cloud-platform-repository-checker 1.0.4 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 60d229973369bc0c5340def8a8e75649c381264b514ed62621c1e035dbde224e
4
- data.tar.gz: d881956db6b61be7f794869f983cab1658a4c90437a6567467d251a86aa28961
3
+ metadata.gz: d306587c4bb81554d8dd4c6b37f9e8e74d2068274dab46250b6542fc37e4f168
4
+ data.tar.gz: 29eee854a7436f2ce24164dcf8216fe9011fa6ab5bc271b1b12b58743014a059
5
5
  SHA512:
6
- metadata.gz: a893a66211f292b3058e6715d6ecb0bd93b2c54217978a6a1eec6b25ff57913fe2c7747671c0a3f936b6af7cbebd2b41fb51f8ada5b7cc56f624c94f6b9181ea
7
- data.tar.gz: 8bb942f8268191031e92640492d0a9e4c5e99947bf73afacf1e86b5aa6a745a203b18035a4aec777dc657c7f3bd243f04b92b8944c4165347b756b0bad8c764b
6
+ metadata.gz: a39aa4323f868fc6115c0d6cc18dfa5d808bddf17beb163b52e20141fa4d3c19cca489c850b009bcb7ff211f64ab054155ba3630b155e85006818430f36d6b9a
7
+ data.tar.gz: df74b0297eab79237fbbb0c543802f5c251f262899fc48abda7deb7d497d479e553d54059202319342e382ff158908c557bffad9750ff45a76420d1fab5e753d
data/Gemfile CHANGED
@@ -8,4 +8,5 @@ gem "octokit"
8
8
 
9
9
  group :development do
10
10
  gem "pry-byebug"
11
+ gem "rspec"
11
12
  end
@@ -5,6 +5,7 @@ GEM
5
5
  public_suffix (>= 2.0.2, < 5.0)
6
6
  byebug (11.1.3)
7
7
  coderay (1.1.2)
8
+ diff-lcs (1.3)
8
9
  faraday (1.0.1)
9
10
  multipart-post (>= 1.2, < 3)
10
11
  method_source (1.0.0)
@@ -19,6 +20,19 @@ GEM
19
20
  byebug (~> 11.0)
20
21
  pry (~> 0.13.0)
21
22
  public_suffix (4.0.5)
23
+ rspec (3.9.0)
24
+ rspec-core (~> 3.9.0)
25
+ rspec-expectations (~> 3.9.0)
26
+ rspec-mocks (~> 3.9.0)
27
+ rspec-core (3.9.2)
28
+ rspec-support (~> 3.9.3)
29
+ rspec-expectations (3.9.2)
30
+ diff-lcs (>= 1.2.0, < 2.0)
31
+ rspec-support (~> 3.9.0)
32
+ rspec-mocks (3.9.1)
33
+ diff-lcs (>= 1.2.0, < 2.0)
34
+ rspec-support (~> 3.9.0)
35
+ rspec-support (3.9.3)
22
36
  sawyer (0.8.2)
23
37
  addressable (>= 2.3.5)
24
38
  faraday (> 0.8, < 2.0)
@@ -29,6 +43,7 @@ PLATFORMS
29
43
  DEPENDENCIES
30
44
  octokit
31
45
  pry-byebug
46
+ rspec
32
47
 
33
48
  BUNDLED WITH
34
49
  2.1.2
data/README.md CHANGED
@@ -1,2 +1,21 @@
1
1
  # cloud-platform-repository-checker
2
+
2
3
  Checks all Cloud Platform repositories for compliance
4
+
5
+ ## Updating
6
+
7
+ This code is published as a [ruby gem].
8
+
9
+ To publish a new version:
10
+
11
+ * Authenticate to `rubygems.org` as `ministryofjustice` (credentials are in LastPass)
12
+ * Update the `VERSION` value in the `makefile`
13
+ * Run `make publish`
14
+
15
+ This will repackage the gem using the latest code, and push a new release to
16
+ rubygems.org
17
+
18
+ > Please remember to keep the unit tests in `spec` up to date wrt. your code
19
+ > changes.
20
+
21
+ [ruby gem]: https://rubygems.org/gems/cloud-platform-repository-checker
@@ -16,8 +16,15 @@ require_relative "../lib/repository_report"
16
16
 
