multi_repo 0.1.0

data/lib/multi_repo/service/code_climate.rb

@@ -0,0 +1,119 @@
+module MultiRepo::Service
+  class CodeClimate
+    def self.api_token
+      @api_token ||= ENV["CODECLIMATE_API_TOKEN"]
+    end
+
+    def self.api_token=(token)
+      @api_token = token
+    end
+
+    def self.badge_name
+      "Code Climate"
+    end
+
+    def self.badge_details(repo)
+      {
+        "description" => badge_name,
+        "image"       => "https://codeclimate.com/github/#{repo.name}.svg",
+        "url"         => "https://codeclimate.com/github/#{repo.name}"
+      }
+    end
+
+    def self.coverage_badge_name
+      "Test Coverage"
+    end
+
+    def self.coverage_badge_details(repo)
+      {
+        "description" => coverage_badge_name,
+        "image"       => "https://codeclimate.com/github/#{repo.name}/badges/coverage.svg",
+        "url"         => "https://codeclimate.com/github/#{repo.name}/coverage"
+      }
+    end
+
+    attr_reader :repo, :dry_run
+
+    def initialize(repo, dry_run: false, **_)
+      @repo    = repo
+      @dry_run = dry_run
+    end
+
+    def save!
+      write_codeclimate_yaml
+      write_rubocop_yamls
+    end
+
+    def enable
+      ensure_enabled
+    end
+
+    def badge_details
+      self.class.badge_details(repo)
+    end
+
+    def coverage_badge_details
+      self.class.coverage_badge_details(repo)
+    end
+
+    def test_reporter_id
+      ensure_enabled
+      @response.dig("data", 0, "attributes", "test_reporter_id")
+    end
+
+    def create_repo_secret
+      Github.new(dry_run: dry_run).create_or_update_repository_secret(repo.name, "CC_TEST_REPORTER_ID", test_reporter_id)
+    end
+
+    private
+
+    def ensure_enabled
+      return if @enabled
+
+      require 'rest-client'
+      require 'json'
+
+      @response =
+        if dry_run
+          puts "** dry-run: RestClient.get(\"https://api.codeclimate.com/v1/repos?github_slug=#{repo.name}\", #{headers})".light_black
+          {"data" => [{"attributes" => {"badge_token" => "0123456789abdef01234", "test_reporter_id" => "0123456789abcedef0123456789abcedef0123456789abcedef0123456789abc"}}]}
+        else
+          JSON.parse(RestClient.get("https://api.codeclimate.com/v1/repos?github_slug=#{repo.name}", headers))
+        end
+
+      if @response["data"].empty?
+        payload = {"data" => {"type" => "repos", "attributes" => {"url" => "https://github.com/#{repo.name}"}}}.to_json
+        @response = JSON.parse(RestClient.post("https://api.codeclimate.com/v1/github/repos", payload, headers))
+        @response["data"] = [@response["data"]]
+      end
+
+      @enabled = true
+    end
+
+    def headers
+      token = self.class.api_token
+      raise "Missing CodeClimate API Token" if token.nil?
+
+      {
+        :accept        => "application/vnd.api+json",
+        :content_type  => "application/vnd.api+json",
+        :authorization => "Token token=#{token}"
+      }
+    end
+
+    def write_codeclimate_yaml
+      write_generator_file(".codeclimate.yml")
+    end
+
+    def write_rubocop_yamls
+      %w[.rubocop.yml .rubocop_cc.yml .rubocop_local.yml].each do |file|
+        write_generator_file(file)
+      end
+    end
+
+    def write_generator_file(file)
+      content = RestClient.get("https://raw.githubusercontent.com/ManageIQ/manageiq/master/lib/generators/manageiq/plugin/templates/#{file}").body
+      repo.write_file(file, content, dry_run: dry_run)
+    end
+  end
+end

