cloud-platform-repository-checker 1.0.4 → 1.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -0
  3. data/Gemfile.lock +15 -0
  4. data/README.md +19 -0
  5. data/bin/cloud-platform-repository-checker +7 -0
  6. data/bin/list-master-repos.rb +31 -0
  7. data/lib/repository_report.rb +26 -9
  8. metadata +10 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 60d229973369bc0c5340def8a8e75649c381264b514ed62621c1e035dbde224e
4
- data.tar.gz: d881956db6b61be7f794869f983cab1658a4c90437a6567467d251a86aa28961
3
+ metadata.gz: d306587c4bb81554d8dd4c6b37f9e8e74d2068274dab46250b6542fc37e4f168
4
+ data.tar.gz: 29eee854a7436f2ce24164dcf8216fe9011fa6ab5bc271b1b12b58743014a059
5
5
  SHA512:
6
- metadata.gz: a893a66211f292b3058e6715d6ecb0bd93b2c54217978a6a1eec6b25ff57913fe2c7747671c0a3f936b6af7cbebd2b41fb51f8ada5b7cc56f624c94f6b9181ea
7
- data.tar.gz: 8bb942f8268191031e92640492d0a9e4c5e99947bf73afacf1e86b5aa6a745a203b18035a4aec777dc657c7f3bd243f04b92b8944c4165347b756b0bad8c764b
6
+ metadata.gz: a39aa4323f868fc6115c0d6cc18dfa5d808bddf17beb163b52e20141fa4d3c19cca489c850b009bcb7ff211f64ab054155ba3630b155e85006818430f36d6b9a
7
+ data.tar.gz: df74b0297eab79237fbbb0c543802f5c251f262899fc48abda7deb7d497d479e553d54059202319342e382ff158908c557bffad9750ff45a76420d1fab5e753d
data/Gemfile CHANGED
@@ -8,4 +8,5 @@ gem "octokit"
8
8
 
9
9
  group :development do
10
10
  gem "pry-byebug"
11
+ gem "rspec"
11
12
  end
data/Gemfile.lock CHANGED
@@ -5,6 +5,7 @@ GEM
5
5
  public_suffix (>= 2.0.2, < 5.0)
6
6
  byebug (11.1.3)
7
7
  coderay (1.1.2)
8
+ diff-lcs (1.3)
8
9
  faraday (1.0.1)
9
10
  multipart-post (>= 1.2, < 3)
10
11
  method_source (1.0.0)
@@ -19,6 +20,19 @@ GEM
19
20
  byebug (~> 11.0)
20
21
  pry (~> 0.13.0)
21
22
  public_suffix (4.0.5)
23
+ rspec (3.9.0)
24
+ rspec-core (~> 3.9.0)
25
+ rspec-expectations (~> 3.9.0)
26
+ rspec-mocks (~> 3.9.0)
27
+ rspec-core (3.9.2)
28
+ rspec-support (~> 3.9.3)
29
+ rspec-expectations (3.9.2)
30
+ diff-lcs (>= 1.2.0, < 2.0)
31
+ rspec-support (~> 3.9.0)
32
+ rspec-mocks (3.9.1)
33
+ diff-lcs (>= 1.2.0, < 2.0)
34
+ rspec-support (~> 3.9.0)
35
+ rspec-support (3.9.3)
22
36
  sawyer (0.8.2)
23
37
  addressable (>= 2.3.5)
24
38
  faraday (> 0.8, < 2.0)
@@ -29,6 +43,7 @@ PLATFORMS
29
43
  DEPENDENCIES
30
44
  octokit
31
45
  pry-byebug
46
+ rspec
32
47
 
