drone-hunter 0.1.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 861970148bcea4b9401487878b533fb2547945f8f73805442411d0d8400c9530
-  data.tar.gz: be66196505c7ec0c23a0a510b3f75c991f78bede3cb8f51bf5db4c545183f862
+  metadata.gz: eaeb14dc51de2fee5541c680a5a100e6adfaaab2826185f63824aceb0e4039d6
+  data.tar.gz: ac3aa67b76d86918e93658123ad05c72ca5be17e86d68a0eeb13e7a7232f9208
 SHA512:
-  metadata.gz: f4cc781d6f2385f62c54626e56e31909f28d7aa223a7ed943b10bbb158b4f35f3837e9492089d20da7ee18b19596faf92f602c2a4b9cdb48ac706b33ebecbe35
-  data.tar.gz: 2d882f2bb9b1b7015f7e57388371e24bdaebfac2b5b3471c8da0f4f395587ba5b7de82cd6dbee57fc4b4df3c24f019b7f75d573734a58d6c9b768ee4d6cc1193
+  metadata.gz: 1bce4e1e93f683b9638aa51194c6a853334e425800285d3aafba6243563398522ee54fae9f610945de1ecb1b77a87656ed3891dc8ddc36b134364d7d49e81dcc
+  data.tar.gz: d474676013e09f8b3e7dbef82ddd83d4f7ae64ffe8fddb8a6a90c530ee6af71b92600036998fb5ad72c886329da03c07f178f7b2bf29efcd902cece06c595cb3

data/.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "bundler" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

data/.github/workflows/codeql-analysis.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '35 6 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'ruby' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

data/.github/workflows/gem-push.yml

@@ -0,0 +1,51 @@
+name: Ruby Gem
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  build:
+    name: Build + Publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.6.x
+
+    - name: Publish to GPR
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
+      env:
+        GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
+        OWNER: ${{ github.repository_owner }}
+    - name: Publish to Release Assets
+      uses: softprops/action-gh-release@v1
+      if: startsWith(github.ref, 'refs/tags/')
+      with:
+        files: |
+          *.gem
+          LICENSE.txt
+          CHANGELOG.md
+#     - name: Publish to RubyGems
+#       run: |
+#         mkdir -p $HOME/.gem
+#         touch $HOME/.gem/credentials
+#         chmod 0600 $HOME/.gem/credentials
+#         printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+#         gem build *.gemspec
+#         gem push *.gem
+#       env:
+#         GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"

data/CHANGELOG.md

@@ -0,0 +1,23 @@
+# Change Log
+
+## 0.4.0
+
+- [feature] added `--match-basename` option to override file basename filter.
+- [feature] added `--match-suffix` option to override file suffix filter.
+
+## 0.3.0
+
+- [feature] added `--ignore-archived` option to skip archived repositories.
+
+## 0.2.0
+
+- [config] added `--github-auto-paginate` option if you want to turn this off for some reason.
+- [feature] added `--output-normalize` option to remove cosmetic differences from dronefiles.
+
+## 0.1.1
+
+- [fix] `--output-format=files` actually works now.
+
+## 0.1.0
+
+- initial release

data/README.md

@@ -76,6 +76,12 @@ drone-hunter.output/rancherlabs/support-tools/.drone.yml
 
 The only limits are your imagination (and the GitHub API Rate Limit).
 
+## Output Normalization
+
+As of `0.2.0`, you can pass use the `--output-normalize` option to
+remove formatting differences in the dronefiles. This reduces false
+negatives when trying to identify which files are the same.
+
 ## License
 
 `drone-hunter` is available under the [MIT License](https://tldrlegal.com/license/mit-license). See `LICENSE.txt` for the full text.