data/lib/multi_repo/service/docker.rb

@@ -0,0 +1,178 @@
+module MultiRepo::Service
+  class Docker
+    def self.registry
+      @registry ||= ENV.fetch("DOCKER_REGISTRY")
+    end
+
+    def self.registry=(endpoint)
+      @registry = endpoint
+    end
+
+    def self.clear_cache
+      FileUtils.rm_f(Dir.glob("/tmp/docker-*"))
+    end
+
+    SMALL_IMAGE = "hello-world:latest".freeze
+
+    def self.ensure_small_image
+      return @has_small_image if defined?(@has_small_image)
+
+      return false unless system?("docker pull #{SMALL_IMAGE} &>/dev/null")
+
+      @has_small_image = true
+    end
+
+    def self.tag_small_image(fq_path)
+      return false unless ensure_small_image
+
+      system?("docker tag #{SMALL_IMAGE} #{fq_path}") &&
+        system?("docker push #{fq_path}") &&
+        system?("docker rmi #{fq_path}")
+    end
+
+    def self.system?(command, dry_run: false, verbose: true)
+      if dry_run
+        puts "+ dry_run: #{command}".light_black
+        true
+      else
+        puts "+ #{command}".light_black
+        system(command)
+      end
+    end
+
+    def self.system!(command, **kwargs)
+      exit($?.exitstatus) unless system?(command, **kwargs)
+    end
+
+    attr_accessor :registry, :cache, :dry_run
+
+    def initialize(registry: self.class.registry, cache: true, dry_run: false)
+      require "rest-client"
+      require "fileutils"
+      require "json"
+
+      @registry = registry
+
+      @cache   = cache
+      @dry_run = dry_run
+
+      self.class.clear_cache unless cache
+    end
+
+    def tags(image, **kwargs)
+      path = File.join("v2", image, "tags/list")
+      cache_file = "/tmp/docker-tags-#{image.tr("/", "-")}-raw-#{Date.today}.json"
+      request(:get, path, **kwargs).tap do |data|
+        File.write(cache_file, JSON.pretty_generate(data))
+      end["tags"]
+    end
+
+    def retag(image, new_image)
+      system?("skopeo copy --multi-arch all docker://#{image} docker://#{new_image}", dry_run: dry_run)
+    end
+
+    def delete_registry_tag(image, tag, **kwargs)
+      path = File.join("v2", image, "manifests", tag)
+      request(:delete, path, **kwargs)
+      true
+    rescue RestClient::NotFound => err
+      # Ignore deletes on 404s because they are either already deleted or the tag is orphaned.
+      raise unless err.http_code == 404
+      false
+    end
+
+    def force_delete_registry_tag(image, tag, **kwargs)
+      return true if delete_registry_tag(image, tag, **kwargs)
+
+      # The tag is likely orphaned, so recreate the tag with a new image, then immediately delete it
+      fq_path = File.join(registry, "#{image}:#{tag}")
+      self.class.tag_small_image(fq_path) &&
+        delete_registry_tag(image, tag, **kwargs)
+    end
+
+    def run(image, command, platform: nil)
+      system_capture!("docker run --rm -it #{"--platform=#{platform} " if platform} #{image} #{command}")
+    end
+
+    def fetch_image_by_sha(source_image, tag: nil, platform: nil)
+      source_image_name, _source_image_sha = source_image.split("@")
+
+      system!("docker pull #{"--platform=#{platform} " if platform}#{source_image}")
+      system!("docker tag #{source_image} #{source_image_name}:#{tag}") if tag
+
+      true
+    end
+
+    def remove_images(*images)
+      command = "docker rmi #{images.join(" ")}"
+
+      # Don't use system_capture! as this is expected to fail if the image does not exist.
+      if dry_run
+        puts "+ dry_run: #{command}".light_black
+      else
+        puts "+ #{command}".light_black
+        `#{command} 2>/dev/null`
+      end
+    end
+
+    def manifest_inspect(image)
+      command = "docker manifest inspect #{image}"
+
+      cache_file = "/tmp/docker-manifest-#{image.split("@").last}.txt"
+      if cache && File.exist?(cache_file)
+        puts "+ cached: #{command}".light_black
+        data = File.read(cache_file)
+      else
+        data = system_capture(command)
+        File.write(cache_file, data)
+      end
+
+      data.blank? ? {} : JSON.parse(data)
+    end
+
+    private
+
+    def request(verb, path, body: nil, headers: {}, verbose: true)
+      path = File.join(registry, path)
+
+      if dry_run && %i[delete put post patch].include?(verb)
+        puts "+ dry_run: #{verb.to_s.upcase} #{path}".light_black if verbose
+        {}
+      else
+        puts "+ #{verb.to_s.upcase} #{path}".light_black if verbose
+        response =
+          if %i[put post patch].include?(verb)
+            RestClient.send(verb, path, body, headers)
+          else
+            RestClient::Request.execute(:method => verb, :url => path, :headers => headers, :read_timeout => 300) do |response, request, result|
+              if verb == :delete && response.code == 301 # Moved Permanently
+                response.follow_redirection
+              else
+                response.return!
+              end
+            end
+          end
+        response.empty? ? {} : JSON.parse(response)
+      end
+    end
+
+    def system?(command, **kwargs)
+      self.class.system?(command, **kwargs)
+    end
+
+    def system!(command, **kwargs)
+      self.class.system!(command, **kwargs)
+    end
+
+    def system_capture(command)
+      puts "+ #{command}".light_black
+      `#{command}`.chomp
+    end
+
+    def system_capture!(command)
+      system_capture(command).tap do
+        exit($?.exitstatus) if $?.exitstatus != 0
+      end
+    end
+  end
+end

