cloud-platform-repository-checker 1.0.4 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/Gemfile.lock +15 -0
- data/README.md +19 -0
- data/bin/cloud-platform-repository-checker +7 -0
- data/bin/list-master-repos.rb +31 -0
- data/lib/repository_report.rb +26 -9
- metadata +10 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d306587c4bb81554d8dd4c6b37f9e8e74d2068274dab46250b6542fc37e4f168
|
4
|
+
data.tar.gz: 29eee854a7436f2ce24164dcf8216fe9011fa6ab5bc271b1b12b58743014a059
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a39aa4323f868fc6115c0d6cc18dfa5d808bddf17beb163b52e20141fa4d3c19cca489c850b009bcb7ff211f64ab054155ba3630b155e85006818430f36d6b9a
|
7
|
+
data.tar.gz: df74b0297eab79237fbbb0c543802f5c251f262899fc48abda7deb7d497d479e553d54059202319342e382ff158908c557bffad9750ff45a76420d1fab5e753d
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -5,6 +5,7 @@ GEM
|
|
5
5
|
public_suffix (>= 2.0.2, < 5.0)
|
6
6
|
byebug (11.1.3)
|
7
7
|
coderay (1.1.2)
|
8
|
+
diff-lcs (1.3)
|
8
9
|
faraday (1.0.1)
|
9
10
|
multipart-post (>= 1.2, < 3)
|
10
11
|
method_source (1.0.0)
|
@@ -19,6 +20,19 @@ GEM
|
|
19
20
|
byebug (~> 11.0)
|
20
21
|
pry (~> 0.13.0)
|
21
22
|
public_suffix (4.0.5)
|
23
|
+
rspec (3.9.0)
|
24
|
+
rspec-core (~> 3.9.0)
|
25
|
+
rspec-expectations (~> 3.9.0)
|
26
|
+
rspec-mocks (~> 3.9.0)
|
27
|
+
rspec-core (3.9.2)
|
28
|
+
rspec-support (~> 3.9.3)
|
29
|
+
rspec-expectations (3.9.2)
|
30
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
31
|
+
rspec-support (~> 3.9.0)
|
32
|
+
rspec-mocks (3.9.1)
|
33
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
34
|
+
rspec-support (~> 3.9.0)
|
35
|
+
rspec-support (3.9.3)
|
22
36
|
sawyer (0.8.2)
|
23
37
|
addressable (>= 2.3.5)
|
24
38
|
faraday (> 0.8, < 2.0)
|
@@ -29,6 +43,7 @@ PLATFORMS
|
|
29
43
|
DEPENDENCIES
|
30
44
|
octokit
|
31
45
|
pry-byebug
|
46
|
+
rspec
|
32
47
|
|
33
48
|
BUNDLED WITH
|
34
49
|
2.1.2
|
data/README.md
CHANGED
@@ -1,2 +1,21 @@
|
|
1
1
|
# cloud-platform-repository-checker
|
2
|
+
|
2
3
|
Checks all Cloud Platform repositories for compliance
|
4
|
+
|
5
|
+
## Updating
|
6
|
+
|
7
|
+
This code is published as a [ruby gem].
|
8
|
+
|
9
|
+
To publish a new version:
|
10
|
+
|
11
|
+
* Authenticate to `rubygems.org` as `ministryofjustice` (credentials are in LastPass)
|
12
|
+
* Update the `VERSION` value in the `makefile`
|
13
|
+
* Run `make publish`
|
14
|
+
|
15
|
+
This will repackage the gem using the latest code, and push a new release to
|
16
|
+
rubygems.org
|
17
|
+
|
18
|
+
> Please remember to keep the unit tests in `spec` up to date wrt. your code
|
19
|
+
> changes.
