@aspruyt/xfg 3.7.5 → 3.7.7

package/dist/config/validators/repo-settings-validator.js

@@ -0,0 +1,71 @@
+const VALID_VISIBILITY = ["public", "private", "internal"];
+const VALID_SQUASH_MERGE_COMMIT_TITLE = ["PR_TITLE", "COMMIT_OR_PR_TITLE"];
+const VALID_SQUASH_MERGE_COMMIT_MESSAGE = [
+    "PR_BODY",
+    "COMMIT_MESSAGES",
+    "BLANK",
+];
+const VALID_MERGE_COMMIT_TITLE = ["PR_TITLE", "MERGE_MESSAGE"];
+const VALID_MERGE_COMMIT_MESSAGE = ["PR_BODY", "PR_TITLE", "BLANK"];
+/**
+ * Validates GitHub repository settings.
+ */
+export function validateRepoSettings(repo, context) {
+    if (typeof repo !== "object" || repo === null || Array.isArray(repo)) {
+        throw new Error(`${context}: repo must be an object`);
+    }
+    const r = repo;
+    // Validate boolean fields
+    const booleanFields = [
+        "hasIssues",
+        "hasProjects",
+        "hasWiki",
+        "hasDiscussions",
+        "isTemplate",
+        "allowForking",
+        "archived",
+        "allowSquashMerge",
+        "allowMergeCommit",
+        "allowRebaseMerge",
+        "allowAutoMerge",
+        "deleteBranchOnMerge",
+        "allowUpdateBranch",
+        "vulnerabilityAlerts",
+        "automatedSecurityFixes",
+        "secretScanning",
+        "secretScanningPushProtection",
+        "privateVulnerabilityReporting",
+        "webCommitSignoffRequired",
+    ];
+    for (const field of booleanFields) {
+        if (r[field] !== undefined && typeof r[field] !== "boolean") {
+            throw new Error(`${context}: ${field} must be a boolean`);
+        }
+    }
+    // Validate string fields
+    if (r.defaultBranch !== undefined && typeof r.defaultBranch !== "string") {
+        throw new Error(`${context}: defaultBranch must be a string`);
+    }
+    // Validate enum fields
+    if (r.visibility !== undefined &&
+        !VALID_VISIBILITY.includes(r.visibility)) {
+        throw new Error(`${context}: visibility must be one of: ${VALID_VISIBILITY.join(", ")}`);
+    }
+    if (r.squashMergeCommitTitle !== undefined &&
+        !VALID_SQUASH_MERGE_COMMIT_TITLE.includes(r.squashMergeCommitTitle)) {
+        throw new Error(`${context}: squashMergeCommitTitle must be one of: ${VALID_SQUASH_MERGE_COMMIT_TITLE.join(", ")}`);
+    }
+    if (r.squashMergeCommitMessage !== undefined &&
+        !VALID_SQUASH_MERGE_COMMIT_MESSAGE.includes(r.squashMergeCommitMessage)) {
+        throw new Error(`${context}: squashMergeCommitMessage must be one of: ${VALID_SQUASH_MERGE_COMMIT_MESSAGE.join(", ")}`);
+    }
+    if (r.mergeCommitTitle !== undefined &&
+        !VALID_MERGE_COMMIT_TITLE.includes(r.mergeCommitTitle)) {
+        throw new Error(`${context}: mergeCommitTitle must be one of: ${VALID_MERGE_COMMIT_TITLE.join(", ")}`);
+    }
+    if (r.mergeCommitMessage !== undefined &&
+        !VALID_MERGE_COMMIT_MESSAGE.includes(r.mergeCommitMessage)) {
+        throw new Error(`${context}: mergeCommitMessage must be one of: ${VALID_MERGE_COMMIT_MESSAGE.join(", ")}`);
+    }
+}
+export { VALID_VISIBILITY, VALID_SQUASH_MERGE_COMMIT_TITLE, VALID_SQUASH_MERGE_COMMIT_MESSAGE, VALID_MERGE_COMMIT_TITLE, VALID_MERGE_COMMIT_MESSAGE, };

package/dist/config/validators/ruleset-validator.d.ts

@@ -0,0 +1,18 @@
+declare const VALID_RULESET_TARGETS: string[];
+declare const VALID_ENFORCEMENT_LEVELS: string[];
+declare const VALID_ACTOR_TYPES: string[];
+declare const VALID_BYPASS_MODES: string[];
+declare const VALID_PATTERN_OPERATORS: string[];
+declare const VALID_MERGE_METHODS: string[];
+declare const VALID_ALERTS_THRESHOLDS: string[];
+declare const VALID_SECURITY_THRESHOLDS: string[];
+declare const VALID_RULE_TYPES: string[];
+/**
+ * Validates a single ruleset rule.
+ */
+export declare function validateRule(rule: unknown, context: string): void;
+/**
+ * Validates a single ruleset.
+ */
+export declare function validateRuleset(ruleset: unknown, name: string, context: string): void;
+export { VALID_RULESET_TARGETS, VALID_ENFORCEMENT_LEVELS, VALID_ACTOR_TYPES, VALID_BYPASS_MODES, VALID_PATTERN_OPERATORS, VALID_MERGE_METHODS, VALID_ALERTS_THRESHOLDS, VALID_SECURITY_THRESHOLDS, VALID_RULE_TYPES, };

