way_of_working-audit-github 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 88c26bf5fa25e6781969f4b99218e1f2d4935b114b2b054729b5a16de68063e9
+  data.tar.gz: d7383261a3b640c720f950a2493836a91ba05478206db6c85fc07960a0d41800
+SHA512:
+  metadata.gz: 7bc8e9a733c7a5814bbb9aeded92150e2cb613128d97a27c93de5a9f53a6501d723b3a5528268b5f681e92654abf7c3b3576a7b75c154b2fcde7fa1996b2fdde
+  data.tar.gz: ae783fae452ac723536c0a418a9c55bd1d894d166ec0680a3b7e242313ee52a0d85cc8ed8e6192321b67b7ef04640faad795129efbeb73afe45c30b385d22d8d

data/.alexrc

@@ -0,0 +1,3 @@
+{
+  "profanitySureness": 1
+}

data/.mega-linter.yml

@@ -0,0 +1,145 @@
+---
+# Configuration file for MegaLinter
+# See all available variables at https://megalinter.io/configuration/
+# and in linters documentation
+
+APPLY_FIXES: none  # all, none, or list of linter keys
+ENABLE_LINTERS:  # All other linters will be disabled by default
+  ### Languages
+  - BASH_EXEC  # in Super-Linter
+  - BASH_SHELLCHECK  # in Super-Linter
+  - BASH_SHFMT  # in Super-Linter
+  - C_CLANG_FORMAT
+  - C_CPPLINT
+  # - CLOJURE_CLJ_KONDO  # in Super-Linter
+  # - CLOJURE_CLJSTYLE
+  - COFFEE_COFFEELINT  # in Super-Linter
+  - CPP_CLANG_FORMAT
+  - CPP_CPPLINT  # in Super-Linter
+  - CSHARP_CSHARPIER
+  - CSHARP_DOTNET_FORMAT  # in Super-Linter
+  - CSHARP_ROSLYNATOR
+  - DART_DARTANALYZER  # in Super-Linter
+  - GO_GOLANGCI_LINT  # in Super-Linter
+  - GO_REVIVE
+  # - GROOVY_NPM_GROOVY_LINT  # in Super-Linter
+  - JAVA_CHECKSTYLE  # in Super-Linter
+  - JAVA_PMD
+  - JAVASCRIPT_ES  # in Super-Linter
+  # - JAVASCRIPT_PRETTIER
+  - JAVASCRIPT_STANDARD  # in Super-Linter
+  - JSX_ESLINT
+  - KOTLIN_DETEKT
+  - KOTLIN_KTLINT  # in Super-Linter
+  # - LUA_LUACHECK  # in Super-Linter
+  # - LUA_SELENE
+  # - LUA_STYLUA
+  - MAKEFILE_CHECKMAKE
+  # - PERL_PERLCRITIC  # in Super-Linter
+  # - PHP_BUILTIN
+  # - PHP_PHPCS  # in Super-Linter
+  # - PHP_PHPCSFIXER
+  # - PHP_PHPLINT  # in Super-Linter
+  # - PHP_PHPSTAN  # in Super-Linter
+  # - PHP_PSALM  # in Super-Linter
+  # - POWERSHELL_POWERSHELL
+  # - POWERSHELL_POWERSHELL_FORMATTER
+  - PYTHON_BANDIT
+  - PYTHON_BLACK  # in Super-Linter
+  - PYTHON_FLAKE8  # in Super-Linter
+  - PYTHON_ISORT  # in Super-Linter
+  - PYTHON_MYPY
+  - PYTHON_PYLINT  # in Super-Linter
+  - PYTHON_PYRIGHT
+  - PYTHON_RUFF
+  - R_LINTR  # in Super-Linter
+  # - RAKU_RAKU  # in Super-Linter
+  # - RUBY_RUBOCOP  # in Super-Linter
+  - RUST_CLIPPY  # in Super-Linter
+  # - SALESFORCE_LIGHTNING_FLOW_SCANNER
+  # - SALESFORCE_SFDX_SCANNER_APEX