|
20
|
+
|
21
|
+
[ruby gem]: https://rubygems.org/gems/cloud-platform-repository-checker
|
@@ -16,8 +16,15 @@ require_relative "../lib/repository_report"
|
|
16
16
|
|
17
17
|
############################################################
|
18
18
|
|
19
|
+
# Exceptions are repos which are allowed to break the rules.
|
20
|
+
# e.g. a repo to which compiled html files for a github pages
|
21
|
+
# site can't implement branch protection, but we don't want it
|
22
|
+
# to show up as an error
|
23
|
+
exceptions = ENV["REPO_EXCEPTIONS"].to_s.split(" ")
|
24
|
+
|
19
25
|
params = {
|
20
26
|
organization: ENV.fetch("ORGANIZATION"),
|
27
|
+
exceptions: exceptions,
|
21
28
|
regexp: Regexp.new(ENV.fetch("REGEXP")),
|
22
29
|
team: ENV.fetch("TEAM"),
|
23
30
|
github_token: ENV.fetch("GITHUB_TOKEN")
|
@@ -0,0 +1,31 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
# Script to list repositories in the ministryofjustice organisation whose names
|
4
|
+
# match a regular expression, and whose default branch is "master"
|
5
|
+
|
6
|
+
require "json"
|
7
|
+
require "net/http"
|
8
|
+
require "uri"
|
9
|
+
require "octokit"
|
10
|
+
|
11
|
+
require_relative "../lib/github_graph_ql_client"
|
12
|
+
require_relative "../lib/repository_lister"
|
13
|
+
require_relative "../lib/repository_report"
|
14
|
+
|
15
|
+
############################################################
|
16
|
+
|
17
|
+
params = {
|
18
|
+
organization: ENV.fetch("ORGANIZATION"),
|
19
|
+
regexp: Regexp.new(ENV.fetch("REGEXP")),
|
20
|
+
team: ENV.fetch("TEAM"),
|
21
|
+
github_token: ENV.fetch("GITHUB_TOKEN")
|
22
|
+
}
|
23
|
+
|
24
|
+
repositories = RepositoryLister.new(params)
|
25
|
+
.repository_names
|
26
|
+
.inject([]) do |arr, repo_name|
|
27
|
+
report = RepositoryReport.new(params.merge(repo_name: repo_name)).report
|
28
|
+
arr << report
|
29
|
+
end
|
30
|
+
|
31
|
+
repositories.filter { |report| report.fetch(:default_branch) == "master" }.each { |report| puts report.fetch(:name) }
|
data/lib/repository_report.rb
CHANGED
@@ -1,13 +1,14 @@
|
|
1
1
|
class RepositoryReport < GithubGraphQlClient
|
2
|
-
attr_reader :organization, :repo_name, :team
|
2
|
+
attr_reader :organization, :exceptions, :repo_name, :team
|
3
3
|
|
4
|
-
|
4
|
+
MAIN_BRANCH = "main"
|
5
5
|
ADMIN = "admin"
|
6
6
|
PASS = "PASS"
|
7
7
|
FAIL = "FAIL"
|
8
8
|
|
9
9
|
def initialize(params)
|
10
10
|
@organization = params.fetch(:organization)
|
11
|
+
@exceptions = params.fetch(:exceptions) # repos which are allowed to break the rules
|
11
12
|
@repo_name = params.fetch(:repo_name)
|
12
13
|
@team = params.fetch(:team)
|
13
14
|
super(params)
|
@@ -23,6 +24,7 @@ class RepositoryReport < GithubGraphQlClient
|
|
23
24
|
{
|
24
25
|
organization: organization,
|
25
26
|
name: repo_name,
|
27
|
+
default_branch: default_branch,
|
26
28
|
url: repo_url,
|
27
29
|
status: status,
|
28
30
|
report: all_checks_result
|
@@ -40,17 +42,21 @@ class RepositoryReport < GithubGraphQlClient
|
|
40
42
|
end
|
41
43
|
|
42
44
|
def status
|
43
|
-
|
45
|
+
if exceptions.include?(repo_name)
|
46
|
+
PASS
|
47
|
+
else
|
48
|
+
all_checks_result.values.all? ? PASS : FAIL
|
49
|
+
end
|
44
50
|
end
|
45
51
|
|
46
52
|
def all_checks_result
|
47
53
|
@all_checks_result ||= {
|
48
|
-
|
54
|
+
default_branch_main: default_branch_main?,
|
55
|
+
has_main_branch_protection: has_main_branch_protection?,
|
49
56
|
requires_approving_reviews: has_branch_protection_property?("requiresApprovingReviews"),
|
50
57
|
requires_code_owner_reviews: has_branch_protection_property?("requiresCodeOwnerReviews"),
|
51
58
|
administrators_require_review: has_branch_protection_property?("isAdminEnforced"),
|
52
59
|
dismisses_stale_reviews: has_branch_protection_property?("dismissesStaleReviews"),
|
53
|
-
requires_strict_status_checks: has_branch_protection_property?("requiresStrictStatusChecks"),
|
54
60
|
team_is_admin: is_team_admin?,
|
55
61
|
}
|
56
62
|
end
|
@@ -81,6 +87,9 @@ class RepositoryReport < GithubGraphQlClient
|
|
81
87
|
owner {
|
82
88
|
login
|
83
89
|
}
|
90
|
+
defaultBranchRef {
|
91
|
+
name
|
92
|
+
}
|
84
93
|
branchProtectionRules(first: 50) {
|
85
94
|
edges {
|
86
95
|
node {
|
@@ -98,11 +107,15 @@ class RepositoryReport < GithubGraphQlClient
|
|
98
107
|
]
|
99
108
|
end
|
100
109
|
|
110
|
+
def default_branch
|
111
|
+
repo_data.dig("data", "repository", "defaultBranchRef", "name")
|
112
|
+
end
|
113
|
+
|
101
114
|
def is_team_admin?
