neetob 0.5.69 → 0.5.77

data/lib/neetob/cli/monthly_audit/security/github/dependabot_turned_on.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative "../../../github/repositories/get_security_details.rb"
+require "json"
 
 module Neetob
   class CLI
@@ -13,29 +14,32 @@ module Neetob
             end
 
             def run
-              ui.success("### 1.2.1. [Manual] Checking whether dependabot is turned on for the repository")
-              ui.info "\n"
-              ui.info "#### Please manually check and add Yes/No for all the following checks on the Honeybadger dashboard for the apps listed in the table below:"
-              ui.info "- Repository > Settings > Code security > Dependabot alerts are enabled"
-              ui.info "- Repository > Settings > Code security > Dependabot security updates are enabled"
-              ui.info "- Repository > Settings > Actions > Dependabot on Actions runners is enabled"
-              ui.info "- Finally, set Audit Passed as Yes only if all the checks are passed for the app, otherwise set it as No, and add a comment in the Comments column"
-              ui.info "\n"
+              ui.success("### 1.2.1. Checking whether dependabot is turned on for the repository")
+              result = run_dependabot_check
+              formatted_result = extract_json_array_from_output(result)
+              create_issue(formatted_result)
+              ui.print_table(formatted_result)
+            end
+
+            private
 
-              repo_data = [[
-                "Repository",
-                "Dependabot alerts enabled",
-                "Dependabot security updates enabled",
-                "Dependabot on Actions runners",
-                "Comments",
-                "Audit Passed"
-                ]
-              ]
-              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
-                repo_data << [repo, nil, nil, nil, nil]
+              def run_dependabot_check
+                `yarn audit:dependabot`
+              end
+
+              def create_issue(formatted_result)
+                formatted_result.drop(1).each do |result|
+                  repo = result[0].split("]")[0].gsub("[", "")
+                  audit_passed = result.last == "Yes"
+                  if !audit_passed
+                    comment = "Dependabot alerts or security updates are not enabled for this repository."
+                    issue_url = GithubIssueCreation.new.create_issue(
+                      repo:, title: "Fix Dependabot settings",
+                      description: comment)
+                    result[-1] += " #{issue_url}" if issue_url
+                  end
+                end
               end
-              ui.print_table(repo_data)
-            end
           end
         end
       end

data/lib/neetob/cli/neeto_deploy/autoscaling_config.rb

@@ -12,7 +12,7 @@ module Neetob
         end
 
         def run
-          result = `neetodeploy autoscaling_config list -a #{app}`
+          result = `bundle exec neetodeploy autoscaling_config list -a #{app}`
           if Thread.current[:audit_mode]
             JSON.parse(result) rescue result
           else

data/lib/neetob/cli/neeto_deploy/certificates.rb

@@ -14,7 +14,7 @@ module Neetob
         end
 
         def run
-          certificates_command_result = `neetodeploy certificates list -a #{app}`
+          certificates_command_result = `bundle exec neetodeploy certificates list -a #{app}`
           parseable_result = certificates_command_result.strip.gsub("=>", ":")
 
           parsed_certificates_result = JSON.parse(parseable_result)

data/lib/neetob/cli/neeto_deploy/commands.rb

@@ -5,6 +5,7 @@ require_relative "config_vars/commands"
 require_relative "./autoscaling_config"
 require_relative "./scheduled_exports"
 require_relative "./certificates"
+require_relative "./unique_email_domains"
 
 module Neetob
   class CLI
@@ -30,6 +31,12 @@ module Neetob
         def certificates
           Certificates.new(options[:app]).run
         end
+
+        desc "unique_email_domains", "Get the unique email domains for an app deployed on NeetoDeploy"
+        option :app, type: :string, aliases: :a, desc: "App name"
+        def unique_email_domains
+          UniqueEmailDomains.new(options[:app]).run
+        end
       end
     end
   end

data/lib/neetob/cli/neeto_deploy/config_vars/list.rb

@@ -20,7 +20,7 @@ module Neetob
             results = []
             matching_apps.each do |app|
               ui.info("\nConfig of #{app}\n") unless Thread.current[:audit_mode]
-              result = `neetodeploy env list -a #{app}`
+              result = `bundle exec neetodeploy env list -a #{app}`
               results << result
               ui.success(result) unless Thread.current[:audit_mode]
             end

data/lib/neetob/cli/neeto_deploy/config_vars/remove.rb

@@ -21,7 +21,7 @@ module Neetob
             matching_apps.each do |app|
               ui.info("\nWorking on #{app}")
               keys.each do |key|
-                ui.info(`neetodeploy env unset #{key} -a #{app}`)
+                ui.info(`bundle exec neetodeploy env unset #{key} -a #{app}`)
               end
             end
           end