17
17
  ############################################################
18
18
 
19
+ # Exceptions are repos which are allowed to break the rules.
20
+ # e.g. a repo to which compiled html files for a github pages
21
+ # site can't implement branch protection, but we don't want it
22
+ # to show up as an error
23
+ exceptions = ENV["REPO_EXCEPTIONS"].to_s.split(" ")
24
+
19
25
  params = {
20
26
  organization: ENV.fetch("ORGANIZATION"),
27
+ exceptions: exceptions,
21
28
  regexp: Regexp.new(ENV.fetch("REGEXP")),
22
29
  team: ENV.fetch("TEAM"),
23
30
  github_token: ENV.fetch("GITHUB_TOKEN")
@@ -0,0 +1,31 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # Script to list repositories in the ministryofjustice organisation whose names
4
+ # match a regular expression, and whose default branch is "master"
5
+
6
+ require "json"
7
+ require "net/http"
8
+ require "uri"
9
+ require "octokit"
10
+
11
+ require_relative "../lib/github_graph_ql_client"
12
+ require_relative "../lib/repository_lister"
13
+ require_relative "../lib/repository_report"
14
+
15
+ ############################################################
16
+
17
+ params = {
18
+ organization: ENV.fetch("ORGANIZATION"),
19
+ regexp: Regexp.new(ENV.fetch("REGEXP")),
20
+ team: ENV.fetch("TEAM"),
21
+ github_token: ENV.fetch("GITHUB_TOKEN")
22
+ }
23
+
24
+ repositories = RepositoryLister.new(params)
25
+ .repository_names
26
+ .inject([]) do |arr, repo_name|
27
+ report = RepositoryReport.new(params.merge(repo_name: repo_name)).report
28
+ arr << report
29
+ end
30
+
31
+ repositories.filter { |report| report.fetch(:default_branch) == "master" }.each { |report| puts report.fetch(:name) }
@@ -1,13 +1,14 @@
1
1
  class RepositoryReport < GithubGraphQlClient
2
- attr_reader :organization, :repo_name, :team
2
+ attr_reader :organization, :exceptions, :repo_name, :team
3
3
 
4
- MASTER = "master"
4
+ MAIN_BRANCH = "main"
5
5
  ADMIN = "admin"
6
6
  PASS = "PASS"
7
7
  FAIL = "FAIL"
8
8
 
9
9
  def initialize(params)
10
10
  @organization = params.fetch(:organization)
11
+ @exceptions = params.fetch(:exceptions) # repos which are allowed to break the rules
11
12
  @repo_name = params.fetch(:repo_name)
12
13
  @team = params.fetch(:team)
13
14
  super(params)
@@ -23,6 +24,7 @@ class RepositoryReport < GithubGraphQlClient
23
24
  {
24
25
  organization: organization,
25
26
  name: repo_name,
27
+ default_branch: default_branch,
26
28
  url: repo_url,
27
29
  status: status,
28
30
  report: all_checks_result
@@ -40,17 +42,21 @@ class RepositoryReport < GithubGraphQlClient
40
42
  end
41
43
 
42
44
  def status
43
- all_checks_result.values.all? ? PASS : FAIL
45
+ if exceptions.include?(repo_name)
46
+ PASS
47
+ else
48
+ all_checks_result.values.all? ? PASS : FAIL
49
+ end
44
50
  end
45
51
 