data/lib/multi_repo/service/git/minigit_capturing_patch.rb

@@ -0,0 +1,12 @@
+module MultiRepo
+  module Git
+    module MiniGitCapturingPatch
+      def system(*args)
+        `#{Shellwords.join(args)} 2>&1`
+      end
+    end
+  end
+end
+
+require "minigit"
+MiniGit::Capturing.prepend(MultiRepo::Git::MiniGitCapturingPatch)

data/lib/multi_repo/service/git.rb

@@ -0,0 +1,90 @@
+require "active_support/core_ext/object/blank"
+
+module MultiRepo::Service
+  class Git
+    def self.client(path:, clone_source:)
+      require "minigit"
+      require_relative "git/minigit_capturing_patch"
+
+      retried = false
+      MiniGit.debug = true if ENV["GIT_DEBUG"]
+      MiniGit.new(path)
+    rescue ArgumentError => err
+      raise if retried
+      raise unless err.message.include?("does not seem to exist")
+
+      clone(clone_source: clone_source, path: path)
+      retried = true
+      retry
+    end
+
+    def self.clone(clone_source:, path:)
+      require "minigit"
+      require "shellwords"
+
+      args = ["clone", clone_source, path]
+      command = Shellwords.join(["git", *args])
+      command << " &>/dev/null" unless ENV["GIT_DEBUG"]
+      puts "+ #{command}" if ENV["GIT_DEBUG"] # Matches the output of MiniGit
+
+      raise MiniGit::GitError.new(args, $?) unless system(command)
+    end
+
+    attr_reader :dry_run, :client
+
+    def initialize(path:, clone_source:, dry_run: false)
+      require "minigit"
+
+      @dry_run = dry_run
+      @client  = self.class.client(path: path, clone_source: clone_source)
+    end
+
+    def fetch(output: false)
+      client = output ? self.client : self.client.capturing
+
+      client.fetch(:all => true, :tags => true)
+    end
+
+    def hard_checkout(branch, source = "origin/#{branch}", output: false)
+      client = output ? self.client : self.client.capturing
+
+      client.reset(:hard => true)
+      client.clean("-xdf")
+      client.checkout("-B", branch, source)
+    end
+
+    def destroy_tag(tag, output: false)
+      client = output ? self.client : self.client.capturing
+
+      if dry_run
+        puts "** dry-run: git tag --delete #{tag}".light_black
+      else
+        client.tag({:delete => true}, tag)
+      end
+    rescue MiniGit::GitError
+      # Ignore missing tags because we want them destroyed anyway
+      nil
+    end
+
+    def branch?(branch)
+      client.capturing.rev_parse("--verify", branch)
+    rescue MiniGit::GitError
+      false
+    else
+      true
+    end
+    alias_method :tag?, :branch?
+
+    def remote?(remote)
+      client.capturing.remote("show", remote)
+    rescue MiniGit::GitError => e
+      false
+    else
+      true
+    end
+
+    def remote_branch?(remote, branch)
+      client.capturing.ls_remote(remote, branch).present?
+    end
+  end
+end