+  # - SALESFORCE_SFDX_SCANNER_AURA
+  # - SALESFORCE_SFDX_SCANNER_LWC
+  - SCALA_SCALAFIX
+  - SQL_SQLFLUFF  # in Super-Linter
+  - SQL_TSQLLINT
+  - SWIFT_SWIFTLINT
+  - TSX_ESLINT
+  - TYPESCRIPT_ES  # in Super-Linter
+  # - TYPESCRIPT_PRETTIER
+  - TYPESCRIPT_STANDARD  # in Super-Linter
+  # - VBDOTNET_DOTNET_FORMAT
+
+  ### Formats
+  - CSS_STYLELINT  # in Super-Linter
+  - ENV_DOTENV_LINTER  # in Super-Linter
+  # - GRAPHQL_GRAPHQL_SCHEMA_LINTER
+  # - HTML_DJLINT # Refuses to see config file
+  - HTML_HTMLHINT  # in Super-Linter
+  - JSON_ESLINT_PLUGIN_JSONC  # in Super-Linter
+  - JSON_JSONLINT
+  - JSON_NPM_PACKAGE_JSON_LINT
+  # - JSON_PRETTIER
+  - JSON_V8R
+  # - LATEX_CHKTEX  # in Super-Linter
+  - MARKDOWN_MARKDOWNLINT  # in Super-Linter
+  - MARKDOWN_MARKDOWN_LINK_CHECK
+  - MARKDOWN_MARKDOWN_TABLE_FORMATTER
+  - MARKDOWN_REMARK_LINT
+  # - PROTOBUF_PROTOLINT  # in Super-Linter
+  # - RST_RSTCHECK
+  # - RST_RSTFMT
+  # - RST_RST_LINT
+  - XML_XMLLINT  # in Super-Linter
+  # - YAML_PRETTIER
+  - YAML_V8R
+  - YAML_YAMLLINT  # in Super-Linter
+
+  ### Tooling
+  - ACTION_ACTIONLINT  # in Super-Linter
+  - ANSIBLE_ANSIBLE_LINT  # in Super-Linter
+  - API_SPECTRAL
+  - ARM_ARM_TTK  # in Super-Linter
+  # - BICEP_BICEP_LINTER
+  - CLOUDFORMATION_CFN_LINT  # in Super-Linter
+  - DOCKERFILE_HADOLINT  # in Super-Linter
+  - EDITORCONFIG_EDITORCONFIG_CHECKER  # in Super-Linter
+  # - GHERKIN_GHERKIN_LINT  # in Super-Linter
+  - KUBERNETES_HELM
+  - KUBERNETES_KUBECONFORM
+  - KUBERNETES_KUBESCAPE
+  - PUPPET_PUPPET_LINT
+  # - SNAKEMAKE_LINT  # in Super-Linter
+  # - SNAKEMAKE_SNAKEFMT  # in Super-Linter
+  # - TEKTON_TEKTON_LINT  # in Super-Linter
+  - TERRAFORM_TERRAFORM_FMT  # in Super-Linter
+  - TERRAFORM_TERRAGRUNT  # in Super-Linter
+  - TERRAFORM_TERRASCAN  # in Super-Linter
+  - TERRAFORM_TFLINT  # in Super-Linter
+
+  ### Code quality checkers
+  - COPYPASTE_JSCPD  # in Super-Linter
+  - REPOSITORY_CHECKOV
+  - REPOSITORY_DEVSKIM
+  - REPOSITORY_DUSTILOCK
+  - REPOSITORY_GIT_DIFF
+  - REPOSITORY_GITLEAKS  # in Super-Linter
+  - REPOSITORY_GRYPE
+  - REPOSITORY_KICS
+  - REPOSITORY_LS_LINT
+  - REPOSITORY_SECRETLINT
+  - REPOSITORY_SEMGREP
+  - REPOSITORY_SYFT
+  - REPOSITORY_TRIVY
+  - REPOSITORY_TRIVY_SBOM
+  - REPOSITORY_TRUFFLEHOG
+  # - SPELL_CSPELL
+  - SPELL_LYCHEE
+  - SPELL_PROSELINT
+  - SPELL_VALE
+
+SHOW_ELAPSED_TIME: false
+FILEIO_REPORTER: false
+FAIL_IF_MISSING_LINTER_IN_FLAVOR: true
+# DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect
+# errors but not block CI to pass