|
102
115
|
client = Octokit::Client.new(access_token: github_token)
|
103
116
|
|
104
|
-
client.repo_teams([organization, repo_name].join("/")).select do |
|
105
|
-
|
117
|
+
client.repo_teams([organization, repo_name].join("/")).select do |t|
|
118
|
+
t[:name] == team && t[:permission] == ADMIN
|
106
119
|
end.any?
|
107
120
|
rescue Octokit::NotFound
|
108
121
|
# This happens if our token does not have permission to view repo settings
|
@@ -113,11 +126,15 @@ class RepositoryReport < GithubGraphQlClient
|
|
113
126
|
@rules ||= repo_data.dig("data", "repository", "branchProtectionRules", "edges")
|
114
127
|
end
|
115
128
|
|
116
|
-
def
|
129
|
+
def default_branch_main?
|
130
|
+
default_branch == MAIN_BRANCH
|
131
|
+
end
|
132
|
+
|
133
|
+
def has_main_branch_protection?
|
117
134
|
requiring_branch_protection_rules do |rules|
|
118
135
|
|
119
136
|
rules
|
120
|
-
.select { |edge| edge.dig("node", "pattern") ==
|
137
|
+
.select { |edge| edge.dig("node", "pattern") == MAIN_BRANCH }
|
121
138
|
.any?
|
122
139
|
end
|
123
140
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cloud-platform-repository-checker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Salgado
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: octokit
|
@@ -24,10 +24,11 @@ dependencies:
|
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '4'
|
27
|
-
description:
|
27
|
+
description:
|
28
28
|
email: platforms@digital.justice.gov.uk
|
29
29
|
executables:
|
30
30
|
- cloud-platform-repository-checker
|
31
|
+
- list-master-repos.rb
|
31
32
|
extensions: []
|
32
33
|
extra_rdoc_files:
|
33
34
|
- README.md
|
@@ -37,6 +38,7 @@ files:
|
|
37
38
|
- LICENSE
|
38
39
|
- README.md
|
39
40
|
- bin/cloud-platform-repository-checker
|
41
|
+
- bin/list-master-repos.rb
|
40
42
|
- env.example
|
41
43
|
- lib/github_graph_ql_client.rb
|
42
44
|
- lib/repository_lister.rb
|
@@ -45,7 +47,7 @@ homepage: https://github.com/ministryofjustice/cloud-platform
|
|
45
47
|
licenses:
|
46
48
|
- MIT
|
47
49
|
metadata: {}
|
48
|
-
post_install_message:
|
50
|
+
post_install_message:
|
49
51
|
rdoc_options:
|
50
52
|
- "--main"
|
51
53
|
- README.md
|
@@ -63,7 +65,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
63
65
|
version: '0'
|
64
66
|
requirements: []
|
65
67
|
rubygems_version: 3.0.3
|
66
|
-
signing_key:
|
68
|
+
signing_key:
|
67
69
|
specification_version: 4
|
68
|
-
summary:
|
70
|
+
summary: Check that ministryofjustice/cloud-platform-* github repositories comply
|
71
|
+
with our standards
|
69
72
|
test_files: []
|