data/lib/neetob/cli/neeto_deploy/config_vars/upsert.rb

@@ -48,7 +48,7 @@ required_config_vars_with_project_keys_json_file_path, sandbox = false)
             def upsert_config_variables(app, vars)
               ui.info("\nWorking on #{app}")
               vars.each do |key, val|
-                ui.info(`neetodeploy env set #{key}='#{val}' -a #{app}`)
+                ui.info(`bundle exec neetodeploy env set #{key}='#{val}' -a #{app}`)
               end
             end
 

data/lib/neetob/cli/neeto_deploy/scheduled_exports.rb

@@ -12,7 +12,7 @@ module Neetob
         end
 
         def run
-          result = `neetodeploy addon scheduled_exports_enabled -a #{app}`
+          result = `bundle exec neetodeploy addon scheduled_exports_enabled -a #{app}`
           if Thread.current[:audit_mode]
             result
           else

data/lib/neetob/cli/neeto_deploy/unique_email_domains.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+require "open3"
+
+module Neetob
+  class CLI
+    module NeetoDeploy
+      class UniqueEmailDomains < CLI::Base
+        attr_accessor :app
+
+        def initialize(app)
+          super()
+          @app = app
+        end
+
+        def run
+          ui.info("Executing for app: #{app}")
+          query = get_query_for_app(app)
+
+          return ui.error("No query defined for app: #{app}") unless query
+
+          Open3.popen3("neetodeploy exec -a #{app}") do |stdin, stdout, stderr, wait_thr|
+            return handle_forbidden_error(stderr) if forbidden?(stderr)
+
+            send_command(stdin, "bundle exec rails console")
+            sleep(2)
+            return handle_forbidden_error(stderr) if forbidden?(stderr)
+
+            stdin.puts query
+            sleep(1)
+            stdin.puts "exit" if wait_thr.alive?
+            sleep(1)
+            stdin.puts "exit" if wait_thr.alive?
+            stdin.close
+
+            output = safely_read(stdout, "stdout")
+            errors = safely_read(stderr, "stderr")
+
+            if (exit_status = wait_thr.value.exitstatus) == 0
+              email_domains = extract_email_domains(output)
+              ui.success("Unique email domains for #{app}:")
+
+              if email_domains.empty?
+                ui.info("No email domains found")
+                ui.info("Debug: Raw output length: #{output.length}")
+                ui.info("Debug: Output preview: #{output[0..200]}...")
+              else
+
+                email_domains.each { |domain| puts domain }
+              end
+            else
+              ui.error("Command failed with exit status: #{exit_status}")
+              ui.error("Error output: #{errors}") unless errors.empty?
+            end
+
+            exit_status == 0
+          end
+        rescue Errno::EPIPE
+          handle_forbidden_error
+        rescue => e
+          ui.error("Exception: #{e.message}")
+          ui.error("Exception class: #{e.class}")
+          false
+        end
+
+        private
+
+          def forbidden?(stderr)
+            error_output = stderr.read_nonblock(1024) rescue ""
+            error_output.include?('{"error":"Forbidden"}')
+          end
+
+          def handle_forbidden_error(stderr = nil)
+            ui.error("Access denied: You don't have permission to access this app or your session is not authenticated")
+            ui.error("Please run `neetodeploy login` and ensure you have access to the app: #{app}")
+            false
+          end
+
+          def send_command(stdin, command)
+            stdin.puts command
+          end
+
+          def safely_read(io, label)
+            io.read
+          rescue => e
+            ui.error("Error reading #{label}: #{e.message}")
+            ""
+          end
+
+          def get_query_for_app(app_name)
+            six_months_ago = (Time.now.utc - 6 * 30 * 24 * 60 * 60).strftime("%Y-%m-%d %H:%M:%S")
+
+            {
+              "neeto-form-web-production" =>
+                "User.joins(:forms).where('forms.updated_at >= ?', '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-record-web-production" =>
+                "User.joins(:recordings).where('recordings.updated_at >= ?', '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-kb-web-production" =>
+                "User.joins(:articles).where.not(articles: { slug: ['welcome', 'getting-started', 'getting-help', 'feedback'] }).pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-code-web-production" =>
+                "User.joins(:projects).where('projects.updated_at >= ?', '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-playdash-web-production" =>
+                "Organization.joins(:users, projects: :runs).where('runs.updated_at >= ?', '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-desk-web-production" =>
+                "User.joins(:tickets).where.not(tickets: { number: [1,2,3,4,5] }).where('tickets.updated_at >= ?', '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-invoice-web-production" =>
+                "User.joins(:time_entries).where('time_entries.updated_at >= ?', '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-chat-web-production" =>
+                "User.joins(:conversations).where('conversations.updated_at >= ?', '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-quiz-web-production" =>
+                "User.joins(quizzes: :attempts).where('attempts.updated_at >= ?', '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-site-web-production" =>
+                "User.joins(sites: :pages).where('sites.updated_at >= :date OR pages.updated_at >= :date', date: '#{six_months_ago}').pluck(Arel.sql('DISTINCT SPLIT_PART(users.email, \\'@\\', 2)'))",
+
+              "neeto-cal-web-production" => <<~RUBY
+              result = ActiveRecord::Base.connection.execute("WITH active_users AS (
+                SELECT users.email AS email FROM users
+                WHERE (
+                  EXISTS (
+                    SELECT 1 FROM bookings_users
+                    JOIN bookings ON bookings.id = bookings_users.booking_id
+                    WHERE bookings.user_id = users.id AND bookings.updated_at >= '#{six_months_ago}'
+                  )
+                  OR EXISTS (
+                    SELECT 1 FROM meetings_users
+                    JOIN meetings ON meetings.id = meetings_users.meeting_id
+                    WHERE meetings_users.user_id = users.id AND meetings.updated_at >= '#{six_months_ago}'
+                  )
+                )
+              )
+              SELECT array_agg(DISTINCT SPLIT_PART(email, '@', 2)) AS unique_domains FROM active_users;");
+              unique_domains = result.first['unique_domains']
+              unique_domains = unique_domains[1...-1].split(',') if unique_domains.is_a?(String)
+              unique_domains
+            RUBY
+            }[app_name] || "User.pluck(:email).map { |e| e.split('@').last }.uniq"
+          end
+
+          def extract_email_domains(output)
+            domains = []
+
+            array_match = output.match(/=>\s*\n(\[.*?\])/m)
+            return [] unless array_match
+
+            array_content = array_match[1]
+
+            array_content.scan(/"([^"]+)"/).flatten.each do |domain|
+              domains << domain if domain.match?(/^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/)
+            end
+
+            domains.uniq.sort
+          end
+      end
+    end
+  end
+end

