puppet-community-rangefinder-webhook 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +3 -0
- data/LICENSE +201 -0
- data/README.md +33 -0
- data/bin/rangefinder-webhook +116 -0
- data/lib/rangefinder/webhook.rb +167 -0
- data/lib/rangefinder/webhook/version.rb +5 -0
- data/public/install_app.png +0 -0
- data/public/select_repos.png +0 -0
- data/views/impact.erb +30 -0
- data/views/index.erb +79 -0
- metadata +113 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 4631ce560cf731fdbb3e6c842240e5a421640cd53b1559b603a03f54629cd7d1
|
4
|
+
data.tar.gz: ff76e5b43713f753efd50388ebeb4035ef133e9b9516dc36f72ef9da1d2db1cf
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: '0034868fbf65995ad3649d7dd8d5b28fbe739b282aadfa7c095925eaac7721a918e1b7133a2de8795efa4fa1b38891489f81ae73b86c4ce06f177e8665e8b894'
|
7
|
+
data.tar.gz: 87b437db1ad3c33a17cc09302c97119977d8b9663225c26dfc6591e87073d890ec13baf7e7b927f7d81dd309aed92df538d48886693593a05b1c8e863a7c5224
|
data/CHANGELOG.md
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,201 @@
|
|
1
|
+
Apache License
|
2
|
+
Version 2.0, January 2004
|
3
|
+
http://www.apache.org/licenses/
|
4
|
+
|
5
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
6
|
+
|
7
|
+
1. Definitions.
|
8
|
+
|
9
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
10
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
11
|
+
|
12
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
13
|
+
the copyright owner that is granting the License.
|
14
|
+
|
15
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
16
|
+
other entities that control, are controlled by, or are under common
|
17
|
+
control with that entity. For the purposes of this definition,
|
18
|
+
"control" means (i) the power, direct or indirect, to cause the
|
19
|
+
direction or management of such entity, whether by contract or
|
20
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
21
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
22
|
+
|
23
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
24
|
+
exercising permissions granted by this License.
|
25
|
+
|
26
|
+
"Source" form shall mean the preferred form for making modifications,
|
27
|
+
including but not limited to software source code, documentation
|
28
|
+
source, and configuration files.
|
29
|
+
|
30
|
+
"Object" form shall mean any form resulting from mechanical
|
31
|
+
transformation or translation of a Source form, including but
|
32
|
+
not limited to compiled object code, generated documentation,
|
33
|
+
and conversions to other media types.
|
34
|
+
|
35
|
+
"Work" shall mean the work of authorship, whether in Source or
|
36
|
+
Object form, made available under the License, as indicated by a
|
37
|
+
copyright notice that is included in or attached to the work
|
38
|
+
(an example is provided in the Appendix below).
|
39
|
+
|
40
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
41
|
+
form, that is based on (or derived from) the Work and for which the
|
42
|
+
editorial revisions, annotations, elaborations, or other modifications
|
43
|
+
represent, as a whole, an original work of authorship. For the purposes
|
44
|
+
of this License, Derivative Works shall not include works that remain
|
45
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
46
|
+
the Work and Derivative Works thereof.
|
47
|
+
|
48
|
+
"Contribution" shall mean any work of authorship, including
|
49
|
+
the original version of the Work and any modifications or additions
|
50
|
+
to that Work or Derivative Works thereof, that is intentionally
|
51
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
52
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
53
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
54
|
+
means any form of electronic, verbal, or written communication sent
|
55
|
+
to the Licensor or its representatives, including but not limited to
|
56
|
+
communication on electronic mailing lists, source code control systems,
|
57
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
58
|
+
Licensor for the purpose of discussing and improving the Work, but
|
59
|
+
excluding communication that is conspicuously marked or otherwise
|
60
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
61
|
+
|
62
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
63
|
+
on behalf of whom a Contribution has been received by Licensor and
|
64
|
+
subsequently incorporated within the Work.
|
65
|
+
|
66
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
67
|
+
this License, each Contributor hereby grants to You a perpetual,
|
68
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
69
|
+
copyright license to reproduce, prepare Derivative Works of,
|
70
|
+
publicly display, publicly perform, sublicense, and distribute the
|
71
|
+
Work and such Derivative Works in Source or Object form.