data/.rubocop

@@ -0,0 +1 @@
+--config .github/linters/rubocop_defaults.yml

data/CHANGELOG.md

@@ -0,0 +1,24 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.0.1] - 2025-01-24
+
+### Fixed
+
+- Linted a return from a code block
+
+## [1.0.0] - 2025-01-24
+
+### Added
+
+- Initial implementation of the auditor, registry and exec command generator
+
+[unreleased]: https://github.com/HealthDataInsight/way_of_working-audit-github/compare/v1.0.1...HEAD
+[1.0.1]: https://github.com/HealthDataInsight/way_of_working-audit-github/compare/v1.0.0...v1.0.1
+[1.0.0]: https://github.com/HealthDataInsight/way_of_working-audit-github/releases/tag/v1.0.0

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Health Data Insight CIC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,57 @@
+# WayOfWorking::Audit::Github
+
+<!-- Way of Working: Main Badge Holder Start -->
+![Way of Working Badge](https://img.shields.io/badge/Way_of_Working-v2.0.1-%238169e3?labelColor=black)
+<!-- Way of Working: Additional Badge Holder Start -->
+<!-- Way of Working: Badge Holder End -->
+
+
+
+A [Way of Working](https://github.com/HealthDataInsight/way_of_working) plugin that provides a registry and auditing tool for GitHub repositories. Rules can check for both missing/incorrect files and mis-configuration of the repository itself. Many existing plugins have defined their own rules to check that they have been adopted properly.
+
+Work is ongoing on a plugin for CIS GitHub Benchmark compliance testing.
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+```bash
+bundle add UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```bash
+gem install UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```
+
+## Usage
+
+Define the following environment variables:
+
+- `GITHUB_ORGANISATION`: the name of your organisation being scanned (as used in the GitHub URL)
+- `GITHUB_TOKEN`: a PAT token with sufficient permission to access repositories and their configuration.
+
+Then to run the GitHub audit for your project, use:
+
+```bash
+way_of_working exec audit_github
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at <https://github.com/HealthDataInsight/way_of_working-audit-github>. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/HealthDataInsight/way_of_working-audit-github/blob/main/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the way_of_working-audit-github project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/HealthDataInsight/way_of_working-audit-github/blob/main/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+require 'way_of_working/tasks'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.test_files = FileList['test/**/*_test.rb']
+  t.verbose = false
+  t.warning = false
+end
+
+desc 'Run tests'
+task default: :test

data/code_safety.yml

@@ -0,0 +1,122 @@
+---
+file safety:
+  ".alexrc":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  ".github/linters/.markdown-link-check.json":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  ".github/linters/rubocop_defaults.yml":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  ".github/workflows/inclusive-language.yml":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  ".github/workflows/main.yml":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  ".github/workflows/mega-linter.yml":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  ".gitignore":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  ".mega-linter.yml":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  ".rubocop":
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  CHANGELOG.md:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: ed3796d3dcd6d7314ee994c852e3e966df9c0d32
+  Gemfile:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  Gemfile.lock:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  LICENSE.txt:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  README.md:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  Rakefile:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  bin/console:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  bin/setup:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  lib/way_of_working/audit/github.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  lib/way_of_working/audit/github/auditor.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  lib/way_of_working/audit/github/generators/exec.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  lib/way_of_working/audit/github/plugin.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  lib/way_of_working/audit/github/rules/base.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: ed3796d3dcd6d7314ee994c852e3e966df9c0d32
+  lib/way_of_working/audit/github/rules/registry.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  lib/way_of_working/audit/github/rules/unknown.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  lib/way_of_working/audit/github/version.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: ed3796d3dcd6d7314ee994c852e3e966df9c0d32
+  test/test_helper.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  test/way_of_working/audit/github/rule_test.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  test/way_of_working/audit/github/zeitwerk_loader_test.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295
+  test/way_of_working/audit/github_test.rb:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 84e86c45c31ac0e37a13cf39d2bbbff01391f39d
+  way_of_working-audit-github.gemspec:
+    comments:
+    reviewed_by: shilpigoeldev
+    safe_revision: 4f2b65e6f3eda6c9213348886916aa391cd2e295