data/bin/drone-hunter

@@ -49,6 +49,15 @@ def log_level_from(input)
     end
 end
 
+# accepts the same values as YAML: https://yaml.org/type/bool.html
+def boolean_from(input)
+    case input
+    when /1|true|yes|on|enabled?/i   then true
+    when /0|false|no|off|disabled?/i then false
+    else raise NotImplementedError
+    end
+end
+
 #########################
 # Default Configuration #
 #########################
@@ -58,16 +67,24 @@ config = {
     cache: {
         dir: File.expand_path(ENV.fetch("DRONE_HUNTER_CACHE_DIR", './drone-hunter.cache'))
     },
+    match: {
+        basename: Regexp.new(ENV.fetch("DRONE_HUNTER_MATCH_BASENAME", "drone")),
+        suffix: Regexp.new(ENV.fetch("DRONE_HUNTER_MATCH_SUFFIX", "[.]ya?ml") + "$")
+    },
     github: {
-        auto_paginate: true,
+        auto_paginate: boolean_from(ENV.fetch("DRONE_HUNTER_GITHUB_AUTO_PAGINATE", "true")),
         access_token: github_access_token_from_environment
     },
+    ignore: {
+        archived: boolean_from(ENV.fetch("DRONE_HUNTER_IGNORE_ARCHIVED", "false"))
+    },
     log: {
         level: log_level_from(ENV.fetch("DRONE_HUNTER_LOG_LEVEL", "info"))
     },
     output: {
         format: output_format_from(ENV.fetch("DRONE_HUNTER_OUTPUT_FORMAT", "json")),
         path: File.expand_path(ENV.fetch("DRONE_HUNTER_OUTPUT_PATH", "./drone-hunter.output")),
+        normalize: boolean_from(ENV.fetch("DRONE_HUNTER_OUTPUT_NORMALIZE", "false")),
     }
 }
 
@@ -76,11 +93,16 @@ config = {
 ################################
 
 OptionParser.new do |options|
-    options.on("-C", "--cache-dir=DIR",             "env: DRONE_HUNTER_CACHE_DIR")           { |argument| config[:cache][:dir]           = File.expand_path(argument) }
-    options.on(      "--github-access-token=TOKEN", "env: DRONE_HUNTER_GITHUB_ACCESS_TOKEN") { |argument| config[:github][:access_token] = argument }
-    options.on("-L", "--log-level=LEVEL",           "env: DRONE_HUNTER_LOG_LEVEL")           { |argument| config[:log][:level]           = log_level_from(argument) }
-    options.on("-o", "--output-format=FORMAT",      "env: DRONE_HUNTER_OUTPUT_FORMAT")       { |argument| config[:output][:format]       = output_format_from(argument) }
-    options.on("-p", "--output-path=PATH",          "env: DRONE_HUNTER_OUTPUT_PATH")         { |argument| config[:output][:path]         = File.expand_path(argument) }
+    options.on("-C", "--cache-dir=DIR",             "env: DRONE_HUNTER_CACHE_DIR")            { |argument| config[:cache][:dir]            = File.expand_path(argument) }
+    options.on(      "--github-access-token=TOKEN", "env: DRONE_HUNTER_GITHUB_ACCESS_TOKEN")  { |argument| config[:github][:access_token]  = argument }
+    options.on(      "--[no-]github-auto-paginate", "env: DRONE_HUNTER_GITHUB_AUTO_PAGINATE") { |argument| config[:github][:auto_paginate] = argument}
+    options.on("-L", "--log-level=LEVEL",           "env: DRONE_HUNTER_LOG_LEVEL")            { |argument| config[:log][:level]            = log_level_from(argument) }
+    options.on("-o", "--output-format=FORMAT",      "env: DRONE_HUNTER_OUTPUT_FORMAT")        { |argument| config[:output][:format]        = output_format_from(argument) }
+    options.on("-p", "--output-path=PATH",          "env: DRONE_HUNTER_OUTPUT_PATH")          { |argument| config[:output][:path]          = File.expand_path(argument) }
+    options.on("-N", "--[no-]output-normalize",     "env: DRONE_HUNTER_OUTPUT_NORMALIZE")     { |argument| config[:output][:normalize]     = argument }
+    options.on("-A", "--[no-]ignore-archived",      "env: DRONE_HUNTER_IGNORE_ARCHIVED")      { |argument| config[:ignore][:archived]      = argument }
+    options.on("-B", "--match-basename=REGEXP",     "env: DRONE_HUNTER_MATCH_BASENAME")       { |argument| config[:match][:basename]       = Regexp.new(argument) }
+    options.on("-S", "--match-suffix=REGEXP",       "env: DRONE_HUNTER_MATCH_SUFFIX")         { |argument| config[:match][:suffix]         = Regexp.new(argument + "$") }
 end.parse!
 