data/lib/neetob/cli/sre/base.rb

@@ -46,8 +46,6 @@ module Neetob
             "neeto-replay-web-staging",
             "neeto-site-web-production",
             "neeto-site-web-staging",
-            "neeto-testify-web-production",
-            "neeto-testify-web-staging",
             "neeto-tower-web-production",
             "neeto-tower-web-staging",
             "neeto-wireframe-web-production",
@@ -57,7 +55,9 @@ module Neetob
             "neeto-playdash-web-staging",
             "neeto-playdash-web-production",
             "neeto-engage-web-staging",
-            "neeto-engage-web-production"
+            "neeto-engage-web-production",
+            "neeto-pay-web-production",
+            "neeto-pay-web-staging"
           ]
         }
 
@@ -254,16 +254,6 @@ module Neetob
               app: "neeto-site-web-production"
             }
           },
-          "NeetoTestify": {
-            "staging": {
-              dns: "neetotestify.net",
-              app: "neeto-testify-web-staging"
-            },
-            "production": {
-              dns: "neetotestify.com",
-              app: "neeto-testify-web-production"
-            }
-          },
           "NeetoTower": {
             "staging": {
               dns: "neetotower.net",
@@ -303,6 +293,16 @@ module Neetob
               dns: "neetoplaydash.com",
               app: "neeto-playdash-web-production"
             }
+          },
+          "NeetoPay": {
+            "staging": {
+              dns: "neetopay.net",
+              app: "neeto-pay-web-staging"
+            },
+            "production": {
+              dns: "neetopay.com",
+              app: "neeto-pay-web-production"
+            }
           }
         }
 

data/lib/neetob/cli/sre/check_essential_env.rb

@@ -15,7 +15,11 @@ module Neetob
           "HONEYBADGER_JS_API_KEY",
           "NODE_MODULES_CACHE",
           "YARN_CACHE",
-          "YARN_PRODUCTION"
+          "YARN_PRODUCTION",
+          "AUTH_APP_URL",
+          "DEFAULT_FROM_EMAIL",
+          "ORGANIZATION_SYNCING",
+          "SPARKPOST_DOMAIN"
         ]
         REQUIRED_KEYS_HEROKU = [
           "HEROKU_APP_NAME"
@@ -58,7 +62,7 @@ module Neetob
           def check_envs_neetodeploy(app)
             # TODO: Optimize once github.com/bigbinary/neeto-deploy-web/issues/3745 is done
             begin
-              env_table = `neetodeploy env list -a #{app}`
+              env_table = `bundle exec neetodeploy env list -a #{app}`
               json_parse_result = JSON.parse(env_table) rescue nil
               if json_parse_result && json_parse_result["error"] == "Forbidden"
                 if Thread.current[:audit_mode]
@@ -73,6 +77,7 @@ module Neetob
                 match = line.match(/^\| (\w+) +\| (.+?) +\|$/)
                 envs[match[1]] = match[2] if match
               end
+              REQUIRED_KEYS.filter! { |key| key != "AUTH_APP_URL" } if app == "neeto-auth-web-production"
               required_keys = REQUIRED_KEYS + REQUIRED_KEYS_NEETODEPLOY
               compare_envs(required_keys, envs, app)
             rescue => exception