46
52
  def all_checks_result
47
53
  @all_checks_result ||= {
48
- has_master_branch_protection: has_master_branch_protection?,
54
+ default_branch_main: default_branch_main?,
55
+ has_main_branch_protection: has_main_branch_protection?,
49
56
  requires_approving_reviews: has_branch_protection_property?("requiresApprovingReviews"),
50
57
  requires_code_owner_reviews: has_branch_protection_property?("requiresCodeOwnerReviews"),
51
58
  administrators_require_review: has_branch_protection_property?("isAdminEnforced"),
52
59
  dismisses_stale_reviews: has_branch_protection_property?("dismissesStaleReviews"),
53
- requires_strict_status_checks: has_branch_protection_property?("requiresStrictStatusChecks"),
54
60
  team_is_admin: is_team_admin?,
55
61
  }
56
62
  end
@@ -81,6 +87,9 @@ class RepositoryReport < GithubGraphQlClient
81
87
  owner {
82
88
  login
83
89
  }
90
+ defaultBranchRef {
91
+ name
92
+ }
84
93
  branchProtectionRules(first: 50) {
85
94
  edges {
86
95
  node {
@@ -98,11 +107,15 @@ class RepositoryReport < GithubGraphQlClient
98
107
  ]
99
108
  end
100
109
 
110
+ def default_branch
111
+ repo_data.dig("data", "repository", "defaultBranchRef", "name")
112
+ end
113
+
101
114
  def is_team_admin?
102
115
  client = Octokit::Client.new(access_token: github_token)
103
116
 
104
- client.repo_teams([organization, repo_name].join("/")).select do |team|
105
- team[:name] == team && team[:permission] == ADMIN
117
+ client.repo_teams([organization, repo_name].join("/")).select do |t|
118
+ t[:name] == team && t[:permission] == ADMIN
106
119
  end.any?
107
120
  rescue Octokit::NotFound
108
121
  # This happens if our token does not have permission to view repo settings
@@ -113,11 +126,15 @@ class RepositoryReport < GithubGraphQlClient
113
126
  @rules ||= repo_data.dig("data", "repository", "branchProtectionRules", "edges")
114
127
  end
115
128
 
116
- def has_master_branch_protection?
129
+ def default_branch_main?
130
+ default_branch == MAIN_BRANCH
131
+ end
132
+
133
+ def has_main_branch_protection?
117
134
  requiring_branch_protection_rules do |rules|
118
135
 
119
136
  rules
120
- .select { |edge| edge.dig("node", "pattern") == MASTER }
137
+ .select { |edge| edge.dig("node", "pattern") == MAIN_BRANCH }
121
138
  .any?
122
139
  end
123
140
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cloud-platform-repository-checker
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Salgado
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-14 00:00:00.000000000 Z
11
+ date: 2020-08-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: octokit
@@ -24,10 +24,11 @@ dependencies:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '4'
27
- description:
27
+ description:
28
28
  email: platforms@digital.justice.gov.uk
29
29
  executables:
30
30
  - cloud-platform-repository-checker
31
+ - list-master-repos.rb
31
32
  extensions: []
32
33
  extra_rdoc_files:
33
34
  - README.md
@@ -37,6 +38,7 @@ files:
37
38
  - LICENSE
38
39
  - README.md
39
40
  - bin/cloud-platform-repository-checker
41
+ - bin/list-master-repos.rb
40
42
  - env.example
41
43
  - lib/github_graph_ql_client.rb
42
44
  - lib/repository_lister.rb
@@ -45,7 +47,7 @@ homepage: https://github.com/ministryofjustice/cloud-platform
45
47
  licenses:
46
48
  - MIT
47
49
  metadata: {}
48
- post_install_message:
50
+ post_install_message:
49
51
  rdoc_options:
50
52
  - "--main"
51
53
  - README.md
@@ -63,7 +65,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
63
65
  version: '0'
64
66
  requirements: []
65
67
  rubygems_version: 3.0.3
66
- signing_key:
68
+ signing_key:
67
69
  specification_version: 4
68
- summary: What this thing does
70
+ summary: Check that ministryofjustice/cloud-platform-* github repositories comply
71
+ with our standards
69
72
  test_files: []