cloud-platform-repository-checker 1.0.3 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -0
  3. data/Gemfile.lock +15 -0
  4. data/bin/check.rb +27 -0
  5. data/bin/cloud-platform-repository-checker +7 -0
  6. data/bin/list-master-repos.rb +31 -0
  7. data/lib/repository_lister.rb +1 -1
  8. data/lib/repository_report.rb +26 -8
  9. metadata +6 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a2b4aca4d981216824e51df4da42c15698739e92113d4d20c942a8e1c6ee2351
4
- data.tar.gz: 222a26a71b7f78e4ae6b14b725b50310513f0bab1511a93ffb93fdf56b0431fb
3
+ metadata.gz: 349475811494cf5ed087f35cdc0a24f1ef623aed8c35460755795d4dc2d4b3ce
4
+ data.tar.gz: 6ccc18f29bdc90fcf4f5e3f3bdbbf8f2a4a12e6d4b0591de47ceeeeae86179d1
5
5
  SHA512:
6
- metadata.gz: b2ab3ded011bed4820ac322e71264699c82e147bf73e0f4a5c0b19c1fb6328c69d719f5bbda0b80c8f4db7db5a4a434cd8cb3913d5c388c8988eeac5708c35c7
7
- data.tar.gz: c40911cafba83133022983f040cd3e2f8ba20e4d604a90220652853faa0295dce1928196f1bcf61908da1171db2fe4cfa83705f8233b39e78ca49b09f7babb5f
6
+ metadata.gz: 816eb3fa94959c00289745126c149fde28b7b857cc8c106636a0c61b18f91b1cd4291ec8b9c9aed72ad5d91b797b08879dd6e4d0a92bb257b093fc2105d013f1
7
+ data.tar.gz: fe518adc7d36d267ae86a48e1183e9b6194a325d98e21e839f87bd516cbb7b85ece38fb8c05cbd2899055ff445d3d7fbc5f58b74e6b8cfbad3ba592534a64283
data/Gemfile CHANGED
@@ -8,4 +8,5 @@ gem "octokit"
8
8
 
9
9
  group :development do
10
10
  gem "pry-byebug"
11
+ gem "rspec"
11
12
  end
data/Gemfile.lock CHANGED
@@ -5,6 +5,7 @@ GEM
5
5
  public_suffix (>= 2.0.2, < 5.0)
6
6
  byebug (11.1.3)
7
7
  coderay (1.1.2)
8
+ diff-lcs (1.3)
8
9
  faraday (1.0.1)
9
10
  multipart-post (>= 1.2, < 3)
10
11
  method_source (1.0.0)
@@ -19,6 +20,19 @@ GEM
19
20
  byebug (~> 11.0)
20
21
  pry (~> 0.13.0)
21
22
  public_suffix (4.0.5)
23
+ rspec (3.9.0)
24
+ rspec-core (~> 3.9.0)
25
+ rspec-expectations (~> 3.9.0)
26
+ rspec-mocks (~> 3.9.0)
27
+ rspec-core (3.9.2)
28
+ rspec-support (~> 3.9.3)
29
+ rspec-expectations (3.9.2)
30
+ diff-lcs (>= 1.2.0, < 2.0)
31
+ rspec-support (~> 3.9.0)
32
+ rspec-mocks (3.9.1)
33
+ diff-lcs (>= 1.2.0, < 2.0)
34
+ rspec-support (~> 3.9.0)
35
+ rspec-support (3.9.3)
22
36
  sawyer (0.8.2)
23
37
  addressable (>= 2.3.5)
24
38
  faraday (> 0.8, < 2.0)
@@ -29,6 +43,7 @@ PLATFORMS
29
43
  DEPENDENCIES
30
44
  octokit
31
45
  pry-byebug
46
+ rspec
32
47
 
