cloud-platform-repository-checker 1.0.3 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -0
  3. data/Gemfile.lock +15 -0
  4. data/bin/check.rb +27 -0
  5. data/bin/cloud-platform-repository-checker +7 -0
  6. data/bin/list-master-repos.rb +31 -0
  7. data/lib/repository_lister.rb +1 -1
  8. data/lib/repository_report.rb +26 -8
  9. metadata +6 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a2b4aca4d981216824e51df4da42c15698739e92113d4d20c942a8e1c6ee2351
4
- data.tar.gz: 222a26a71b7f78e4ae6b14b725b50310513f0bab1511a93ffb93fdf56b0431fb
3
+ metadata.gz: 349475811494cf5ed087f35cdc0a24f1ef623aed8c35460755795d4dc2d4b3ce
4
+ data.tar.gz: 6ccc18f29bdc90fcf4f5e3f3bdbbf8f2a4a12e6d4b0591de47ceeeeae86179d1
5
5
  SHA512:
6
- metadata.gz: b2ab3ded011bed4820ac322e71264699c82e147bf73e0f4a5c0b19c1fb6328c69d719f5bbda0b80c8f4db7db5a4a434cd8cb3913d5c388c8988eeac5708c35c7
7
- data.tar.gz: c40911cafba83133022983f040cd3e2f8ba20e4d604a90220652853faa0295dce1928196f1bcf61908da1171db2fe4cfa83705f8233b39e78ca49b09f7babb5f
6
+ metadata.gz: 816eb3fa94959c00289745126c149fde28b7b857cc8c106636a0c61b18f91b1cd4291ec8b9c9aed72ad5d91b797b08879dd6e4d0a92bb257b093fc2105d013f1
7
+ data.tar.gz: fe518adc7d36d267ae86a48e1183e9b6194a325d98e21e839f87bd516cbb7b85ece38fb8c05cbd2899055ff445d3d7fbc5f58b74e6b8cfbad3ba592534a64283
data/Gemfile CHANGED
@@ -8,4 +8,5 @@ gem "octokit"
8
8
 
9
9
  group :development do
10
10
  gem "pry-byebug"
11
+ gem "rspec"
11
12
  end
data/Gemfile.lock CHANGED
@@ -5,6 +5,7 @@ GEM
5
5
  public_suffix (>= 2.0.2, < 5.0)
6
6
  byebug (11.1.3)
7
7
  coderay (1.1.2)
8
+ diff-lcs (1.3)
8
9
  faraday (1.0.1)
9
10
  multipart-post (>= 1.2, < 3)
10
11
  method_source (1.0.0)
@@ -19,6 +20,19 @@ GEM
19
20
  byebug (~> 11.0)
20
21
  pry (~> 0.13.0)
21
22
  public_suffix (4.0.5)
23
+ rspec (3.9.0)
24
+ rspec-core (~> 3.9.0)
25
+ rspec-expectations (~> 3.9.0)
26
+ rspec-mocks (~> 3.9.0)
27
+ rspec-core (3.9.2)
28
+ rspec-support (~> 3.9.3)
29
+ rspec-expectations (3.9.2)
30
+ diff-lcs (>= 1.2.0, < 2.0)
31
+ rspec-support (~> 3.9.0)
32
+ rspec-mocks (3.9.1)
33
+ diff-lcs (>= 1.2.0, < 2.0)
34
+ rspec-support (~> 3.9.0)
35
+ rspec-support (3.9.3)
22
36
  sawyer (0.8.2)
23
37
  addressable (>= 2.3.5)
24
38
  faraday (> 0.8, < 2.0)
@@ -29,6 +43,7 @@ PLATFORMS
29
43
  DEPENDENCIES
30
44
  octokit
31
45
  pry-byebug
46
+ rspec
32
47
 
