github_bot 0.1.0

data/lib/github_bot.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+Dir.glob(File.join(File.dirname(__FILE__), 'github_bot', '**/*.rb'), &method(:require))
+
+# Public: The github bot is utilized for assistance with webhook interactions provided by
+# the incoming github events
+module GithubBot
+  mattr_accessor :draw_routes_in_host_app
+  self.draw_routes_in_host_app = true
+end

data/lib/github_bot/engine.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'rails'
+
+module GithubBot
+  class Engine < ::Rails::Engine
+    isolate_namespace GithubBot
+  end
+end

data/lib/github_bot/github/check_run.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module GithubBot
+  module Github
+    # Public: Class to keep track of the check run that has been created for execution
+    class CheckRun
+      # The name/identifier of the check run
+      attr_reader :name
+
+      # Public: Create a new instance of the CheckRun
+      #
+      # @params opts [Hash] A hash of options to utilized within the check run
+      # @option opts [:symbol] :name The name of the check run
+      # @option opts [:symbol] :repo The repository the checked run will be associated
+      # @option opts [:symbol] :sha  The SHA commit for the check run to execute
+      # @option opts [:symbol] :client_api The GitHub API
+      def initialize(name:, repo:, sha:, client_api:, **opts)
+        @client_api = client_api
+        @repo = repo
+        @sha = sha
+        @name = name
+        @run = @client_api.create_check_run(
+          repo,
+          name,
+          sha,
+          opts.merge(
+            status: 'queued'
+          )
+        )
+      end
+
+      # Public: Updates the check run to be in progress
+      def in_progress!(**options)
+        update(status: 'in_progress', started_at: Time.now, **options)
+      end
+
+      # Public: Updates the check run to be complete
+      def complete!(**options)
+        update(status: 'completed', conclusion: 'success', completed_at: Time.now, **options)
+      end
+
+      # Public: Updates the check run to require action
+      def action_required!(**options)
+        update(status: 'completed', conclusion: 'action_required', completed_at: Time.now, **options)
+      end
+
+      private
+
+      def update(**options)
+        options[:accept] = Octokit::Preview::PREVIEW_TYPES[:checks]
+
+        @client_api.update_check_run(@repo, @run.id, options)
+      end
+    end
+  end
+end

data/lib/github_bot/github/client.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+
+require 'octokit'
+require 'uri'
+require_relative 'payload'
+
+module GithubBot
+  module Github
+    # Public: The Client class manages the client interactions with GitHub
+    # such as file retrieval, pull request comments, and pull request checks
+    class Client
+      # include the payload attributes
+      include GithubBot::Github::Payload
+      FILE_REMOVED_STATUS = 'removed'
+      RAW_TYPE = 'application/vnd.github.v3.raw'
+
+      class << self
+        # Public: Initialize the singleton with the incoming request information
+        #
+        # @param request [Object] The incoming request payload
+        def initialize(request)
+          @instance = new(request)
+        end
+
+        # Public: Returns the current instance of the Client
+        #
+        # @raise [StandardError] Raises error if instance has not been initialized before usage
+        def instance
+          raise StandardError, 'client not initialize' unless @instance
+
+          @instance
+        end
+      end
+
+      # Public: Creates a new instance of the Client to manage the GitHub api transactions
+      #
+      # @param request [Object] The incoming request payload
+      def initialize(request)
+        @request = request
+      end
+
+      # Public: Retrieve the contents of a file
+      #
+      # @param file [Sawyer::Resource] The file for retrieving contents
+      def file_content(file)
+        raw_contents file
+      rescue Octokit::NotFound
+        ''
+      rescue Octokit::Forbidden => e
+        if e.errors.any? && e.errors.first[:code] == 'too_large'
+          # revert to using the raw_url for getting the content
+          return URI.parse(file.raw_url).open.read
+        end
+
+        raise e
+      end
+
+      # Public: Return the modified files, excluding those that have been removed, from the pull request
+      #
+      # @return [Array<Sawyer::Resource>] A list of modified files impacted with the current pull request
+      def modified_files
+        files.reject do |github_file|
+          github_file.status == FILE_REMOVED_STATUS
+        end
+      end
+
+      # Public: Returns an array of all the files impacted with the current pull request
+      #
+      # @return [Array<Sawyer::Resource>] A list of all files impacted with the current pull request
+      def files
+        return [] if pull_request.nil?