|
72
|
+
|
73
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
74
|
+
this License, each Contributor hereby grants to You a perpetual,
|
75
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
76
|
+
(except as stated in this section) patent license to make, have made,
|
77
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
78
|
+
where such license applies only to those patent claims licensable
|
79
|
+
by such Contributor that are necessarily infringed by their
|
80
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
81
|
+
with the Work to which such Contribution(s) was submitted. If You
|
82
|
+
institute patent litigation against any entity (including a
|
83
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
84
|
+
or a Contribution incorporated within the Work constitutes direct
|
85
|
+
or contributory patent infringement, then any patent licenses
|
86
|
+
granted to You under this License for that Work shall terminate
|
87
|
+
as of the date such litigation is filed.
|
88
|
+
|
89
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
90
|
+
Work or Derivative Works thereof in any medium, with or without
|
91
|
+
modifications, and in Source or Object form, provided that You
|
92
|
+
meet the following conditions:
|
93
|
+
|
94
|
+
(a) You must give any other recipients of the Work or
|
95
|
+
Derivative Works a copy of this License; and
|
96
|
+
|
97
|
+
(b) You must cause any modified files to carry prominent notices
|
98
|
+
stating that You changed the files; and
|
99
|
+
|
100
|
+
(c) You must retain, in the Source form of any Derivative Works
|
101
|
+
that You distribute, all copyright, patent, trademark, and
|
102
|
+
attribution notices from the Source form of the Work,
|
103
|
+
excluding those notices that do not pertain to any part of
|
104
|
+
the Derivative Works; and
|
105
|
+
|
106
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
107
|
+
distribution, then any Derivative Works that You distribute must
|
108
|
+
include a readable copy of the attribution notices contained
|
109
|
+
within such NOTICE file, excluding those notices that do not
|
110
|
+
pertain to any part of the Derivative Works, in at least one
|
111
|
+
of the following places: within a NOTICE text file distributed
|
112
|
+
as part of the Derivative Works; within the Source form or
|
113
|
+
documentation, if provided along with the Derivative Works; or,
|
114
|
+
within a display generated by the Derivative Works, if and
|
115
|
+
wherever such third-party notices normally appear. The contents
|
116
|
+
of the NOTICE file are for informational purposes only and
|
117
|
+
do not modify the License. You may add Your own attribution
|
118
|
+
notices within Derivative Works that You distribute, alongside
|
119
|
+
or as an addendum to the NOTICE text from the Work, provided
|
120
|
+
that such additional attribution notices cannot be construed
|
121
|
+
as modifying the License.
|
122
|
+
|
123
|
+
You may add Your own copyright statement to Your modifications and
|
124
|
+
may provide additional or different license terms and conditions
|
125
|
+
for use, reproduction, or distribution of Your modifications, or
|
126
|
+
for any such Derivative Works as a whole, provided Your use,
|
127
|
+
reproduction, and distribution of the Work otherwise complies with
|
128
|
+
the conditions stated in this License.
|
129
|
+
|
130
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
131
|
+
any Contribution intentionally submitted for inclusion in the Work
|
132
|
+
by You to the Licensor shall be under the terms and conditions of
|
133
|
+
this License, without any additional terms or conditions.
|
134
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
135
|
+
the terms of any separate license agreement you may have executed
|
136
|
+
with Licensor regarding such Contributions.
|
137
|
+
|
138
|
+
6. Trademarks. This License does not grant permission to use the trade
|
139
|
+
names, trademarks, service marks, or product names of the Licensor,
|
140
|
+
except as required for reasonable and customary use in describing the
|
141
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
142
|
+
|
143
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
144
|
+
agreed to in writing, Licensor provides the Work (and each
|
145
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
146
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
147
|
+
implied, including, without limitation, any warranties or conditions
|
148
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
149
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
150
|
+
appropriateness of using or redistributing the Work and assume any
|
151
|
+
risks associated with Your exercise of permissions under this License.
