cloud-platform-repository-checker 1.0.1 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/Gemfile.lock +15 -0
- data/bin/check.rb +27 -0
- data/bin/cloud-platform-repository-checker +3 -5
- data/lib/repository_lister.rb +1 -1
- data/lib/repository_report.rb +6 -6
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e8cf546dab8f2551ca91e723bb23195baa4de9ca433c0b01f5cbd8d62405781
|
|
4
|
+
data.tar.gz: 36787f13af08b887b4289964411164f0a8a636346f25002ea7d84170e644c257
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2b04b7f8e2b4d75b273e19d65006a47fd65f5d8ef1c9e3d817c713fb716944686cd596b574deb54970dbda32cfe4387cad0097c525c9005ecaed8e8e12b80adb
|
|
7
|
+
data.tar.gz: 01a1858cacaba240aa9a1193b39072518a70c7108b148ab0e9de04dd673e0dfa447a0d353f571307235b64083aead7740afad030dafeccf8b044370825c7bf92
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -5,6 +5,7 @@ GEM
|
|
|
5
5
|
public_suffix (>= 2.0.2, < 5.0)
|
|
6
6
|
byebug (11.1.3)
|
|
7
7
|
coderay (1.1.2)
|
|
8
|
+
diff-lcs (1.3)
|
|
8
9
|
faraday (1.0.1)
|
|
9
10
|
multipart-post (>= 1.2, < 3)
|
|
10
11
|
method_source (1.0.0)
|
|
@@ -19,6 +20,19 @@ GEM
|
|
|
19
20
|
byebug (~> 11.0)
|
|
20
21
|
pry (~> 0.13.0)
|
|
21
22
|
public_suffix (4.0.5)
|
|
23
|
+
rspec (3.9.0)
|
|
24
|
+
rspec-core (~> 3.9.0)
|
|
25
|
+
rspec-expectations (~> 3.9.0)
|
|
26
|
+
rspec-mocks (~> 3.9.0)
|
|
27
|
+
rspec-core (3.9.2)
|
|
28
|
+
rspec-support (~> 3.9.3)
|
|
29
|
+
rspec-expectations (3.9.2)
|
|
30
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
31
|
+
rspec-support (~> 3.9.0)
|
|
32
|
+
rspec-mocks (3.9.1)
|
|
33
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
34
|
+
rspec-support (~> 3.9.0)
|
|
35
|
+
rspec-support (3.9.3)
|
|
22
36
|
sawyer (0.8.2)
|
|
23
37
|
addressable (>= 2.3.5)
|
|
24
38
|
faraday (> 0.8, < 2.0)
|
|
@@ -29,6 +43,7 @@ PLATFORMS
|
|
|
29
43
|
DEPENDENCIES
|
|
30
44
|
octokit
|
|
31
45
|
pry-byebug
|
|
46
|
+
rspec
|
|
32
47
|
|
|
33
48
|
BUNDLED WITH
|
|
34
49
|
2.1.2
|
data/bin/check.rb
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
# Script to list repositories in the ministryofjustice organisation whose names
|
|
4
|
+
# match a regular expression, and output a JSON report of how well they
|
|
5
|
+
# do/don't comply with our team-wide standards for how github repositories
|
|
6
|
+
# should be configured.
|
|
7
|
+
|
|
8
|
+
require "json"
|
|
9
|
+
require "net/http"
|
|
10
|
+
require "uri"
|
|
11
|
+
require "octokit"
|
|
12
|
+
|
|
13
|
+
require_relative "../lib/github_graph_ql_client"
|
|
14
|
+
require_relative "../lib/repository_lister"
|
|
15
|
+
require_relative "../lib/repository_report"
|
|
16
|
+
|
|
17
|
+
############################################################
|
|
18
|
+
|
|
19
|
+
params = {
|
|
20
|
+
organization: ENV.fetch("ORGANIZATION"),
|
|
21
|
+
regexp: Regexp.new(ENV.fetch("REGEXP")),
|
|
22
|
+
team: ENV.fetch("TEAM"),
|
|
23
|
+
github_token: ENV.fetch("GITHUB_TOKEN")