data/lib/way_of_working/audit/github/auditor.rb

@@ -0,0 +1,43 @@
+require 'octokit'
+require_relative 'rules/registry'
+
+module WayOfWorking
+  module Audit
+    module Github
+      # This auditor runs all the rules against any given GitHub repository
+      class Auditor
+        def initialize(access_token, organisation_name)
+          @access_token = access_token
+          @organisation_name = organisation_name
+        end
+
+        def audit(repository)
+          # Get all the rules once, rather than repeatedly in individual rules
+          rulesets = @client.get("repos/#{repository.full_name}/rulesets").map do |rule|
+            @client.get("repos/#{repository.full_name}/rulesets/#{rule[:id]}")
+          end
+
+          Array(Rules::Registry.rules).each do |rule_name, klass|
+            rule = klass.new(client, rule_name, repository, rulesets)
+
+            yield rule
+          end
+        end
+
+        def repositories
+          @repositories ||= client.org_repos(@organisation_name)
+        end
+
+        private
+
+        def client
+          @client ||= begin
+            client = Octokit::Client.new(access_token: @access_token) # , per_page: 1_000
+            client.auto_paginate = true
+            client
+          end
+        end
+      end
+    end
+  end
+end

data/lib/way_of_working/audit/github/generators/exec.rb

@@ -0,0 +1,125 @@
+# frozen_string_literal: true
+
+require 'git'
+require 'rainbow'
+require 'thor'
+require 'way_of_working/audit/github/auditor'
+# require 'way_of_working/github_audit/rules/all'
+
+module WayOfWorking
+  module Audit
+    module Github
+      module Generators
+        # This generator runs the github audit
+        class Exec < Thor::Group
+          # argument :all_repos, type: :string, required: false, desc: 'Optional repo to test'
+
+          desc 'This runs the github audit on this project'
+
+          def check_for_github_token_environment_variables
+            @github_token = ENV.fetch('GITHUB_TOKEN', nil)
+            return unless @github_token.nil?
+
+            abort(Rainbow("\nMissing GITHUB_TOKEN environment variable").red)
+          end
+
+          def check_for_github_organisation_environment_variables
+            @github_organisation = ENV.fetch('GITHUB_ORGANISATION', nil)
+            return unless @github_organisation.nil?
+
+            abort(Rainbow("\nMissing GITHUB_ORGANISATION environment variable").red)
+          end
+
+          def start_timer
+            @start_time = Time.now
+          end
+
+          def check_github_organisation_remotes
+            abort(Rainbow("\nGitHub is not an upstream repository.").red) if github_organisation_remotes.empty?
+
+            # say(Rainbow("Limiting audit to #{path}\n").yellow) if path
+            say "\nRunning..."
+          end
+
+          def prep_audit
+            @auditor = ::WayOfWorking::Audit::Github::Auditor.new(@github_token, @github_organisation)
+
+            # Loop though all the repos
+            @repositories = @auditor.repositories # .to_a[20..]
+            @repositories = @repositories.select do |repo|
+              github_organisation_remotes.include?(repo.name)
+            end
+          rescue Octokit::Unauthorized
+            abort(Rainbow("\nGITHUB_TOKEN has expired or does not have sufficient permission").red)
+          end
+
+          def run_audit
+            @audit_ok = true
+            unarchived_repos.each do |repo|
+              @auditor.audit(repo) do |rule|
+                case rule.status
+                when :not_applicable
+                  # Do nothing
+                when :passed
+                  say "✅ #{rule.tags.inspect} Passed #{rule.name}"
+                when :failed
+                  say "❌ #{rule.tags.inspect} Failed #{rule.name}: #{rule.errors.to_sentence}"
+                  @audit_ok = false
+                else
+                  abort(Rainbow("Unknown response #{rule.status.inspect}").red)
+                end
+              end
+            end
+          end
+
+          def run_last
+            say(Rainbow("\nTotal time taken: #{(Time.now - @start_time).to_i} seconds").yellow)
+
+            if @audit_ok
+              say(Rainbow("\nGitHub audit succeeded!").green)
+            else
+              abort(Rainbow("\nGitHub audit failed!").red)
+            end
+          end
+
+          private
+
+          def unarchived_repos(&block)
+            return to_enum(__method__) unless block_given?
+
+            @repositories.each do |repo|
+              if repo.archived?
+                say(Rainbow("\nSkipping archived repo: #{repo.name}").yellow)
+
+                next
+              end
+
+              say("#{repo.name} [#{repo.private? ? 'Private' : 'Public'}] #{repo.description} " \