|
152
|
+
|
153
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
154
|
+
whether in tort (including negligence), contract, or otherwise,
|
155
|
+
unless required by applicable law (such as deliberate and grossly
|
156
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
157
|
+
liable to You for damages, including any direct, indirect, special,
|
158
|
+
incidental, or consequential damages of any character arising as a
|
159
|
+
result of this License or out of the use or inability to use the
|
160
|
+
Work (including but not limited to damages for loss of goodwill,
|
161
|
+
work stoppage, computer failure or malfunction, or any and all
|
162
|
+
other commercial damages or losses), even if such Contributor
|
163
|
+
has been advised of the possibility of such damages.
|
164
|
+
|
165
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
166
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
167
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
168
|
+
or other liability obligations and/or rights consistent with this
|
169
|
+
License. However, in accepting such obligations, You may act only
|
170
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
171
|
+
of any other Contributor, and only if You agree to indemnify,
|
172
|
+
defend, and hold each Contributor harmless for any liability
|
173
|
+
incurred by, or claims asserted against, such Contributor by reason
|
174
|
+
of your accepting any such warranty or additional liability.
|
175
|
+
|
176
|
+
END OF TERMS AND CONDITIONS
|
177
|
+
|
178
|
+
APPENDIX: How to apply the Apache License to your work.
|
179
|
+
|
180
|
+
To apply the Apache License to your work, attach the following
|
181
|
+
boilerplate notice, with the fields enclosed by brackets "{}"
|
182
|
+
replaced with your own identifying information. (Don't include
|
183
|
+
the brackets!) The text should be enclosed in the appropriate
|
184
|
+
comment syntax for the file format. We also recommend that a
|
185
|
+
file or class name and description of purpose be included on the
|
186
|
+
same "printed page" as the copyright notice for easier
|
187
|
+
identification within third-party archives.
|
188
|
+
|
189
|
+
Copyright {yyyy} {name of copyright owner}
|
190
|
+
|
191
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
192
|
+
you may not use this file except in compliance with the License.
|
193
|
+
You may obtain a copy of the License at
|
194
|
+
|
195
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
196
|
+
|
197
|
+
Unless required by applicable law or agreed to in writing, software
|
198
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
199
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
200
|
+
See the License for the specific language governing permissions and
|
201
|
+
limitations under the License.
|
data/README.md
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# Rangefinder GitHub integration
|
2
|
+
|
3
|
+
Rangefinder is a tool that helps predict the downstream impact of breaking
|
4
|
+
file changes. This GitHub integration allows us to tie it to pull requests
|
5
|
+
and provide impact prediction reports as comments when a PR is filed.
|
6
|
+
|
7
|
+
It's still fairly young in its development, so please don't hesitate to
|
8
|
+
file issues either here or on the
|
9
|
+
[Rangefinder tool](https://github.com/puppetlabs/puppet-community-rangefinder) itself.
|
10
|
+
|
11
|
+
## Installation
|
12
|
+
|
13
|
+
1. Visit its [GitHub app page](https://github.com/apps/puppet-community-rangefinder).
|
14
|
+
2. Click **Install App** in the sidebar.
|
15
|
+
3. Select your name or an organization you belong to.
|
16
|
+
4. Then select the repositories you'd like to enable the app on.
|
17
|
+
|
18
|
+
![install app](public/install_app.png)
|
19
|
+
![select repos](public/select_repos.png)
|
20
|
+
|
21
|
+
## Limitations
|
22
|
+
|
23
|
+
This is super early in development and has not yet been battle tested.
|
24
|
+
|
25
|
+
## Disclaimer
|
26
|
+
|
27
|
+
I take no liability for the use of this tool.
|
28
|
+
|
29
|
+
Contact
|
30
|
+
-------
|
31
|
+
|
32
|
+
binford2k@gmail.com
|
33
|
+
|
@@ -0,0 +1,116 @@
|
|
1
|
+
#! /usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'rubygems'
|
4
|
+
require 'optparse'
|
5
|
+
require 'yaml'
|
6
|
+
require 'logger'
|
7
|
+
require 'rangefinder/webhook'
|
8
|
+
|
9
|
+
defaults = {
|
10
|
+
:port => 9292,
|
11
|
+
:bind => '0.0.0.0',
|
12
|
+
:logfile => $stderr,
|
13
|
+
:app_identifier => nil,
|
14
|
+
:webhook_secret => nil,
|
15
|
+
:private_key_file => '',
|
16
|
+
}
|
17
|
+
loglevel = Logger::INFO
|
18
|
+
configfile = [ File.expand_path('~/.rangefinder.conf'), '/etc/rangefinder/config.yaml'].select { |file| File.exist? file }.first
|
19
|
+
options = {}
|
20
|
+
ssl_opts = {:verify_peer => false}
|
21
|
+
|
22
|
+
optparse = OptionParser.new { |opts|
|
23
|
+
opts.banner = "Usage : rangefinder [-c config] [-p <port>] [-l [logfile]] [-d]
|
24
|
+
-- Runs the Rangefinder impact analysis tool as a GitHub application.