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
repo_name = ARGV.shift
|
|
27
|
+
pp RepositoryReport.new(params.merge(repo_name: repo_name)).fetch_repo_data
|
|
@@ -5,16 +5,14 @@
|
|
|
5
5
|
# do/don't comply with our team-wide standards for how github repositories
|
|
6
6
|
# should be configured.
|
|
7
7
|
|
|
8
|
-
require "bundler/setup"
|
|
9
8
|
require "json"
|
|
10
9
|
require "net/http"
|
|
11
10
|
require "uri"
|
|
12
11
|
require "octokit"
|
|
13
12
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
require File.join(libdir, "repository_report")
|
|
13
|
+
require_relative "../lib/github_graph_ql_client"
|
|
14
|
+
require_relative "../lib/repository_lister"
|
|
15
|
+
require_relative "../lib/repository_report"
|
|
18
16
|
|
|
19
17
|
############################################################
|
|
20
18
|
|
data/lib/repository_lister.rb
CHANGED
|
@@ -12,7 +12,7 @@ class RepositoryLister < GithubGraphQlClient
|
|
|
12
12
|
# Returns a list of repository names which match `regexp`
|
|
13
13
|
def repository_names
|
|
14
14
|
list_repos
|
|
15
|
-
.
|
|
15
|
+
.select { |repo| repo["name"] =~ regexp }
|
|
16
16
|
.map { |repo| repo["name"] }
|
|
17
17
|
end
|
|
18
18
|
|
data/lib/repository_report.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class RepositoryReport < GithubGraphQlClient
|
|
2
2
|
attr_reader :organization, :repo_name, :team
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
MAIN_BRANCHES = ["main", "master"] # We are changing to use "main" but many repos still use "master" as default branch
|
|
5
5
|
ADMIN = "admin"
|
|
6
6
|
PASS = "PASS"
|
|
7
7
|
FAIL = "FAIL"
|
|
@@ -45,7 +45,7 @@ class RepositoryReport < GithubGraphQlClient
|
|
|
45
45
|
|
|
46
46
|
def all_checks_result
|
|
47
47
|
@all_checks_result ||= {
|
|
48
|
-
|
|
48
|
+
has_main_branch_protection: has_main_branch_protection?,
|
|
49
49
|
requires_approving_reviews: has_branch_protection_property?("requiresApprovingReviews"),
|
|
50
50
|
requires_code_owner_reviews: has_branch_protection_property?("requiresCodeOwnerReviews"),
|
|
51
51
|
administrators_require_review: has_branch_protection_property?("isAdminEnforced"),
|
|
@@ -101,8 +101,8 @@ class RepositoryReport < GithubGraphQlClient
|
|
|
101
101
|
def is_team_admin?
|
|
102
102
|
client = Octokit::Client.new(access_token: github_token)
|
|
103
103
|
|
|
104
|
-
client.repo_teams([organization, repo_name].join("/")).
|
|
105
|
-
|
|
104
|
+
client.repo_teams([organization, repo_name].join("/")).select do |t|
|
|
105
|
+
t[:name] == team && t[:permission] == ADMIN
|
|
106
106
|
end.any?
|
|
107
107
|
rescue Octokit::NotFound
|
|
108
108
|
# This happens if our token does not have permission to view repo settings
|
|
@@ -113,11 +113,11 @@ class RepositoryReport < GithubGraphQlClient
|
|
|
113
113
|
@rules ||= repo_data.dig("data", "repository", "branchProtectionRules", "edges")
|
|
114
114
|
end
|
|
115
115
|
|
|
116
|
-
def
|
|
116
|
+
def has_main_branch_protection?
|
|
117
117
|
requiring_branch_protection_rules do |rules|
|
|
118
118
|
|
|
119
119
|
rules
|
|
120
|
-
.
|
|
120
|
+
.select { |edge| MAIN_BRANCHES.include?(edge.dig("node", "pattern")) }
|
|
121
121
|
.any?
|
|
122
122
|
end
|
|
123
123
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cloud-platform-repository-checker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Salgado
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: octokit
|
|
@@ -27,6 +27,7 @@ dependencies:
|
|
|
27
27
|
description:
|
|
28
28
|
email: platforms@digital.justice.gov.uk
|
|
29
29
|
executables:
|
|
30
|
+
- check.rb
|
|
30
31
|
- cloud-platform-repository-checker
|
|
31
32
|
extensions: []
|
|
32
33
|
extra_rdoc_files:
|
|
@@ -36,6 +37,7 @@ files:
|
|
|
36
37
|
- Gemfile.lock
|
|
37
38
|
- LICENSE
|
|
38
39
|
- README.md
|
|
40
|
+
- bin/check.rb
|
|
39
41
|
- bin/cloud-platform-repository-checker
|
|
40
42
|
- env.example
|
|
41
43
|
- lib/github_graph_ql_client.rb
|