33
48
  BUNDLED WITH
34
49
  2.1.2
data/README.md CHANGED
@@ -1,2 +1,21 @@
1
1
  # cloud-platform-repository-checker
2
+
2
3
  Checks all Cloud Platform repositories for compliance
4
+
5
+ ## Updating
6
+
7
+ This code is published as a [ruby gem].
8
+
9
+ To publish a new version:
10
+
11
+ * Authenticate to `rubygems.org` as `ministryofjustice` (credentials are in LastPass)
12
+ * Update the `VERSION` value in the `makefile`
13
+ * Run `make publish`
14
+
15
+ This will repackage the gem using the latest code, and push a new release to
16
+ rubygems.org
17
+
18
+ > Please remember to keep the unit tests in `spec` up to date wrt. your code
19
+ > changes.
20
+
21
+ [ruby gem]: https://rubygems.org/gems/cloud-platform-repository-checker
data/bin/cloud-platform-repository-checker CHANGED
@@ -16,8 +16,15 @@ require_relative "../lib/repository_report"
16
16
 
17
17
  ############################################################
18
18
 
19
+ # Exceptions are repos which are allowed to break the rules.
20
+ # e.g. a repo to which compiled html files for a github pages
21
+ # site can't implement branch protection, but we don't want it
22
+ # to show up as an error
23
+ exceptions = ENV["REPO_EXCEPTIONS"].to_s.split(" ")
24
+
19
25
  params = {
20
26
  organization: ENV.fetch("ORGANIZATION"),
27
+ exceptions: exceptions,
21
28
  regexp: Regexp.new(ENV.fetch("REGEXP")),
22
29
  team: ENV.fetch("TEAM"),
23
30
  github_token: ENV.fetch("GITHUB_TOKEN")
data/bin/list-master-repos.rb ADDED
@@ -0,0 +1,31 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # Script to list repositories in the ministryofjustice organisation whose names
4
+ # match a regular expression, and whose default branch is "master"
5
+
6
+ require "json"
7
+ require "net/http"
8
+ require "uri"
9
+ require "octokit"
10
+
11
+ require_relative "../lib/github_graph_ql_client"
12
+ require_relative "../lib/repository_lister"
13
+ require_relative "../lib/repository_report"
14
+
15
+ ############################################################
16
+
17
+ params = {
18
+ organization: ENV.fetch("ORGANIZATION"),
19
+ regexp: Regexp.new(ENV.fetch("REGEXP")),
20
+ team: ENV.fetch("TEAM"),
21
+ github_token: ENV.fetch("GITHUB_TOKEN")
22
+ }
23
+
24
+ repositories = RepositoryLister.new(params)
25
+ .repository_names
26
+ .inject([]) do |arr, repo_name|
27
+ report = RepositoryReport.new(params.merge(repo_name: repo_name)).report
28
+ arr << report
29
+ end
30
+
31
+ repositories.filter { |report| report.fetch(:default_branch) == "master" }.each { |report| puts report.fetch(:name) }
data/lib/repository_report.rb CHANGED
@@ -1,13 +1,14 @@
1
1
  class RepositoryReport < GithubGraphQlClient
2
- attr_reader :organization, :repo_name, :team
2
+ attr_reader :organization, :exceptions, :repo_name, :team
3
3
 
4
- MASTER = "master"
4
+ MAIN_BRANCH = "main"
5
5
  ADMIN = "admin"
6
6
  PASS = "PASS"
7
7
  FAIL = "FAIL"
8
8
 
9
9
  def initialize(params)
10
10
  @organization = params.fetch(:organization)
11
+ @exceptions = params.fetch(:exceptions) # repos which are allowed to break the rules
11
12
  @repo_name = params.fetch(:repo_name)
12
13
  @team = params.fetch(:team)
13
14
  super(params)
@@ -23,6 +24,7 @@ class RepositoryReport < GithubGraphQlClient
23
24
  {
24
25
  organization: organization,
25
26
  name: repo_name,
27
+ default_branch: default_branch,
26
28
  url: repo_url,
27
29
  status: status,
28
30
  report: all_checks_result
@@ -40,17 +42,21 @@ class RepositoryReport < GithubGraphQlClient
40
42
  end
41
43
 
42
44
  def status
43
- all_checks_result.values.all? ? PASS : FAIL
45
+ if exceptions.include?(repo_name)
46
+ PASS
47
+ else
48
+ all_checks_result.values.all? ? PASS : FAIL
49
+ end
44
50
  end
45
51
 