|
25
|
+
|
26
|
+
"
|
27
|
+
|
28
|
+
opts.on("-c CONFIGFILE", "--config CONFIGFILE", "Load configuration from a file. (/etc/rangefinder/config.yaml)") do |arg|
|
29
|
+
configfile = arg
|
30
|
+
end
|
31
|
+
|
32
|
+
opts.on("-d", "--debug", "Display or log debugging messages") do
|
33
|
+
loglevel = Logger::DEBUG
|
34
|
+
end
|
35
|
+
|
36
|
+
opts.on("-l [LOGFILE]", "--logfile [LOGFILE]", "Path to logfile. Defaults to no logging, or /var/log/rangefinder if no filename is passed.") do |arg|
|
37
|
+
options[:logfile] = arg || '/var/log/rangefinder'
|
38
|
+
end
|
39
|
+
|
40
|
+
opts.on("-p PORT", "--port PORT", "Port for the server to listen on. Defaults to 9292.") do |arg|
|
41
|
+
options[:port] = arg
|
42
|
+
end
|
43
|
+
|
44
|
+
opts.separator('')
|
45
|
+
|
46
|
+
opts.on("--ssl", "Run with SSL support. Autogenerates a self-signed certificates by default.") do
|
47
|
+
options[:ssl] = true
|
48
|
+
end
|
49
|
+
|
50
|
+
opts.on("--ssl-cert FILE", "Specify the SSL certificate you'd like use use. Pair with --ssl-key.") do |arg|
|
51
|
+
ssl_opts[:cert_chain_file] = arg
|
52
|
+
end
|
53
|
+
|
54
|
+
opts.on("--ssl-key FILE", "Specify the SSL key file you'd like use use. Pair with --ssl-cert.") do |arg|
|
55
|
+
ssl_opts[:private_key_file] = arg
|
56
|
+
end
|
57
|
+
|
58
|
+
opts.separator('')
|
59
|
+
|
60
|
+
opts.on("-h", "--help", "Displays this help") do
|
61
|
+
puts
|
62
|
+
puts opts
|
63
|
+
puts
|
64
|
+
exit
|
65
|
+
end
|
66
|
+
|
67
|
+
# Another typical switch to print the version.
|
68
|
+
opts.on_tail("--version", "Show version") do
|
69
|
+
require 'rangefinder/webhook/version'
|
70
|
+
|
71
|
+
puts "Rangefinder: #{Rangefinder::VERSION}"
|
72
|
+
puts "Webhook Server: #{Rangefinder::Webhook::VERSION}"
|
73
|
+
exit
|
74
|
+
end
|
75
|
+
}
|
76
|
+
optparse.parse!
|
77
|
+
|
78
|
+
config = YAML.load_file(configfile) rescue {}
|
79
|
+
options = defaults.merge(config.merge(options))
|
80
|
+
$logger = Logger.new(options[:logfile])
|
81
|
+
$logger.level = loglevel
|
82
|
+
|
83
|
+
options[:github][:private_key_file] = File.expand_path(options[:github][:private_key_file])
|
84
|
+
|
85
|
+
if ssl_opts[:cert_chain_file] and ssl_opts[:private_key_file]
|
86
|
+
options[:ssl] = true
|
87
|
+
end
|
88
|
+
|
89
|
+
# These options should either both be nil or both be Strings
|
90
|
+
unless ssl_opts[:cert_chain_file].class == ssl_opts[:private_key_file].class
|
91
|
+
raise 'You must specify both the certificate and key file!'