33
48
  BUNDLED WITH
34
49
  2.1.2
data/bin/check.rb ADDED
@@ -0,0 +1,27 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # Script to list repositories in the ministryofjustice organisation whose names
4
+ # match a regular expression, and output a JSON report of how well they
5
+ # do/don't comply with our team-wide standards for how github repositories
6
+ # should be configured.
7
+
8
+ require "json"
9
+ require "net/http"
10
+ require "uri"
11
+ require "octokit"
12
+
13
+ require_relative "../lib/github_graph_ql_client"
14
+ require_relative "../lib/repository_lister"
15
+ require_relative "../lib/repository_report"
16
+
17
+ ############################################################
18
+
19
+ params = {
20
+ organization: ENV.fetch("ORGANIZATION"),
21
+ regexp: Regexp.new(ENV.fetch("REGEXP")),
22
+ team: ENV.fetch("TEAM"),
23
+ github_token: ENV.fetch("GITHUB_TOKEN")
24
+ }
25
+
26
+ repo_name = ARGV.shift
27
+ pp RepositoryReport.new(params.merge(repo_name: repo_name)).fetch_repo_data
data/bin/cloud-platform-repository-checker CHANGED
@@ -16,8 +16,15 @@ require_relative "../lib/repository_report"
16
16
 
17
17
  ############################################################
18
18
 
19
+ # Exceptions are repos which are allowed to break the rules.
20
+ # e.g. a repo to which compiled html files for a github pages
21
+ # site can't implement branch protection, but we don't want it
22
+ # to show up as an error
23
+ exceptions = ENV["REPO_EXCEPTIONS"].to_s.split(" ")
24
+
19
25
  params = {
20
26
  organization: ENV.fetch("ORGANIZATION"),
27
+ exceptions: exceptions,
21
28
  regexp: Regexp.new(ENV.fetch("REGEXP")),
22
29
  team: ENV.fetch("TEAM"),
23
30
  github_token: ENV.fetch("GITHUB_TOKEN")
data/bin/list-master-repos.rb ADDED
@@ -0,0 +1,31 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # Script to list repositories in the ministryofjustice organisation whose names
4
+ # match a regular expression, and whose default branch is "master"
5
+
6
+ require "json"
7
+ require "net/http"
8
+ require "uri"
9
+ require "octokit"
10
+
11
+ require_relative "../lib/github_graph_ql_client"
12
+ require_relative "../lib/repository_lister"
13
+ require_relative "../lib/repository_report"
14
+
15
+ ############################################################
16
+
17
+ params = {
18
+ organization: ENV.fetch("ORGANIZATION"),
19
+ regexp: Regexp.new(ENV.fetch("REGEXP")),
20
+ team: ENV.fetch("TEAM"),
21
+ github_token: ENV.fetch("GITHUB_TOKEN")
22
+ }
23
+
24
+ repositories = RepositoryLister.new(params)
25
+ .repository_names
26
+ .inject([]) do |arr, repo_name|
27
+ report = RepositoryReport.new(params.merge(repo_name: repo_name)).report
28
+ arr << report
29
+ end
30
+
31
+ repositories.filter { |report| report.fetch(:default_branch) == "master" }.each { |report| puts report.fetch(:name) }
data/lib/repository_lister.rb CHANGED
@@ -12,7 +12,7 @@ class RepositoryLister < GithubGraphQlClient
12
12
  # Returns a list of repository names which match `regexp`
13
13
  def repository_names
14
14
  list_repos
15
- .filter { |repo| repo["name"] =~ regexp }
15
+ .select { |repo| repo["name"] =~ regexp }
16
16
  .map { |repo| repo["name"] }
17
17
  end
18
18
 
data/lib/repository_report.rb CHANGED
@@ -1,13 +1,14 @@
1
1
  class RepositoryReport < GithubGraphQlClient
2
- attr_reader :organization, :repo_name, :team
2
+ attr_reader :organization, :exceptions, :repo_name, :team
3
3
 
4
- MASTER = "master"
4
+ MAIN_BRANCH = "main"
5
5
  ADMIN = "admin"
6
6
  PASS = "PASS"
7
7
  FAIL = "FAIL"
8
8
 