data/lib/multi_repo/service/github.rb

@@ -0,0 +1,238 @@
+require 'active_support/core_ext/module/delegation'
+
+module MultiRepo::Service
+  class Github
+    def self.api_token
+      @api_token ||= ENV["GITHUB_API_TOKEN"]
+    end
+
+    def self.api_token=(token)
+      @api_token = token
+    end
+
+    def self.api_endpoint
+      @api_endpoint ||= ENV["GITHUB_API_ENDPOINT"]
+    end
+
+    def self.api_endpoint=(endpoint)
+      @api_endpoint = endpoint
+    end
+
+    def self.client
+      @client ||= begin
+        raise "Missing GitHub API Token" if api_token.nil?
+
+        params = {
+          :api_endpoint  => api_endpoint,
+          :access_token  => api_token,
+          :auto_paginate => true
+        }.compact
+
+        require 'octokit'
+        Octokit::Client.new(params)
+      end
+    end
+
+    def self.org_repo_names(org, include_forks: false, include_archived: false)
+      repos = client.list_repositories(org, :type => "sources")
+      repos.reject!(&:fork?) unless include_forks
+      repos.reject!(&:archived?) unless include_archived
+      repos.map(&:full_name).sort
+    end
+
+    def self.valid_milestone_date?(date)
+      !!parse_milestone_date(date)
+    end
+
+    def self.parse_milestone_date(date)
+      require "active_support/core_ext/time"
+      ActiveSupport::TimeZone.new('Pacific Time (US & Canada)').parse(date) # LOL GitHub, TimeZones are hard
+    end
+
+    def self.find_milestone_by_title(repo_name, title)
+      client.list_milestones(repo_name, :state => :all).detect { |m| m.title.casecmp?(title) }
+    end
+
+    def self.org_member_names(org)
+      client.org_members(org).map(&:login).sort_by(&:downcase)
+    end
+
+    def self.find_team_by_name(org, team)
+      client.org_teams(org).detect { |t| t.slug == team }
+    end
+
+    def self.team_members(org, team)
+      team_id = find_team_by_name(org, team)&.id
+      team_id ? client.team_members(team_id) : []
+    end
+
+    def self.team_member_names(org, team)
+      team_members(org, team).map(&:login).sort_by(&:downcase)
+    end
+
+    def self.team_ids_by_name(org)
+      @team_ids ||= {}
+      @team_ids[org] ||= client.org_teams(org).map { |t| [t.slug, t.id] }.sort.to_h
+    end
+
+    def self.team_names(org)
+      team_ids(org).keys
+    end
+
+    def self.disabled_workflows(repo_name)
+      client.workflows(repo_name)[:workflows].select { |w| w.state == "disabled_inactivity" }
+    end
+
+    attr_reader :dry_run
+
+    def initialize(dry_run: false)
+      require "octokit"
+
+      @dry_run = dry_run
+    end
+
+    delegate :client,
+             :org_repo_names,
+             :find_milestone_by_title,
+             :org_member_names,
+             :find_team_by_name,
+             :team_members,
+             :team_member_names,
+             :team_ids_by_name,
+             :team_names,
+             :disabled_workflows,
+             :to => :class
+
+    def edit_repository(repo_name, settings)
+      if dry_run
+        puts "** dry-run: github.edit_repository(#{repo_name.inspect}, #{settings.inspect[1..-2]})".light_black
+      else
+        client.edit_repository(repo_name, settings)
+      end
+    end
+
+    def create_label(repo_name, label, color)
+      if dry_run
+        puts "** dry-run: github.add_label(#{repo_name.inspect}, #{label.inspect}, #{color.inspect})".light_black
+      else
+        client.add_label(repo_name, label, color)
+      end
+    end
+
+    def update_label(repo_name, label, color: nil, name: nil)
+      settings = {:color => color, :name => name}.compact
+      raise ArgumentError, "one of color or name must be passed" if settings.empty?
+
+      if dry_run
+        puts "** dry-run: github.update_label(#{repo_name.inspect}, #{label.inspect}, #{settings.inspect[1..-2]})".light_black