|
92
|
+
end
|
93
|
+
|
94
|
+
if ARGV.first == 'shell'
|
95
|
+
require 'pry'
|
96
|
+
binding.pry
|
97
|
+
exit 0
|
98
|
+
end
|
99
|
+
|
100
|
+
puts
|
101
|
+
puts
|
102
|
+
puts "Starting Rangefinder GitHub application webhook..."
|
103
|
+
puts
|
104
|
+
puts
|
105
|
+
|
106
|
+
Rangefinder::Webhook.run!(options) do |server|
|
107
|
+
if options[:ssl]
|
108
|
+
if server.respond_to? 'ssl='
|
109
|
+
$logger.info 'Enabling SSL support.'
|
110
|
+
server.ssl = true
|
111
|
+
server.ssl_options = ssl_opts
|
112
|
+
else
|
113
|
+
$logger.warn "Please 'gem install thin' or run via an app server for SSL support."
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
@@ -0,0 +1,167 @@
|
|
1
|
+
require 'json'
|
2
|
+
require 'logger'
|
3
|
+
require 'tmpdir'
|
4
|
+
require 'sinatra/base'
|
5
|
+
require 'rangefinder'
|
6
|
+
require 'open-uri'
|
7
|
+
|
8
|
+
require 'octokit'
|
9
|
+
require 'openssl' # Verifies the webhook signature
|
10
|
+
require 'jwt' # Authenticates a GitHub App
|
11
|
+
require 'time' # Gets ISO 8601 representation of a Time object
|
12
|
+
|
13
|
+
class Rangefinder::Webhook < Sinatra::Base
|
14
|
+
require 'rangefinder/webhook/version'
|
15
|
+
|
16
|
+
set :logging, true
|
17
|
+
set :strict, true
|
18
|
+
set :views, File.dirname(__FILE__) + '/../../views'
|
19
|
+
set :public_folder, File.dirname(__FILE__) + '/../../public'
|
20
|
+
|
21
|
+
def initialize(app=nil)
|
22
|
+
super(app)
|
23
|
+
$logger.info "Starting Rangefinder Webhook Service v#{Rangefinder::Webhook::VERSION}"
|
24
|
+
$logger.info "Running Rangefinder v#{Rangefinder::VERSION}"
|
25
|
+
|
26
|
+
begin
|
27
|
+
@rangefinder = Rangefinder.new(:gcloud => settings.gcloud)
|
28
|
+
@app_identifier = settings.github[:app_identifier]
|
29
|
+
@webhook_secret = settings.github[:webhook_secret]
|
30
|
+
@private_key = OpenSSL::PKey::RSA.new(File.read(settings.github[:private_key_file]))
|
31
|
+
rescue => e
|
32
|
+
$logger.error "There's a problem with your configuration file!"
|
33
|
+
$logger.error e.message
|
34
|
+
exit 1
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
# Before each request to the `/event_handler` route
|
39
|
+
before '/event_handler' do
|
40
|
+
get_payload_request(request)
|
41
|
+
verify_webhook_signature
|
42
|
+
authenticate_app
|
43
|
+
# Authenticate the app installation in order to run API operations
|
44
|
+
authenticate_installation(@payload)
|
45
|
+
end
|
46
|
+
|
47
|
+
|
48
|
+
post '/event_handler' do
|
49
|
+
$logger.debug @payload
|
50
|
+
|
51
|
+
case request.env['HTTP_X_GITHUB_EVENT']
|
52
|
+
when 'pull_request'
|
53
|
+
case @payload['action']
|
54
|
+
when 'opened', 'reopened'
|
55
|
+
scan_for_impact(@payload)
|
56
|
+
else
|
57
|
+
$logger.info "Unhandled PR action: #{@payload['action']}"
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
200 # success status
|
62
|
+
end
|
63
|
+
|
64
|
+
get '/' do
|
65
|
+
erb :index
|
66
|
+
end
|
67
|
+
|
68
|
+
not_found do
|
69
|
+
halt 404, "You shall not pass! (page not found)\n"
|
70
|
+
end
|
71
|
+
|
72
|
+
helpers do
|
73
|
+
def scan_for_impact(payload)
|
74
|
+
repo = payload.dig('pull_request', 'head', 'repo', 'full_name')
|
75
|
+
idx = payload.dig('pull_request', 'number')
|
76
|
+
files = @installation_client.pull_request_files(repo, idx)
|
77
|
+
paths = files.map {|file| file[:filename] }
|
78
|
+
|
79
|
+
Dir.mktmpdir do |dir|
|
80
|
+
Dir.chdir(dir) do
|
81
|
+
File.write('module.tar.gz', open("https://api.github.com/repos/#{repo}/tarball/pull/#{idx}/head").read)
|
82
|
+
system("tar -xzf module.tar.gz --strip-components=1")
|
83
|
+
@impact = @rangefinder.analyze(paths)
|
84
|
+
|
85
|
+
# don't comment if we don't know anything about any of the changed files
|
86
|
+
return if @impact.compact.empty?