9
9
  def initialize(params)
10
10
  @organization = params.fetch(:organization)
11
+ @exceptions = params.fetch(:exceptions) # repos which are allowed to break the rules
11
12
  @repo_name = params.fetch(:repo_name)
12
13
  @team = params.fetch(:team)
13
14
  super(params)
@@ -23,6 +24,7 @@ class RepositoryReport < GithubGraphQlClient
23
24
  {
24
25
  organization: organization,
25
26
  name: repo_name,
27
+ default_branch: default_branch,
26
28
  url: repo_url,
27
29
  status: status,
28
30
  report: all_checks_result
@@ -40,12 +42,17 @@ class RepositoryReport < GithubGraphQlClient
40
42
  end
41
43
 
42
44
  def status
43
- all_checks_result.values.all? ? PASS : FAIL
45
+ if exceptions.include?(repo_name)
46
+ PASS
47
+ else
48
+ all_checks_result.values.all? ? PASS : FAIL
49
+ end
44
50
  end
45
51
 
46
52
  def all_checks_result
47
53
  @all_checks_result ||= {
48
- has_master_branch_protection: has_master_branch_protection?,
54
+ default_branch_main: default_branch_main?,
55
+ has_main_branch_protection: has_main_branch_protection?,
49
56
  requires_approving_reviews: has_branch_protection_property?("requiresApprovingReviews"),
50
57
  requires_code_owner_reviews: has_branch_protection_property?("requiresCodeOwnerReviews"),
51
58
  administrators_require_review: has_branch_protection_property?("isAdminEnforced"),
@@ -81,6 +88,9 @@ class RepositoryReport < GithubGraphQlClient
81
88
  owner {
82
89
  login
83
90
  }
91
+ defaultBranchRef {
92
+ name
93
+ }
84
94
  branchProtectionRules(first: 50) {
85
95
  edges {
86
96
  node {
@@ -98,11 +108,15 @@ class RepositoryReport < GithubGraphQlClient
98
108
  ]
99
109
  end
100
110
 
111
+ def default_branch
112
+ repo_data.dig("data", "repository", "defaultBranchRef", "name")
113
+ end
114
+
101
115
  def is_team_admin?
102
116
  client = Octokit::Client.new(access_token: github_token)
103
117
 
104
- client.repo_teams([organization, repo_name].join("/")).filter do |team|
105
- team[:name] == team && team[:permission] == ADMIN
118
+ client.repo_teams([organization, repo_name].join("/")).select do |t|
119
+ t[:name] == team && t[:permission] == ADMIN
106
120
  end.any?
107
121
  rescue Octokit::NotFound
108
122
  # This happens if our token does not have permission to view repo settings
@@ -113,11 +127,15 @@ class RepositoryReport < GithubGraphQlClient
113
127
  @rules ||= repo_data.dig("data", "repository", "branchProtectionRules", "edges")
114
128
  end
115
129
 
116
- def has_master_branch_protection?
130
+ def default_branch_main?
131
+ default_branch == MAIN_BRANCH
132
+ end
133
+
134
+ def has_main_branch_protection?
117
135
  requiring_branch_protection_rules do |rules|
118
136
 
119
137
  rules
120
- .filter { |edge| edge.dig("node", "pattern") == MASTER }
138
+ .select { |edge| edge.dig("node", "pattern") == MAIN_BRANCH }
121
139
  .any?
122
140
  end
123
141
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cloud-platform-repository-checker
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Salgado
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-14 00:00:00.000000000 Z
11
+ date: 2020-06-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: octokit
@@ -27,7 +27,9 @@ dependencies:
27
27
  description:
28
28
  email: platforms@digital.justice.gov.uk
29
29
  executables:
30
+ - check.rb
30
31
  - cloud-platform-repository-checker
32
+ - list-master-repos.rb
31
33
  extensions: []
32
34
  extra_rdoc_files:
33
35
  - README.md
@@ -36,7 +38,9 @@ files:
36
38
  - Gemfile.lock
37
39
  - LICENSE
38
40
  - README.md
41
+ - bin/check.rb
39
42
  - bin/cloud-platform-repository-checker
43
+ - bin/list-master-repos.rb
40
44
  - env.example
41
45
  - lib/github_graph_ql_client.rb
42
46
  - lib/repository_lister.rb