 #################
@@ -122,13 +144,20 @@ cache = Moneta.new(:File, dir: config[:cache][:dir])
 # Main Program #
 ################
 
-hunt = DroneHunter.new(owners: ARGV, log: log, github: github, cache: cache)
+hunt = DroneHunter.new(owners: ARGV, log: log, github: github, cache: cache, ignore: config[:ignore], match: config[:match])
 
 if config[:hacking]
     require "pry"
     binding.pry
 else
-    hunt.dronefiles.then do |dronefiles|
+    hunt.dronefiles.each do |dronefile|
+        if config[:output][:normalize]
+            require "yaml"
+            original = dronefile["content"]
+            normalized = YAML.dump(YAML.load(original))
+            dronefile["content"] = normalized
+        end
+    end.then do |dronefiles|
         case config[:output][:format]
         when :JSON
             require "json"

data/drone-hunter.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |gem|
-    tag = `git describe --tags --abbrev=0`.chomp
-  
+    tag = `git describe --tags --always`.chomp
+
     gem.name          = 'drone-hunter'
     gem.homepage      = 'https://github.com/colstrom/drone-hunter'
     gem.summary       = 'Hunts for Drone CI files across many repositories'

data/lib/drone_hunter.rb

@@ -7,6 +7,7 @@
 require "base64"
 require "logger"
 require "set"
+require "yaml"
 
 #########################
 # External Dependencies #
@@ -21,12 +22,20 @@ class DroneHunter
         @github ||= options.fetch(:client) { Octokit::Client.new(auto_paginate: true) }
         @cache  ||= options.fetch(:cache) { Moneta.new(:File, dir: 'drone-hunter.cache') }
         @owners ||= Set.new(options.fetch(:owners, []))
+        @ignoring ||= { archived: false }.merge(options.fetch(:ignore, {}))
+        @match  ||= { basename: /drone/, suffix: /[.]ya?ml$/ }.merge(options.fetch(:match, {}))
     end
 
     attr_reader :log
     attr_reader :github
     attr_reader :cache
     attr_reader :owners
+    attr_reader :ignoring
+    attr_reader :match
+
+    def ignoring_archived?
+        ignoring.fetch(:archived, false)
+    end
 
     def cached(key, *rest, &block)
         if cache.key?(key)
@@ -41,7 +50,9 @@ class DroneHunter
     def repositories(owner = nil)
         case owner
         when String then cached("repositories/#{owner}") { github.repositories(owner) }
-        when nil    then owners.flat_map { |owner| repositories(owner) }
+        when nil    then owners.flat_map { |owner| repositories(owner) }.reject do |repo|
+            ignoring_archived? && repo.archived
+        end
         else raise TypeError
         end
     end
@@ -73,8 +84,8 @@ class DroneHunter
     def blobs
         trees.map do |repo, tree|
             blobs = tree
-                .select { |entry| entry.path.match?(/ya?ml$/) }
-                .select { |entry| entry.path.match?(/drone/) }
+                .select { |entry| entry.path.match?(match[:suffix]) }
+                .select { |entry| entry.path.match?(match[:basename]) }
                 .map do |entry| 
                     {
                         entry.path => cached("blob/#{repo}/#{entry.sha}") { github.blob(repo, entry.sha) }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: drone-hunter
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Chris Olstrom
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-05 00:00:00.000000000 Z
+date: 2022-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: octokit
@@ -57,6 +57,10 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/dependabot.yml"
+- ".github/workflows/codeql-analysis.yml"
+- ".github/workflows/gem-push.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md