|
87
|
+
|
88
|
+
# Add the file url to each entry
|
89
|
+
@impact.each do |item|
|
90
|
+
uri = files.shift[:blob_url] # this order is intentional, it keeps the two lists in sync
|
91
|
+
next if item.nil?
|
92
|
+
item[:fileuri] = uri
|
93
|
+
end
|
94
|
+
@impact.compact!
|
95
|
+
|
96
|
+
@installation_client.add_comment(repo, idx, erb(:impact))
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
# Saves the raw payload and converts the payload to JSON format
|
102
|
+
def get_payload_request(request)
|
103
|
+
# request.body is an IO or StringIO object
|
104
|
+
# Rewind in case someone already read it
|
105
|
+
request.body.rewind
|
106
|
+
# The raw text of the body is required for webhook signature verification
|
107
|
+
@payload_raw = request.body.read
|
108
|
+
begin
|
109
|
+
@payload = JSON.parse @payload_raw
|
110
|
+
rescue => e
|
111
|
+
fail "Invalid JSON (#{e}): #{@payload_raw}"
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
# Instantiate an Octokit client authenticated as a GitHub App.
|
116
|
+
# GitHub App authentication requires that you construct a
|
117
|
+
# JWT (https://jwt.io/introduction/) signed with the app's private key,
|
118
|
+
# so GitHub can be sure that it came from the app an not altererd by
|
119
|
+
# a malicious third party.
|
120
|
+
def authenticate_app
|
121
|
+
payload = {
|
122
|
+
iat: Time.now.to_i, # The time that this JWT was issued
|
123
|
+
exp: Time.now.to_i + (10 * 60), # JWT expiration time (10 minute max)
|
124
|
+
iss: @app_identifier, # Your GitHub App's identifier number
|
125
|
+
}
|
126
|
+
|
127
|
+
# Cryptographically sign the JWT.
|
128
|
+
jwt = JWT.encode(payload, @private_key, 'RS256')
|
129
|
+
|
130
|
+
# Create the Octokit client, using the JWT as the auth token.
|
131
|
+
@app_client ||= Octokit::Client.new(bearer_token: jwt)
|
132
|
+
end
|
133
|
+
|
134
|
+
# Instantiate an Octokit client, authenticated as an installation of a
|
135
|
+
# GitHub App, to run API operations.
|
136
|
+
def authenticate_installation(payload)
|
137
|
+
@installation_id = payload['installation']['id']
|
138
|
+
@installation_token = @app_client.create_app_installation_access_token(@installation_id)[:token]
|
139
|
+
@installation_client = Octokit::Client.new(bearer_token: @installation_token)