data/lib/neetob/cli/sre/checklist.rb

@@ -45,9 +45,9 @@ module Neetob
             ui.info `neetob heroku autoscaling_config -a #{app_name} | sed 's/^/  /'`
           else
             ui.info "NeetoDeploy autoscaling status"
-            ui.info `neetodeploy autoscaling_config list -a #{app_name} | sed 's/^/  /'`
+            ui.info `bundle exec neetodeploy autoscaling_config list -a #{app_name} | sed 's/^/  /'`
             ui.info "Scheduled exports status"
-            ui.info `neetodeploy addon scheduled_exports_enabled -a #{app_name} | sed 's/^/  /'`
+            ui.info `bundle exec neetodeploy addon scheduled_exports_enabled -a #{app_name} | sed 's/^/  /'`
           end
           ui.info "Validating essential envs"
           ui.info `neetob sre check_essential_env -a #{app_name} | sed 's/^/  /'`

data/lib/neetob/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Neetob
-  VERSION = "0.5.69"
+  VERSION = "0.5.77"
 end

data/neetob.gemspec

@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   # Must have deps
-  spec.add_dependency "thor", "~> 1.3.0" # for cli
+  spec.add_dependency "thor", "~> 1.5.0" # for cli
   spec.add_dependency "octokit", "~> 4.0" # for github client
   spec.add_dependency "terminal-table", "~> 3.0.2" # for building cli table
   spec.add_dependency "launchy", "~> 2.5.0" # for opening in browser

data/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "playwright-tests",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "audit:dependabot": "playwright test dependabot.ts",
+    "audit:honeybadger": "playwright test honeybadger.ts",
+    "audit:sparkpost": "playwright test sparkpost.ts"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "@playwright/test": "1.56.1",
+    "@types/node": "22.10.7"
+  },
+  "dependencies": {
+    "@bigbinary/neeto-cist": "1.0.17",
+    "@bigbinary/neeto-playwright-commons": "1.22.46",
+    "@bigbinary/neeto-playwright-reporter": "2.1.5",
+    "@faker-js/faker": "9.9.0",
+    "dayjs": "1.11.18",
+    "dotenv-expand": "^12.0.3",
+    "dotenv-webpack": "^8.1.1",
+    "lint-staged": "^16.2.6",
+    "puppeteer-extra-plugin-stealth": "2.11.2",
+    "ramda": "^0.32.0"
+  }
+}

data/playwright.config.ts

@@ -0,0 +1,39 @@
+import { defineConfig, devices } from "@playwright/test";
+import dotenv from "dotenv";
+import dotenvExpand from "dotenv-expand";
+
+const env = dotenv.config({
+  path: `scripts/config/.env.local`,
+});
+dotenvExpand.expand(env);
+
+const neetoPlaywrightReporterConfig = {
+  apiKey: process.env.PLAYDASH_API_KEY,
+  ciBuildId: new Date().toString(),
+  projectKey: "9gnVzoWsfAnbcsmZugMrVUMo",
+};
+
+export default defineConfig({
+  testDir: "scripts",
+  fullyParallel: true,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 2 : 0,
+  workers: process.env.CI ? 1 : undefined,
+  reporter: [
+    ["@bigbinary/neeto-playwright-reporter", neetoPlaywrightReporterConfig],
+    // ["line"],
+  ],
+  use: {
+    trace: "on",
+    video: "on",
+    screenshot: "on",
+  },
+  timeout: 7 * 60_000,
+  projects: [
+    {
+      name: "chromium",
+      use: { ...devices["Desktop Chrome"] },
+      testMatch: "**/workflows/**/*.ts",
+    },
+  ],
+});

data/scripts/config/.env.local

@@ -0,0 +1,17 @@
+# GitHub credentials for Dependabot audit
+GITHUB_USERNAME=github_username
+GITHUB_PASSWORD=github_password
+GITHUB_2FA_SECRET_KEY=2fa_secret_key
+
+# Honeybadger credentials
+HONEYBADGER_EMAIL=honeybadger@example.com
+HONEYBADGER_PASSWORD=honeybadger_password
+
+# Sparkpost credentials
+SPARKPOST_EMAIL=sparkpost@example.com
+SPARKPOST_PASSWORD=sparkpost_password
+NEETO_DEPLOY_EMAIL=neeto_deploy@example.com
+NEETO_AUTOMATION_FASTMAIL_API_KEY=neeto_deploy_fast_mail_api_key
+
+# Playwright reporter
+PLAYDASH_API_KEY=playdash_api_key