+      else
+        client.update_label(repo_name, label, settings)
+      end
+    end
+
+    def delete_label!(repo_name, label)
+      if dry_run
+        puts "** dry-run: github.delete_label!(#{repo_name.inspect}, #{label.inspect})".light_black
+      else
+        client.delete_label!(repo_name, label)
+      end
+    end
+
+    def create_milestone(repo_name, title, due_on)
+      if dry_run
+        puts "** dry-run: github.create_milestone(#{repo_name.inspect}, #{title.inspect}, :due_on => #{due_on.strftime("%Y-%m-%d").inspect})".light_black
+      else
+        client.create_milestone(repo_name, title, :due_on => due_on)
+      end
+    end
+
+    def update_milestone(repo_name, milestone_number, due_on)
+      if dry_run
+        puts "** dry-run: github.update_milestone(#{repo_name.inspect}, #{milestone_number}, :due_on => #{due_on.strftime("%Y-%m-%d").inspect})".light_black
+      else
+        client.update_milestone(repo_name, milestone_number, :due_on => due_on)
+      end
+    end
+
+    def close_milestone(repo_name, milestone_number)
+      if dry_run
+        puts "** dry-run: github.update_milestone(#{repo_name.inspect}, #{milestone_number}, :state => 'closed')".light_black
+      else
+        client.update_milestone(repo_name, milestone_number, :state => "closed")
+      end
+    end
+
+    def protect_branch(repo_name, branch, settings)
+      if dry_run
+        puts "** dry-run: github.protect_branch(#{repo_name.inspect}, #{branch.inspect}, #{settings.inspect[1..-2]})".light_black
+      else
+        client.protect_branch(repo_name, branch, settings)
+      end
+    end
+
+    def add_team_membership(org, team, user)
+      team_id = team_ids_by_name(org)[team]
+
+      if dry_run
+        puts "** dry-run: github.add_team_membership(#{team_id.inspect}, #{user.inspect})".light_black
+      else
+        client.add_team_membership(team_id, user)
+      end
+    end
+
+    def remove_team_membership(org, team, user)
+      team_id = team_ids_by_name(org)[team]
+
+      if dry_run
+        puts "** dry-run: github.remove_team_membership(#{team_id.inspect}, #{user.inspect})".light_black
+      else
+        client.remove_team_membership(team_id, user)
+      end
+    end
+
+    def remove_collaborator(repo_name, user)
+      if dry_run
+        puts "** dry-run: github.remove_collaborator(#{repo_name.inspect}, #{user.inspect})".light_black
+      else
+        client.remove_collaborator(repo_name, user)
+      end
+    end
+
+    def enable_workflow(repo_name, workflow_number)
+      command = "repos/#{repo_name}/actions/workflows/#{workflow_number}/enable"
+
+      if dry_run
+        puts "** dry-run: github.put(#{command.inspect})".light_black
+      else
+        client.put(command)
+      end
+    end
+
+    def create_or_update_repository_secret(repo_name, key, value)
+      payload = encode_secret(repo_name, value)
+
+      if dry_run
+        puts "** dry-run: github.create_or_update_secret(#{repo_name.inspect}, #{key.inspect}, #{payload.inspect})".light_black
+      else
+        client.create_or_update_secret(repo_name, key, payload)
+      end
+    end
+
+    private def encode_secret(repo_name, value)
+      require "rbnacl"
+      require "base64"
+
+      repo_public_key = client.get_public_key(repo_name)
+      decoded_repo_public_key = Base64.decode64(repo_public_key.key)
+      public_key = RbNaCl::PublicKey.new(decoded_repo_public_key)
+      box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
+      encrypted_value = box.encrypt(value)
+      encoded_encrypted_value = Base64.strict_encode64(encrypted_value)
+
+      {
+        "encrypted_value" => encoded_encrypted_value,
+        "key_id"          => repo_public_key.key_id
+      }
+    end
+  end
+end