|
140
|
+
end
|
141
|
+
|
142
|
+
# Check X-Hub-Signature to confirm that this webhook was generated by
|
143
|
+
# GitHub, and not a malicious third party.
|
144
|
+
#
|
145
|
+
# GitHub uses the WEBHOOK_SECRET, registered to the GitHub App, to
|
146
|
+
# create the hash signature sent in the `X-HUB-Signature` header of each
|
147
|
+
# webhook. This code computes the expected hash signature and compares it to
|
148
|
+
# the signature sent in the `X-HUB-Signature` header. If they don't match,
|
149
|
+
# this request is an attack, and you should reject it. GitHub uses the HMAC
|
150
|
+
# hexdigest to compute the signature. The `X-HUB-Signature` looks something
|
151
|
+
# like this: "sha1=123456".
|
152
|
+
# See https://developer.github.com/webhooks/securing/ for details.
|
153
|
+
def verify_webhook_signature
|
154
|
+
their_signature_header = request.env['HTTP_X_HUB_SIGNATURE'] || 'sha1='
|
155
|
+
method, their_digest = their_signature_header.split('=')
|
156
|
+
our_digest = OpenSSL::HMAC.hexdigest(method, @webhook_secret, @payload_raw)
|
157
|
+
halt 401 unless their_digest == our_digest
|
158
|
+
|
159
|
+
# The X-GITHUB-EVENT header provides the name of the event.
|
160
|
+
# The action value indicates the which action triggered the event.
|
161
|
+
$logger.debug "---- received event #{request.env['HTTP_X_GITHUB_EVENT']}"
|
162
|
+
$logger.debug "---- action #{@payload['action']}" unless @payload['action'].nil?
|
163
|
+
end
|
164
|
+
|
165
|
+
end
|
166
|
+
|
167
|
+
end
|
Binary file
|
Binary file
|
data/views/impact.erb
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
<% @impact.each do |result| %>
|
2
|
+
[<%= result[:name] %>](<%= result[:fileuri] %>) is a _<%= result[:kind] %>_
|
3
|
+
----------------------------------
|
4
|
+
|
5
|
+
<% if result[:exact].empty? and result[:near].empty? %>
|
6
|
+
that may have no external impact to Forge modules.
|
7
|
+
<% end %>
|
8
|
+
|
9
|
+
<% unless result[:exact].empty? %>
|
10
|
+
Breaking changes to this file WILL impact these modules (exact match):
|
11
|
+
|
12
|
+
<% result[:exact].each do |row| %>
|
13
|
+
* [<%= row[:module] %>](<%= row[:repo] %>)
|
14
|
+
<% end %>
|
15
|
+
<% end %>
|
16
|
+
|
17
|
+
<% unless result[:near].empty? %>
|
18
|
+
Breaking changes to this file MAY impact these modules (near match):
|
19
|
+
|
20
|
+
<% result[:near].each do |row| %>
|
21
|
+
* [<%= row[:module] %>](<%= row[:repo] %>)
|
22
|
+
<% end %>
|
23
|
+
<% end %>
|
24
|
+
<% end %>
|
25
|
+
|
26
|
+
---------------------------------
|
27
|
+
|
28
|
+
These results were generated with [Rangefinder](https://github.com/puppetlabs/puppet-community-rangefinder), a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.
|
29
|
+
|
30
|
+
Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.
|
data/views/index.erb
ADDED
@@ -0,0 +1,79 @@
|
|
1
|
+
<html
|
2
|
+
<head>
|
3
|
+
<title>Rangefinder Webhook</title>
|
4
|
+
<style>
|
5
|
+
body {
|
6
|
+
background-color: #f7fafd;
|
7
|
+
}
|
8
|
+
div.content {
|
9
|
+
width: 80%;
|
10
|
+
min-width: 850px;
|
11
|
+
padding: 2em;
|
12
|
+
margin: 2em auto;
|
13
|
+
border: 2px ridge #a29999;
|
14
|
+
border-radius: 1em;
|
15
|
+
box-shadow: 5px 10px 8px #888888;
|
16
|
+
background-color: #efefef;
|
17
|
+
}
|
18
|
+
div.fullwidth {
|
19
|
+
min-width: 850px;
|
20
|
+
min-height: 550px;
|
21
|
+
position: relative;
|
22
|
+
}
|
23
|
+
div.fullwidth img {
|
24
|
+
position: absolute;
|
25
|
+
top: 0;
|
26
|
+
right: 0;
|
27
|
+
}
|
28
|
+
div.fullwidth img:first-child {
|
29
|
+
left: 0;
|
30
|
+
}
|
31
|
+
|
32
|
+
|
33
|
+
h1, h2 {
|
34
|
+
text-align: center;
|
35
|
+
text-shadow: #8b8b8b 1px 0 10px;
|
36
|
+
}
|
37
|
+
p, ul {
|
38
|
+
width: 80%;
|
39
|
+
margin: 1em auto;
|
40
|
+
text-shadow: #7f7d7e 1px 0 5;
|
41
|
+
}
|
42
|
+
|
43
|
+
</style>
|
44
|
+
</head>
|
45
|
+
<body>
|
46
|
+
<div class="content">
|
47
|
+
<h1>Rangefinder Webhook</h1>
|
48
|
+
<p>
|
49
|
+
Rangefinder is a tool that helps predict the downstream impact of breaking
|
50
|
+
file changes. This GitHub integration allows us to tie it to pull requests
|
51
|
+
and provide impact prediction reports as comments when a PR is filed.