46
52
  def all_checks_result
47
53
  @all_checks_result ||= {
48
- has_master_branch_protection: has_master_branch_protection?,
54
+ default_branch_main: default_branch_main?,
55
+ has_main_branch_protection: has_main_branch_protection?,
49
56
  requires_approving_reviews: has_branch_protection_property?("requiresApprovingReviews"),
50
57
  requires_code_owner_reviews: has_branch_protection_property?("requiresCodeOwnerReviews"),
51
58
  administrators_require_review: has_branch_protection_property?("isAdminEnforced"),
52
59
  dismisses_stale_reviews: has_branch_protection_property?("dismissesStaleReviews"),
53
- requires_strict_status_checks: has_branch_protection_property?("requiresStrictStatusChecks"),
54
60
  team_is_admin: is_team_admin?,
55
61
  }
56
62
  end
@@ -81,6 +87,9 @@ class RepositoryReport < GithubGraphQlClient
81
87
  owner {
82
88
  login
83
89
  }
90
+ defaultBranchRef {
91
+ name
92
+ }
84
93
  branchProtectionRules(first: 50) {
85
94
  edges {
86
95
  node {
@@ -98,11 +107,15 @@ class RepositoryReport < GithubGraphQlClient
98
107
  ]
99
108
  end
100
109
 
110
+ def default_branch
111
+ repo_data.dig("data", "repository", "defaultBranchRef", "name")
112
+ end
113
+
101
114
  def is_team_admin?
102
115
  client = Octokit::Client.new(access_token: github_token)
103
116
 
104
- client.repo_teams([organization, repo_name].join("/")).select do |team|
105
- team[:name] == team && team[:permission] == ADMIN
117
+ client.repo_teams([organization, repo_name].join("/")).select do |t|
118
+ t[:name] == team && t[:permission] == ADMIN
106
119
  end.any?
107
120
  rescue Octokit::NotFound
108
121
  # This happens if our token does not have permission to view repo settings
@@ -113,11 +126,15 @@ class RepositoryReport < GithubGraphQlClient
113
126
  @rules ||= repo_data.dig("data", "repository", "branchProtectionRules", "edges")
114
127
  end
115
128
 
116
- def has_master_branch_protection?
129
+ def default_branch_main?
130
+ default_branch == MAIN_BRANCH
131
+ end
132
+
133
+ def has_main_branch_protection?
117
134
  requiring_branch_protection_rules do |rules|
118
135
 
119
136
  rules
120
- .select { |edge| edge.dig("node", "pattern") == MASTER }
137
+ .select { |edge| edge.dig("node", "pattern") == MAIN_BRANCH }
121
138
  .any?
122
139
  end
123
140
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cloud-platform-repository-checker
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Salgado
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-14 00:00:00.000000000 Z
11
+ date: 2020-08-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: octokit
@@ -24,10 +24,11 @@ dependencies:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '4'
27
- description:
27
+ description:
28
28
  email: platforms@digital.justice.gov.uk
29
29
  executables:
30
30
  - cloud-platform-repository-checker
31
+ - list-master-repos.rb
31
32
  extensions: []
32
33
  extra_rdoc_files:
33
34
  - README.md
@@ -37,6 +38,7 @@ files:
37
38
  - LICENSE
38
39
  - README.md
39
40
  - bin/cloud-platform-repository-checker
41
+ - bin/list-master-repos.rb
40
42
  - env.example
41
43
  - lib/github_graph_ql_client.rb
42
44
  - lib/repository_lister.rb
@@ -45,7 +47,7 @@ homepage: https://github.com/ministryofjustice/cloud-platform
45
47
  licenses:
46
48
  - MIT
47
49
  metadata: {}
48
- post_install_message:
50
+ post_install_message:
49
51
  rdoc_options:
50
52
  - "--main"
51
53
  - README.md
@@ -63,7 +65,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
63
65
  version: '0'
64
66
  requirements: []
65
67
  rubygems_version: 3.0.3
66
- signing_key:
68
+ signing_key:
67
69
  specification_version: 4
68
- summary: What this thing does
70
+ summary: Check that ministryofjustice/cloud-platform-* github repositories comply
71
+ with our standards
69
72
  test_files: []