neetob 0.3.2 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 33a5009ec9b17cb67db7709598632c5001f487460c4a393ff4415c657f8f2a26
-  data.tar.gz: 7ef5bae6ffe881a4b3507865b35c56a68beb35cc0af5114cd348c163678fcc1d
+  metadata.gz: dfc6be750f749257d3d3f6a10f00a348dc746c34d69bdb1c9ccb76d44c9d260a
+  data.tar.gz: f217db9a99316cec947b70fd74f27b0f5c6285fe127b94fbf627bd6c559b399d
 SHA512:
-  metadata.gz: 89aec8ad58378aef387e4bf6a2ac5b8bbc40cb15432a4c884b1ba05e752f660c0a8785b3021bdc98e85c193bfa8b505f36b5ba68ae428af08a36a2634e2112fb
-  data.tar.gz: e4831981bfc7e6136489583f91f592aa2ff1931b9d248cfd3d2683a3128931fe9b1e5b58a6f94906d3d2a7c6e60923f125534b89cf0f17b00ceb3dd6e3a54e10
+  metadata.gz: 1edde424e4ff572f7f56ab45580c92bb5f574c411272f89e35f884e41d6aabdd8fa92d029783d8f7bb63551e29897020e58bef6bb1b427ae030d8f0782daf31c
+  data.tar.gz: 6aa6507b68340737f27a8f12910d12d5be7cf60de84796d169afd229fc712623440a0e9828bf42b45df9df8855ef0235062b050862f4050077b213a86c7d3c39

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 ## [Unreleased]
 
+## [0.4.0](https://www.github.com/bigbinary/neetob/compare/v0.3.2...v0.4.0) (2023-04-05)
+
+
+### Features
+
+* Added command to run brakeman on all neeto-repos ([#234](https://www.github.com/bigbinary/neetob/issues/234)) ([12123b4](https://www.github.com/bigbinary/neetob/commit/12123b48cc0d63ca0dd8a9e894a86a3a44a72d9e))
+
+
+### Bug Fixes
+
+* Fixes protect-branch command to ignore semaphore checks for repos that doesn't have it. ([#231](https://www.github.com/bigbinary/neetob/issues/231)) ([5da7e34](https://www.github.com/bigbinary/neetob/commit/5da7e34365f0f2460e88f35ced241c91200400dc))
+* Updated the neetob.gemspec file to include the chronic gem dependancy ([#242](https://www.github.com/bigbinary/neetob/issues/242)) ([4f375ff](https://www.github.com/bigbinary/neetob/commit/4f375ff3cd6bb2b14c2d046d6c07420adadcf4ff))
+
 ### [0.3.2](https://www.github.com/bigbinary/neetob/compare/v0.3.1...v0.3.2) (2023-03-29)
 
 

data/Gemfile.lock

@@ -1,7 +1,9 @@
 PATH
   remote: .
   specs:
-    neetob (0.3.2)
+    neetob (0.4.0)
+      brakeman (~> 5.0)
+      chronic
       dotenv (~> 2.8.1)
       launchy (~> 2.5.0)
       octokit (~> 4.0)
@@ -88,6 +90,7 @@ GEM
       public_suffix (>= 2.0.2, < 6.0)
     ansi (1.5.0)
     ast (2.4.2)
+    brakeman (5.4.1)
     builder (3.2.4)
     byebug (11.1.3)
     childprocess (4.1.0)

data/data/github-labels.json

@@ -238,5 +238,15 @@
     "name": "manual-qa-completed",
     "description": "Manual QA team has finished verifying the changes.",
     "color": "CCDDCD"
-  }
+  },
+  {
+    "name": "description-needed",
+    "description": "More description is needed for this issue either to work on it or to test the fix.",
+    "color": "E54D50"
+  },
+  {
+    "name": "discussion",
+    "description": "Further discussion is required to work on this issue. Better we should move it to neetoPlanner's roadmap.",
+    "color": "A62F71"
+  },
 ]

data/lib/neetob/cli/github/brakeman.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require_relative "./make_pr/base"
+
+module Neetob
+  class CLI
+    module Github
+      class Brakeman < MakePr::Base
+        DESCRIPTION = "Fix security vulnerabilities reported by brakeman"
+        attr_accessor :repos, :sandbox
+
+        def initialize(repos, sandbox = false)
+          super()
+          @repos = repos
+          @sandbox = sandbox
+        end
+
+        def run
+          matching_repos = find_all_matching_apps_or_repos(repos, :github, sandbox)
+          matching_repos.each do |repo|
+            begin
+              ui.info("\nWorking on repo #{repo}")
+              clone_repo_in_tmp_dir(repo)
+              bundle_install(repo)
+              report = run_brakeman(repo)
+              ui.success("Successfully executed brakeman for #{repo}")
+              warnings = report.split("\n\n== Warnings ==\n\n").last&.split("\n\n")
+              if !report.include?("No warnings found")
+                issue = client.create_issue(repo, DESCRIPTION, parse_description(warnings))
+                ui.success("Issue created at #{issue.html_url}")
+              end
+            rescue StandardError => e
+              ExceptionHandler.new(e).process
+            end
+          end
+          `rm -rf /tmp/neetob`
+        end
+
+        private
+
+          def run_brakeman(repo)
+            `#{cd_to_repo_in_tmp_dir(repo)} && brakeman`
+          end
+
+          def parse_description(warnings)
+            warning_descriptions = warnings.map do |warning|
+              code_line = warning.scan(/Code: (.*)\n/).flatten.first
+              warning.gsub!(code_line, "`#{code_line}`") if !code_line.nil?
+              "```bash #{warning} \n```"
+            end
+            warning_descriptions.join("\n")
+          end
+      end
+    end
+  end
+end