+
+        @files ||= client.pull_request_files(repository_full_name, pull_request_number)
+      end
+
+      # Public: Added a comment to the existing pull request
+      #
+      # @param opts [Hash] The parameter options for adding a comment
+      # @option opts [:symbol] :message The message to add to the pull request
+      def comment(message:, **opts)
+        client.add_comment(repository_full_name, pull_request_number, message, **opts)
+      end
+
+      # Public: Creates a GitHub check run for execution
+      #
+      # @return [GithubBot::Github::CheckRun] The created check run
+      def create_check_run(name:, **opts)
+        CheckRun.new(
+          name: name,
+          repo: repository_full_name,
+          sha: head_sha,
+          client_api: client,
+          **opts
+        )
+      end
+
+      # Public: Returns a GitHub pull request object with the details of the current request
+      #
+      # @return [Sawyer::Resource] The pull request details associated to current request
+      def pull_request_details
+        @pull_request_details ||= client.pull_request(repository[:full_name], pull_request[:number])
+      end
+
+      # Public: Returns the current list of pull request reviewers
+      #
+      # @return [Array<Sawyer::Resource>] The list of current pull request reviewers
+      def pull_request_reviewers
+        @pull_request_reviewers ||= client.pull_request_reviews(
+          repository[:full_name],
+          pull_request[:number]
+        ).sort_by(&:submitted_at)
+      end
+
+      # Public: Returns the current list of approving pull request reviewers
+      #
+      # @return [Array<Sawyer::Resource>] The list of approving pull request reviewers
+      def approving_reviewers
+        pull_request_reviewers.select { |r| r.state == 'APPROVED' }
+      end
+
+      # Public: Returns the current list of request comments
+      #
+      # @return [Array<Sawyer::Resource>] The list of pull request comments
+      def pull_request_comments
+        @pull_request_comments ||= client.issue_comments(
+          repository[:full_name],
+          pull_request[:number]
+        ).sort_by(&:created_at)
+      end
+
+      private
+
+      # Decode the content retrieved from GitHub
+      #
+      # @param content [Sawyer::Resource] The content returned from GitHub to decode
+      # @return [String] Returns the Base64-decoded version of the content
+      def decode(content)
+        content&.content ? Base64.decode64(content.content).force_encoding('UTF-8') : ''
+      end
+
+      # Decode the contents of the file
+      def decode_contents(file)
+        decode(client.contents(repository_full_name, path: file.filename, ref: head_sha))
+      end
+
+      # Get raw contents from passed file
+      def raw_contents(file)
+        client.contents(repository_full_name, path: file.filename, ref: head_sha, headers: { 'Accept': RAW_TYPE })
+      end
+
+      # Returns an instance of the GitHub client API to utilize
+      def client
+        @client ||= Octokit::Client.new(access_token: installation_access_token, auto_paginate: true)
+      end
+
+      # Gets an access token associated to the request
+      def installation_access_token
+        Octokit::Client.new(bearer_token: private_key).create_installation_access_token(installation_id)[:token]
+      end
+
+      # Gets the private key associated to the GitHub application
+      def private_key
+        private_pem =
+          if ENV['GITHUB_APP_PEM_PATH']
+            File.read(Rails.root.join(ENV['GITHUB_APP_PEM_PATH']))
+          elsif ENV['GITHUB_APP_PEM_V2']
+            ENV['GITHUB_APP_PEM_V2'].gsub('\\\n', "\n")
+          elsif ENV['GITHUB_APP_PEM']
+            ENV['GITHUB_APP_PEM'].gsub('\n', "\n")
+          else
+            raise StandardError, "'GITHUB_APP_PEM_PATH' or 'GITHUB_APP_PEM' needs to be set"
+          end
+
+        private_key = OpenSSL::PKey::RSA.new(private_pem)
+