33
48
  BUNDLED WITH
34
49
  2.1.2
data/bin/check.rb ADDED
@@ -0,0 +1,27 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # Script to list repositories in the ministryofjustice organisation whose names
4
+ # match a regular expression, and output a JSON report of how well they
5
+ # do/don't comply with our team-wide standards for how github repositories
6
+ # should be configured.
7
+
8
+ require "json"
9
+ require "net/http"
10
+ require "uri"
11
+ require "octokit"
12
+
13
+ require_relative "../lib/github_graph_ql_client"
14
+ require_relative "../lib/repository_lister"
15
+ require_relative "../lib/repository_report"
16
+
17
+ ############################################################
18
+
19
+ params = {
20
+ organization: ENV.fetch("ORGANIZATION"),
21
+ regexp: Regexp.new(ENV.fetch("REGEXP")),
22
+ team: ENV.fetch("TEAM"),
23
+ github_token: ENV.fetch("GITHUB_TOKEN")
24
+ }
25
+
26
+ repo_name = ARGV.shift
27
+ pp RepositoryReport.new(params.merge(repo_name: repo_name)).fetch_repo_data
data/bin/cloud-platform-repository-checker CHANGED
@@ -16,8 +16,15 @@ require_relative "../lib/repository_report"
16
16
 
17
17
  ############################################################
18
18
 
19
+ # Exceptions are repos which are allowed to break the rules.
20
+ # e.g. a repo to which compiled html files for a github pages
21
+ # site can't implement branch protection, but we don't want it
22
+ # to show up as an error
23
+ exceptions = ENV["REPO_EXCEPTIONS"].to_s.split(" ")
24
+
19
25
  params = {
20
26
  organization: ENV.fetch("ORGANIZATION"),
27
+ exceptions: exceptions,
21
28
  regexp: Regexp.new(ENV.fetch("REGEXP")),
22
29
  team: ENV.fetch("TEAM"),
23
30
  github_token: ENV.fetch("GITHUB_TOKEN")
data/bin/list-master-repos.rb ADDED
@@ -0,0 +1,31 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # Script to list repositories in the ministryofjustice organisation whose names
4
+ # match a regular expression, and whose default branch is "master"
5
+
6
+ require "json"
7
+ require "net/http"
8
+ require "uri"
9
+ require "octokit"
10
+
11
+ require_relative "../lib/github_graph_ql_client"
12
+ require_relative "../lib/repository_lister"
13
+ require_relative "../lib/repository_report"
14
+
15
+ ############################################################
16
+
17
+ params = {
18
+ organization: ENV.fetch("ORGANIZATION"),
19
+ regexp: Regexp.new(ENV.fetch("REGEXP")),
20
+ team: ENV.fetch("TEAM"),
21
+ github_token: ENV.fetch("GITHUB_TOKEN")
22
+ }
23
+
24
+ repositories = RepositoryLister.new(params)
25
+ .repository_names
26
+ .inject([]) do |arr, repo_name|
27
+ report = RepositoryReport.new(params.merge(repo_name: repo_name)).report
28
+ arr << report
29
+ end
30
+
31
+ repositories.filter { |report| report.fetch(:default_branch) == "master" }.each { |report| puts report.fetch(:name) }
data/lib/repository_lister.rb CHANGED
@@ -12,7 +12,7 @@ class RepositoryLister < GithubGraphQlClient
12
12
  # Returns a list of repository names which match `regexp`
13
13
  def repository_names
14
14
  list_repos
15
- .filter { |repo| repo["name"] =~ regexp }
15
+ .select { |repo| repo["name"] =~ regexp }
16
16
  .map { |repo| repo["name"] }
17
17
  end
18
18
 
data/lib/repository_report.rb CHANGED
@@ -1,13 +1,14 @@
1
1
  class RepositoryReport < GithubGraphQlClient
2
- attr_reader :organization, :repo_name, :team
2
+ attr_reader :organization, :exceptions, :repo_name, :team
3
3
 
4
- MASTER = "master"
4
+ MAIN_BRANCH = "main"
5
5
  ADMIN = "admin"
6
6
  PASS = "PASS"
7
7
  FAIL = "FAIL"
8
8
 