|
52
|
+
</p>
|
53
|
+
<p>
|
54
|
+
It's still fairly young in its development, so please don't hesitate to
|
55
|
+
file issues on either of:
|
56
|
+
<ul>
|
57
|
+
<li>the <a href="https://github.com/puppetlabs/puppet-community-rangefinder-webhook">GitHub integration</a></li>
|
58
|
+
<li>or the <a href="https://github.com/puppetlabs/puppet-community-rangefinder">Rangefinder tool</a> itself</li>
|
59
|
+
</ul>
|
60
|
+
</p>
|
61
|
+
<h2>Install the integration</h2>
|
62
|
+
<ol>
|
63
|
+
<li>Visit its <a href="https://github.com/apps/puppet-community-rangefinder">GitHub app page</a>.</li>
|
64
|
+
<li>Click <strong>Install App</strong> in the sidebar.</li>
|
65
|
+
<li>Select your name or an organization you belong to.</li>
|
66
|
+
<li>Then select the repositories you'd like to enable the app on.</li>
|
67
|
+
</ol>
|
68
|
+
<div class="fullwidth">
|
69
|
+
<img src="install_app.png" />
|
70
|
+
<img src="select_repos.png" />
|
71
|
+
</div>
|
72
|
+
<hr />
|
73
|
+
<ul>
|
74
|
+
<li><em>Webhook Server: v<%= Rangefinder::Webhook::VERSION %></em></li>
|
75
|
+
<li><em>Rangefinder: v<%= Rangefinder::VERSION %></em></li>
|
76
|
+
</ul>
|
77
|
+
</div>
|
78
|
+
</body>
|
79
|
+
</html>
|
metadata
ADDED
@@ -0,0 +1,113 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: puppet-community-rangefinder-webhook
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Ben Ford
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2018-12-19 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: sinatra
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '2.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: octokit
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '4.0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '4.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: jwt
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '2.1'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '2.1'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: puppet-community-rangefinder
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
description: |2
|
70
|
+
Rangefinder is a tool that helps predict the downstream impact of breaking
|
71
|
+
file changes. This GitHub integration allows us to tie it to pull requests
|
72
|
+
and provide impact prediction reports as comments when a PR is filed.
|
73
|
+
email: ben.ford@puppet.com
|
74
|
+
executables:
|
75
|
+
- rangefinder-webhook
|
76
|
+
extensions: []
|
77
|
+
extra_rdoc_files: []
|
78
|
+
files:
|
79
|
+
- CHANGELOG.md
|
80
|
+
- LICENSE
|
81
|
+
- README.md
|
82
|
+
- bin/rangefinder-webhook
|
83
|
+
- lib/rangefinder/webhook.rb
|
84
|
+
- lib/rangefinder/webhook/version.rb
|
85
|
+
- public/install_app.png
|
86
|
+
- public/select_repos.png
|
87
|
+
- views/impact.erb
|
88
|
+
- views/index.erb
|
89
|
+
homepage: https://github.com/puppetlabs/puppet-community-rangefinder-webhook
|
90
|
+
licenses:
|
91
|
+
- Apache-2.0
|
92
|
+
metadata: {}
|
93
|
+
post_install_message:
|
94
|
+
rdoc_options: []
|
95
|
+
require_paths:
|
96
|
+
- lib
|
97
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
98
|
+
requirements:
|
99
|
+
- - ">="
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
103
|
+
requirements:
|
104
|
+
- - ">="
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
version: '0'
|
107
|
+
requirements: []
|
108
|
+
rubyforge_project:
|
109
|
+
rubygems_version: 2.7.7
|
110
|
+
signing_key:
|
111
|
+
specification_version: 4
|
112
|
+
summary: Provides impact analysis for Puppet modules PRs on GitHub.
|
113
|
+
test_files: []
|