31
|
+
rspec-support (~> 3.9.0)
|
|
32
|
+
rspec-mocks (3.9.1)
|
|
33
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
34
|
+
rspec-support (~> 3.9.0)
|
|
35
|
+
rspec-support (3.9.3)
|
|
22
36
|
sawyer (0.8.2)
|
|
23
37
|
addressable (>= 2.3.5)
|
|
24
38
|
faraday (> 0.8, < 2.0)
|
|
@@ -29,6 +43,7 @@ PLATFORMS
|
|
|
29
43
|
DEPENDENCIES
|
|
30
44
|
octokit
|
|
31
45
|
pry-byebug
|
|
46
|
+
rspec
|
|
32
47
|
|
|
33
48
|
BUNDLED WITH
|
|
34
49
|
2.1.2
|
data/bin/check.rb
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
# Script to list repositories in the ministryofjustice organisation whose names
|
|
4
|
+
# match a regular expression, and output a JSON report of how well they
|
|
5
|
+
# do/don't comply with our team-wide standards for how github repositories
|
|
6
|
+
# should be configured.
|
|
7
|
+
|
|
8
|
+
require "json"
|
|
9
|
+
require "net/http"
|
|
10
|
+
require "uri"
|
|
11
|
+
require "octokit"
|
|
12
|
+
|
|
13
|
+
require_relative "../lib/github_graph_ql_client"
|
|
14
|
+
require_relative "../lib/repository_lister"
|
|
15
|
+
require_relative "../lib/repository_report"
|
|
16
|
+
|
|
17
|
+
############################################################
|
|
18
|
+
|
|
19
|
+
params = {
|
|
20
|
+
organization: ENV.fetch("ORGANIZATION"),
|
|
21
|
+
regexp: Regexp.new(ENV.fetch("REGEXP")),
|
|
22
|
+
team: ENV.fetch("TEAM"),
|
|
23
|
+
github_token: ENV.fetch("GITHUB_TOKEN")
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
repo_name = ARGV.shift
|
|
27
|
+
pp RepositoryReport.new(params.merge(repo_name: repo_name)).fetch_repo_data
|
|
@@ -5,16 +5,14 @@
|
|
|
5
5
|
# do/don't comply with our team-wide standards for how github repositories
|
|
6
6
|
# should be configured.
|
|
7
7
|
|
|
8
|
-
require "bundler/setup"
|
|
9
8
|
require "json"
|
|
10
9
|
require "net/http"
|
|
11
10
|
require "uri"
|
|
12
11
|
require "octokit"
|
|
13
12
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
require File.join(libdir, "repository_report")
|
|
13
|
+
require_relative "../lib/github_graph_ql_client"
|
|
14
|
+
require_relative "../lib/repository_lister"
|
|
15
|
+
require_relative "../lib/repository_report"
|
|
18
16
|
|
|
19
17
|
############################################################
|
|
20
18
|
|
data/lib/repository_lister.rb
CHANGED
|
@@ -12,7 +12,7 @@ class RepositoryLister < GithubGraphQlClient
|
|
|
12
12
|
# Returns a list of repository names which match `regexp`
|
|
13
13
|
def repository_names
|
|
14
14
|
list_repos
|
|
15
|
-
.
|
|
15
|
+
.select { |repo| repo["name"] =~ regexp }
|
|
16
16
|
.map { |repo| repo["name"] }
|
|
17
17
|
end
|
|
18
18
|
|
data/lib/repository_report.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class RepositoryReport < GithubGraphQlClient
|
|
2
2
|
attr_reader :organization, :repo_name, :team
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
MAIN_BRANCHES = ["main", "master"] # We are changing to use "main" but many repos still use "master" as default branch
|
|
5
5
|
ADMIN = "admin"
|
|
6
6
|
PASS = "PASS"
|
|
7
7
|
FAIL = "FAIL"
|
|
@@ -45,7 +45,7 @@ class RepositoryReport < GithubGraphQlClient
|
|
|
45
45
|
|
|
46
46
|
def all_checks_result
|
|
47
47
|
@all_checks_result ||= {
|
|
48
|
-
|
|
48
|
+
has_main_branch_protection: has_main_branch_protection?,
|
|
49
49
|
requires_approving_reviews: has_branch_protection_property?("requiresApprovingReviews"),
|
|
50
50
|
requires_code_owner_reviews: has_branch_protection_property?("requiresCodeOwnerReviews"),
|
|
51
51
|
administrators_require_review: has_branch_protection_property?("isAdminEnforced"),
|
|
@@ -101,8 +101,8 @@ class RepositoryReport < GithubGraphQlClient
|
|
|
101
101
|
def is_team_admin?
|
|
102
102
|
client = Octokit::Client.new(access_token: github_token)
|
|
103
103
|
|
|
104
|
-
client.repo_teams([organization, repo_name].join("/")).
|
|
105
|
-
|
|
104
|
+
client.repo_teams([organization, repo_name].join("/")).select do |t|
|
|
105
|
+
t[:name] == team && t[:permission] == ADMIN
|
|
106
106
|
end.any?
|
|
107
107
|
rescue Octokit::NotFound
|
|
108
108
|
# This happens if our token does not have permission to view repo settings
|
|
@@ -113,11 +113,11 @@ class RepositoryReport < GithubGraphQlClient
|
|
|
113
113
|
@rules ||= repo_data.dig("data", "repository", "branchProtectionRules", "edges")
|
|
114
114
|
end
|
|
115
115
|
|
|
116
|
-
def
|
|
116
|
+
def has_main_branch_protection?
|
|
117
117
|
requiring_branch_protection_rules do |rules|
|
|
118
118
|
|
|
119
119
|
rules
|
|
120
|
-
.
|
|
120
|
+
.select { |edge| MAIN_BRANCHES.include?(edge.dig("node", "pattern")) }
|
|
121
121
|
.any?
|
|
122
122
|
end
|
|
123
123
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cloud-platform-repository-checker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Salgado
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: octokit
|
|
@@ -27,6 +27,7 @@ dependencies:
|
|
|
27
27
|
description:
|
|
28
28
|
email: platforms@digital.justice.gov.uk
|
|
29
29
|
executables:
|
|
30
|
+
- check.rb
|
|
30
31
|
- cloud-platform-repository-checker
|
|
31
32
|
extensions: []
|
|
32
33
|
extra_rdoc_files:
|
|
@@ -36,6 +37,7 @@ files:
|
|
|
36
37
|
- Gemfile.lock
|
|
37
38
|
- LICENSE
|
|
38
39
|
- README.md
|
|
40
|
+
- bin/check.rb
|
|
39
41
|
- bin/cloud-platform-repository-checker
|
|
40
42
|
- env.example
|
|
41
43
|
- lib/github_graph_ql_client.rb
|