9
9
  def initialize(params)
10
10
  @organization = params.fetch(:organization)
11
+ @exceptions = params.fetch(:exceptions) # repos which are allowed to break the rules
11
12
  @repo_name = params.fetch(:repo_name)
12
13
  @team = params.fetch(:team)
13
14
  super(params)
@@ -23,6 +24,7 @@ class RepositoryReport < GithubGraphQlClient
23
24
  {
24
25
  organization: organization,
25
26
  name: repo_name,
27
+ default_branch: default_branch,
26
28
  url: repo_url,
27
29
  status: status,
28
30
  report: all_checks_result
@@ -40,12 +42,17 @@ class RepositoryReport < GithubGraphQlClient
40
42
  end
41
43
 
42
44
  def status
43
- all_checks_result.values.all? ? PASS : FAIL
45
+ if exceptions.include?(repo_name)
46
+ PASS
47
+ else
48
+ all_checks_result.values.all? ? PASS : FAIL
49
+ end
44
50
  end
45
51
 
46
52
  def all_checks_result
47
53
  @all_checks_result ||= {
48
- has_master_branch_protection: has_master_branch_protection?,
54
+ default_branch_main: default_branch_main?,
55
+ has_main_branch_protection: has_main_branch_protection?,
49
56
  requires_approving_reviews: has_branch_protection_property?("requiresApprovingReviews"),
50
57
  requires_code_owner_reviews: has_branch_protection_property?("requiresCodeOwnerReviews"),
51
58
  administrators_require_review: has_branch_protection_property?("isAdminEnforced"),
@@ -81,6 +88,9 @@ class RepositoryReport < GithubGraphQlClient
81
88
  owner {
82
89
  login
83
90
  }
91
+ defaultBranchRef {
92
+ name
93
+ }
84
94
  branchProtectionRules(first: 50) {
85
95
  edges {
86
96
  node {
@@ -98,11 +108,15 @@ class RepositoryReport < GithubGraphQlClient
98
108
  ]
99
109
  end
100
110
 
111
+ def default_branch
112
+ repo_data.dig("data", "repository", "defaultBranchRef", "name")
113
+ end
114
+
101
115
  def is_team_admin?
102
116
  client = Octokit::Client.new(access_token: github_token)
103
117
 
104
- client.repo_teams([organization, repo_name].join("/")).filter do |team|
105
- team[:name] == team && team[:permission] == ADMIN
118
+ client.repo_teams([organization, repo_name].join("/")).select do |t|
119
+ t[:name] == team && t[:permission] == ADMIN
106
120
  end.any?
107
121
  rescue Octokit::NotFound
108
122
  # This happens if our token does not have permission to view repo settings
@@ -113,11 +127,15 @@ class RepositoryReport < GithubGraphQlClient
113
127
  @rules ||= repo_data.dig("data", "repository", "branchProtectionRules", "edges")
114
128
  end
115
129
 
116
- def has_master_branch_protection?
130
+ def default_branch_main?
131
+ default_branch == MAIN_BRANCH
132
+ end
133
+
134
+ def has_main_branch_protection?
117
135
  requiring_branch_protection_rules do |rules|
118
136
 
119
137
  rules
120
- .filter { |edge| edge.dig("node", "pattern") == MASTER }
138
+ .select { |edge| edge.dig("node", "pattern") == MAIN_BRANCH }
121
139
  .any?
122
140
  end
123
141
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cloud-platform-repository-checker
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Salgado
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-14 00:00:00.000000000 Z
11
+ date: 2020-06-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: octokit
@@ -27,7 +27,9 @@ dependencies:
27
27
  description:
28
28
  email: platforms@digital.justice.gov.uk
29
29
  executables:
30
+ - check.rb
30
31
  - cloud-platform-repository-checker
32
+ - list-master-repos.rb
31
33
  extensions: []
32
34
  extra_rdoc_files:
33
35
  - README.md
@@ -36,7 +38,9 @@ files:
36
38
  - Gemfile.lock
37
39
  - LICENSE
38
40
  - README.md
41
+ - bin/check.rb
39
42
  - bin/cloud-platform-repository-checker
43
+ - bin/list-master-repos.rb
40
44
  - env.example
41
45
  - lib/github_graph_ql_client.rb
42
46
  - lib/repository_lister.rb