data/lib/neetob/cli/github/commands.rb

@@ -8,6 +8,7 @@ require_relative "protect_branch"
 require_relative "login"
 require_relative "make_pr/commands"
 require_relative "gems/commands"
+require_relative "brakeman"
 
 module Neetob
   class CLI
@@ -52,6 +53,15 @@ module Neetob
           ProtectBranch.new(
             options[:branch], options[:repos], options[:path], options[:sandbox]).run
         end
+
+        desc "brakeman", "Run brakeman on neeto repos & create issues in repos where needed"
+        option :repos, type: :array, aliases: "-r",
+          desc:
+            "Github repo names. Can be matched using the '*' wildcard. Example: \"neeto*\" \"neeto-cal-web\", also providing \"all\" as value matches all neeto repos.",
+          required: true
+        def brakeman
+          Brakeman.new(options[:repos], options[:sandbox]).run
+        end
       end
     end
   end

data/lib/neetob/cli/github/make_pr/base.rb

@@ -19,6 +19,10 @@ module Neetob
 
           private
 
+            def bundle_install(repo)
+              `#{cd_to_repo_in_tmp_dir(repo)} && bundle install`
+            end
+
             def delete_and_create_temp_neetob_dir
               `rm -rf /tmp/neetob`
               `mkdir /tmp/neetob`

data/lib/neetob/cli/github/make_pr/compliance_fix.rb

@@ -47,10 +47,6 @@ module Neetob
 
           private
 
-            def bundle_install(repo)
-              `#{cd_to_repo_in_tmp_dir(repo)} && bundle install`
-            end
-
             def fix_neeto_audit(repo)
               `#{cd_to_repo_in_tmp_dir(repo)} && bundle exec neeto-audit -a`
             end

data/lib/neetob/cli/github/protect_branch.rb

@@ -6,7 +6,7 @@ module Neetob
   class CLI
     module Github
       class ProtectBranch < Base
-        attr_accessor :branch_name, :required_rules_json_file_path, :repos, :sandbox
+        attr_accessor :branch_name, :required_rules_json_file_path, :repos, :repos_integrated_with_semaphore, :sandbox
 
         def initialize(branch_name, repos, required_rules_json_file_path = "", sandbox = false)
           super()
@@ -14,6 +14,7 @@ module Neetob
           @required_rules_json_file_path = required_rules_json_file_path
           @repos = repos
           @sandbox = sandbox
+          @repos_integrated_with_semaphore = build_repos_integrated_with_semaphore_list.compact
         end
 
         def run
@@ -22,7 +23,9 @@ module Neetob
           matching_repos.each do |repo|
             ui.info("\n Working on \"#{repo}\" repo")
             ui.info(" Updating \"#{branch_name}\" branch protection rules")
+            has_semaphore_integrated = repos_integrated_with_semaphore.include?(repo)
             rules = read_json_file(required_rules_json_file_path || default_rules_file_path)
+            rules.dig("required_status_checks", "contexts")&.clear if !has_semaphore_integrated
             rules_with_symbol_keys = rules.transform_keys(&:to_sym)
             client.protect_branch(repo, branch_name, rules_with_symbol_keys)
             ui.success("Branch protection rules updated successfully")
@@ -40,6 +43,14 @@ module Neetob
               ui.info("Updating protection rules from the \"neetob/data/branch-protection-rules.json\" file")
             end
           end
+
+          def build_repos_integrated_with_semaphore_list
+            all_repos = NeetoCompliance::NeetoRepos.repos.values.flatten
+            all_repos.map! do |repo_config|
+              repo_config.is_a?(Hash) ? repo_config.to_a.map { |values| { values[0] => values[1] } } : repo_config
+            end
+            all_repos.flatten.map { |repo| (repo.is_a?(Hash) && repo.values[0].dig("semaphore")) ? "bigbinary/#{repo.keys[0]}" : nil }
+          end
       end
     end
   end

data/lib/neetob/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Neetob
-  VERSION = "0.3.2"
+  VERSION = "0.4.0"
 end

data/neetob.gemspec

@@ -35,6 +35,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency "terminal-table", "~> 3.0.2" # for building cli table
   spec.add_dependency "launchy", "~> 2.5.0" # for opening in browser
   spec.add_dependency "dotenv", "~> 2.8.1" # for loading env variables
+  spec.add_dependency "chronic" # for natural language date and time parsing
+  spec.add_dependency "brakeman", "~> 5.0" # for running brakeman commands
 
   # To add the files from submodules
   `git submodule --quiet foreach pwd`.split($\).each do |submodule_path|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: neetob
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.4.0
 platform: ruby
 authors:
 - Udai Gupta
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-03-29 00:00:00.000000000 Z
+date: 2023-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -80,6 +80,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.8.1
+- !ruby/object:Gem::Dependency
+  name: chronic
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: brakeman
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
 description: This gem gives different commands for interacting with Github and Heroku
   instances of existing neeto repos.
 email:
@@ -119,6 +147,7 @@ files:
 - lib/neetob/cli/fetchorupdate_repos/execute.rb
 - lib/neetob/cli/github/auth.rb
 - lib/neetob/cli/github/base.rb
+- lib/neetob/cli/github/brakeman.rb
 - lib/neetob/cli/github/commands.rb
 - lib/neetob/cli/github/gems/commands.rb
 - lib/neetob/cli/github/gems/release.rb