+        current = Time.current.to_i
+
+        payload = {
+          iat: current,
+          exp: current + (10 * 60),
+          iss: ENV['GITHUB_APP_IDENTIFIER']
+        }
+        JWT.encode(payload, private_key, 'RS256')
+      end
+
+      # relay messages to Octokit::Client if responds to allow extension
+      # of the client and extend/overwrite those concerned with
+      def method_missing(method, *args, &block)
+        return super unless respond_to_missing?(method)
+
+        return payload[method] if payload.key?(method)
+
+        client.send(method, *args, &block)
+      end
+
+      # because tasks are executed by a validator, some methods are relayed across
+      # from the task back to the validator.  this override checks for that existence
+      def respond_to_missing?(method, *args)
+        payload.key?(method) || client.respond_to?(method, *args)
+      end
+    end
+  end
+end

data/lib/github_bot/github/payload.rb

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+require 'open-uri'
+require 'json'
+require 'yaml'
+
+module GithubBot
+  module Github
+    # The GitHub webhook payload information
+    # @see https://developer.github.com/webhooks/event-payloads/#webhook-payload-object-common-properties
+    module Payload
+      # Public: Returns the installation identifier associated to the event
+      #
+      # @return [Integer] identifier of the GitHub App installation
+      def installation_id
+        payload[:installation][:id]
+      end
+
+      # Public: Return <true> if the payload event type is of type 'pull_request'; otherwise, <false>
+      def pull_request?
+        payload_type == 'pull_request'
+      end
+
+      # Public: Return <true> if the payload event type is of type 'check_run'; otherwise, <false>
+      def check_run?
+        payload_type == 'check_run'
+      end
+
+      # Public: Return <true> if the payload event type is of type 'review_requested'; otherwise, <false>
+      def review_requested?
+        payload_type == 'review_requested'
+      end
+
+      # Public: Return <true> if the payload event type is of type 'review_request_removed'; otherwise, <false>
+      def review_request_removed?
+        payload_type == 'review_request_removed'
+      end
+
+      # Public: Return <true> if the action type is of type 'issue_comment'; otherwise, <false>
+      # This is used for all other comment triggered issue_comment events
+      def issue_comment?
+        payload_type == 'issue_comment'
+      end
+
+      # Public: Return <true> if the payload event type is of type 'labeled'; otherwise, <false>
+      def labeled?
+        payload_type == 'labeled'
+      end
+
+      # Public: Return <true> if the payload event type is of type 'unlabeled'; otherwise, <false>
+      def unlabeled?
+        payload_type == 'unlabeled'
+      end
+
+      # Public: Return the activity related to the pull request
+      #
+      # @return [Hash] The activity related to the pull request
+      def pull_request
+        if pull_request?
+          payload[:pull_request]
+        elsif check_run?
+          payload[:check_run][:pull_requests].first
+        elsif issue_comment?
+          payload[:issue]
+        else
+          payload.key?(:pull_request) ? payload[:pull_request] : {}
+        end
+      end
+
+      # Public: Returns <true> if the sender is of type 'Bot'; otherwise, <false>
+      def sender_type_bot?
+        payload[:sender][:type].downcase == 'bot' # rubocop:disable Performance/Casecmp
+      end
+
+      # Public: Returns the pull request number from the payload
+      #
+      # @return [Integer] The pull request number from the payload
+      def pull_request_number
+        pull_request[:number]
+      end
+
+      # Public: Returns the SHA of the most recent commit for this pull request
+      #
+      # @return [String] The SHA of the most recent commit for this pull request
+      def head_sha
+        if issue_comment?