+                  "#{repo.language} #{repo.topics.join(',')}")
+
+              block.call(repo)
+            end
+          end
+
+          # This method returns the repo names for all upstream repositories
+          # hosted on GitHub, for the given organisation
+          def github_organisation_remotes
+            @github_organisation_remotes ||= begin
+              all_remote_urls = ::Git.open('.').remotes.map(&:url)
+
+              organisation_remote_urls = all_remote_urls.select do |url|
+                url.start_with?("https://github.com/#{@github_organisation}")
+              end
+
+              organisation_remote_urls.map do |url|
+                matchdata = url.match(%r{\Ahttps://github.com/([^/]+)/([^/]+)\.git})
+
+                matchdata[2]
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/way_of_working/audit/github/plugin.rb

@@ -0,0 +1 @@
+require 'way_of_working/audit/github'

data/lib/way_of_working/audit/github/rules/base.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require 'active_support'
+require 'active_support/core_ext'
+require 'base64'
+require 'octokit'
+require_relative 'registry'
+
+module WayOfWorking
+  module Audit
+    module Github
+      module Rules
+        # This is the base class for GitHub audit rules
+        class Base
+          attr_accessor :errors, :name, :rulesets, :warnings
+
+          class << self
+            # Stores and return the source root for this class
+            def source_root(path = nil)
+              @source_root = path if path
+              @source_root ||= nil
+            end
+          end
+
+          def initialize(client, name, repo, rulesets)
+            @client = client
+            @name = name
+            @repo = repo
+            @repo_name = repo.full_name
+            @rulesets = rulesets
+            @errors = []
+            @warnings = []
+          end
+
+          def status
+            @status ||= begin
+              result = validate
+
+              if result == :not_applicable
+                result
+              else
+                @errors.empty? ? :passed : :failed
+              end
+            end
+          end
+
+          def validate
+            $stdout.puts 'Rule#valid? has been deprecated, use "validate"'
+            valid?
+          end
+
+          def self.tags
+            [:way_of_working]
+          end
+
+          def tags
+            self.class.tags
+          end
+
+          private
+
+          def repo_file_contents(path)
+            response = @client.contents(@repo_name, path: path)
+            Base64.decode64(response.content).force_encoding('UTF-8')
+          rescue Octokit::NotFound
+            nil
+          end
+
+          # This method returns the content of the README file
+          def readme_content
+            @readme_content ||=
+              begin
+                response = @client.readme(@repo_name)
+
+                Base64.decode64(response.content).force_encoding('UTF-8')
+              rescue Octokit::NotFound
+                ''
+              end
+          end
+
+          # This convenience method returns the branch rules for this repo
+          def branch_rules(branch)
+            @client.get("repos/#{@repo.full_name}/rules/branches/#{branch}")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/way_of_working/audit/github/rules/registry.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require_relative 'unknown'
+
+module WayOfWorking
+  module Audit
+    module Github
+      module Rules
+        # This provides the GitHub audit rule factory
+        module Registry
+          class << self
+            attr_accessor :rules
+
+            def register(klass, rule_name)
+              @rules ||= {}
+
+              @rules[rule_name] = klass
+            end
+
+            def unregister(*rule_names)
+              rule_names.each do |rule_name|
+                @rules.delete(rule_name)
+              end
+            end
+
+            def rule(rule_name, client, repo)
+              klass = Registry.rules.fetch(rule_name, Unknown)
+
+              klass.new(client, repo)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/way_of_working/audit/github/rules/unknown.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module WayOfWorking
+  module Audit
+    module Github
+      module Rules
+        # This is a stub handler for rules that aren't in the registry.
+        class Unknown < Base
+          def initialize(client, repo_name)
+            super
+            raise 'Error: Unknown client'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/way_of_working/audit/github/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module WayOfWorking
+  module Audit
+    module Github
+      VERSION = '1.0.1'
+    end
+  end
+end