+          'HEAD'
+        else
+          pull_request[:head][:sha]
+        end
+      end
+
+      # Public: Returns the head branch that the changes are on
+      #
+      # @return [String] The head branch that the changes are on
+      def head_branch
+        pull_request[:head][:ref]
+      end
+
+      # Public: Returns the base branch that the head was based on
+      #
+      # @return [String] The base branch that the head was based on
+      def base_branch
+        pull_request[:base][:ref]
+      end
+
+      # Public: Returns the pull request body content
+      #
+      # @return [String] The pull request body content
+      def pull_request_body
+        pull_request[:body]
+      end
+
+      # Public: Returns the name of the repository where the event was triggered
+      #
+      # @return [String] The name of the repository where the event was triggered
+      def repository_name
+        repository[:name]
+      end
+
+      # Public: Returns the organization and repository name
+      #
+      # @return [String] The organization and repository name
+      def repository_full_name
+        repository[:full_name]
+      end
+
+      # Public: Returns the repository URL utilized for performing a 'git clone'
+      #
+      # @return [String] The repository URL utilized for performing a 'git clone'
+      def repository_clone_url
+        repository[:clone_url]
+      end
+
+      # Public: Returns the repository fork URL from the original project with the most
+      # recent updated forked instance first
+      #
+      # @return [Array] The array of [String] URLs associated to the forked repositories
+      def repository_fork_urls
+        return @repository_fork_urls if @repository_fork_urls
+
+        @repository_fork_urls =
+          [].tap do |ar|
+            json = URI.parse(repository[:forks_url]).open.read
+            JSON.parse(json).sort_by { |i| Date.parse i['updated_at'] }.reverse_each do |fork|
+              ar << fork['clone_url']
+            end
+          end
+      end
+
+      # Public: Returns the repository default branch
+      #
+      # @return [String] The repository default branch
+      def repository_default_branch
+        repository[:default_branch]
+      end
+
+      # Public: Returns a list of class object names to create for validation
+      #
+      # @return [Array<String>] A list of strings associated to the class object validators
+      def repository_pull_request_bots
+        return @repository_pull_request_bots if @repository_pull_request_bots
+
+        file = raw_file_url('.github-bots')
+        @repository_pull_request_bots = [].tap do |ar|
+          if file
+            resp = YAML.safe_load(URI.parse(file).open.read)
+            ar << resp['pull_request'] if resp['pull_request']
+          end
+        end.flatten
+      rescue SyntaxError => e
+        Rails.logger.error message: "Error parsing file '#{file}'", exception: e
+
+        # Allow continuation of process just won't utilize any bot validations until
+        # parsing error of file is corrected
+        {}
+      end
+
+      private
+
+      def method_missing(method_name, *args)
+        payload[method_name] || super
+      end
+
+      def respond_to_missing?(method, *args)
+        payload.key?(method) || super
+      end
+
+      def raw_file_url(path)
+        # https://github.com/api/v3/repos/poloka/foo-config/contents/.github-bot?ref=
+        content_file = File.join(repository_contents_url, "#{path}?ref=#{head_sha}")
+        JSON.parse(URI.parse(content_file).open(&:read))['download_url']
+      rescue ::OpenURI::HTTPError => e
+        raise StandardError, "file '#{content_file}' not found" unless /404 Not Found/i.match?(e.message)
+      end
+
+      def repository_contents_url
+        # drop the last 'path' portion of the API endpoint
+        # https://github.com/api/v3/repos/poloka/foo-config/contents/{+path}
+        repository[:contents_url].split('/')[0...-1].join('/')
+      end
+
+      def payload
+        @payload ||= verify_webhook_signature(payload_body, @request.env['HTTP_X_HUB_SIGNATURE'])
+      end
+
+      def payload_body
+        @payload_body ||= @request.body.read
+      end
+
+      def payload_type
+        @request.env['HTTP_X_GITHUB_EVENT'] if @request
+      end
+
+      def verify_webhook_signature(payload, payload_signature)
+        signature = 'sha1=' + OpenSSL::HMAC.hexdigest(
+          OpenSSL::Digest.new('sha1'),
+          ENV['GITHUB_WEBHOOK_SECRET'],
+          payload
+        )
+        Rack::Utils.secure_compare(signature, payload_signature) ? JSON.parse(payload).with_indifferent_access : false
+      end
+    end
+  end
+end