data/lib/way_of_working/audit/github.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'way_of_working'
+require 'zeitwerk'
+
+loader = Zeitwerk::Loader.for_gem_extension(WayOfWorking::Audit)
+loader.ignore("#{__dir__}/github/plugin.rb")
+loader.setup
+
+module WayOfWorking
+  module Audit
+    module Github
+      class Error < StandardError; end
+    end
+  end
+
+  module SubCommands
+    # This reopens the "way_of_working exec" sub command
+    class Exec
+      register(Audit::Github::Generators::Exec, 'audit_github', 'audit_github',
+               <<~LONGDESC)
+                 Description:
+                     This runs the GitHub audit
+
+                 Example:
+                     way_of_working exec audit_github
+               LONGDESC
+    end
+
+    # # This reopens the "way_of_working init" sub command
+    # class Init
+    #   register(Audit::Github::Generators::Init, 'audit', 'audit',
+    # end
+
+    # # This reopens the "way_of_working new" sub command
+    # class New
+    #   register(Audit::Github::Generators::New, 'audit', 'audit [NAME]',
+    # end
+  end
+end

metadata

@@ -0,0 +1,134 @@
+--- !ruby/object:Gem::Specification
+name: way_of_working-audit-github
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Tim Gentry
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2025-01-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday-multipart
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: faraday-retry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: octokit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '9.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '9.1'
+- !ruby/object:Gem::Dependency
+  name: way_of_working
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: zeitwerk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.18
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.18
+description:
+email:
+- 52189+timgentry@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".alexrc"
+- ".mega-linter.yml"
+- ".rubocop"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- code_safety.yml
+- lib/way_of_working/audit/github.rb
+- lib/way_of_working/audit/github/auditor.rb
+- lib/way_of_working/audit/github/generators/exec.rb
+- lib/way_of_working/audit/github/plugin.rb
+- lib/way_of_working/audit/github/rules/base.rb
+- lib/way_of_working/audit/github/rules/registry.rb
+- lib/way_of_working/audit/github/rules/unknown.rb
+- lib/way_of_working/audit/github/version.rb
+homepage: https://github.com/HealthDataInsight/way_of_working-audit-github
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  rubygems_mfa_required: 'true'
+  homepage_uri: https://github.com/HealthDataInsight/way_of_working-audit-github
+  source_code_uri: https://github.com/HealthDataInsight/way_of_working-audit-github
+  changelog_uri: https://github.com/HealthDataInsight/way_of_working-audit-github/blob/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: Way of Working plugin for GitHub auditing
+test_files: []