package/dist/config/validators/ruleset-validator.js

@@ -0,0 +1,201 @@
+const VALID_RULESET_TARGETS = ["branch", "tag"];
+const VALID_ENFORCEMENT_LEVELS = ["active", "disabled", "evaluate"];
+const VALID_ACTOR_TYPES = ["Team", "User", "Integration"];
+const VALID_BYPASS_MODES = ["always", "pull_request"];
+const VALID_PATTERN_OPERATORS = [
+    "starts_with",
+    "ends_with",
+    "contains",
+    "regex",
+];
+const VALID_MERGE_METHODS = ["merge", "squash", "rebase"];
+const VALID_ALERTS_THRESHOLDS = [
+    "none",
+    "errors",
+    "errors_and_warnings",
+    "all",
+];
+const VALID_SECURITY_THRESHOLDS = [
+    "none",
+    "critical",
+    "high_or_higher",
+    "medium_or_higher",
+    "all",
+];
+const VALID_RULE_TYPES = [
+    "pull_request",
+    "required_status_checks",
+    "required_signatures",
+    "required_linear_history",
+    "non_fast_forward",
+    "creation",
+    "update",
+    "deletion",
+    "required_deployments",
+    "code_scanning",
+    "code_quality",
+    "workflows",
+    "commit_author_email_pattern",
+    "commit_message_pattern",
+    "committer_email_pattern",
+    "branch_name_pattern",
+    "tag_name_pattern",
+    "file_path_restriction",
+    "file_extension_restriction",
+    "max_file_path_length",
+    "max_file_size",
+];
+/**
+ * Validates a single ruleset rule.
+ */
+export function validateRule(rule, context) {
+    if (typeof rule !== "object" || rule === null || Array.isArray(rule)) {
+        throw new Error(`${context}: rule must be an object`);
+    }
+    const r = rule;
+    if (!r.type || typeof r.type !== "string") {
+        throw new Error(`${context}: rule must have a 'type' string field`);
+    }
+    if (!VALID_RULE_TYPES.includes(r.type)) {
+        throw new Error(`${context}: invalid rule type '${r.type}'. Must be one of: ${VALID_RULE_TYPES.join(", ")}`);
+    }
+    // Validate parameters based on rule type
+    if (r.parameters !== undefined) {
+        if (typeof r.parameters !== "object" ||
+            r.parameters === null ||
+            Array.isArray(r.parameters)) {
+            throw new Error(`${context}: rule parameters must be an object`);
+        }
+        const params = r.parameters;
+        // Validate pattern rule parameters
+        if (r.type.toString().endsWith("_pattern")) {
+            if (params.operator !== undefined &&
+                !VALID_PATTERN_OPERATORS.includes(params.operator)) {
+                throw new Error(`${context}: pattern rule operator must be one of: ${VALID_PATTERN_OPERATORS.join(", ")}`);
+            }
+            if (params.pattern !== undefined && typeof params.pattern !== "string") {
+                throw new Error(`${context}: pattern rule pattern must be a string`);
+            }
+        }
+        // Validate pull_request parameters
+        if (r.type === "pull_request") {
+            if (params.requiredApprovingReviewCount !== undefined) {
+                const count = params.requiredApprovingReviewCount;
+                if (typeof count !== "number" ||
+                    !Number.isInteger(count) ||
+                    count < 0 ||
+                    count > 10) {
+                    throw new Error(`${context}: requiredApprovingReviewCount must be an integer between 0 and 10`);
+                }
+            }
+            if (params.allowedMergeMethods !== undefined) {
+                if (!Array.isArray(params.allowedMergeMethods)) {
+                    throw new Error(`${context}: allowedMergeMethods must be an array`);
+                }
+                for (const method of params.allowedMergeMethods) {
+                    if (!VALID_MERGE_METHODS.includes(method)) {
+                        throw new Error(`${context}: allowedMergeMethods values must be one of: ${VALID_MERGE_METHODS.join(", ")}`);
+                    }
+                }
+            }
+        }
+        // Validate code_scanning parameters
+        if (r.type === "code_scanning" && params.codeScanningTools !== undefined) {
+            if (!Array.isArray(params.codeScanningTools)) {
+                throw new Error(`${context}: codeScanningTools must be an array`);
+            }
+            for (const tool of params.codeScanningTools) {
+                if (typeof tool !== "object" || tool === null) {
+                    throw new Error(`${context}: each codeScanningTool must be an object`);
+                }
+                const t = tool;
+                if (t.alertsThreshold !== undefined &&
+                    !VALID_ALERTS_THRESHOLDS.includes(t.alertsThreshold)) {
+                    throw new Error(`${context}: alertsThreshold must be one of: ${VALID_ALERTS_THRESHOLDS.join(", ")}`);
+                }
+                if (t.securityAlertsThreshold !== undefined &&
+                    !VALID_SECURITY_THRESHOLDS.includes(t.securityAlertsThreshold)) {
+                    throw new Error(`${context}: securityAlertsThreshold must be one of: ${VALID_SECURITY_THRESHOLDS.join(", ")}`);
+                }
+            }
+        }
+    }
+}
+/**
+ * Validates a single ruleset.
+ */
+export function validateRuleset(ruleset, name, context) {
+    if (typeof ruleset !== "object" ||
+        ruleset === null ||
+        Array.isArray(ruleset)) {
+        throw new Error(`${context}: ruleset '${name}' must be an object`);
+    }
+    const rs = ruleset;
+    if (rs.target !== undefined &&
+        !VALID_RULESET_TARGETS.includes(rs.target)) {
+        throw new Error(`${context}: ruleset '${name}' target must be one of: ${VALID_RULESET_TARGETS.join(", ")}`);
+    }
+    if (rs.enforcement !== undefined &&
+        !VALID_ENFORCEMENT_LEVELS.includes(rs.enforcement)) {
+        throw new Error(`${context}: ruleset '${name}' enforcement must be one of: ${VALID_ENFORCEMENT_LEVELS.join(", ")}`);
+    }
+    // Validate bypassActors
+    if (rs.bypassActors !== undefined) {
+        if (!Array.isArray(rs.bypassActors)) {
+            throw new Error(`${context}: ruleset '${name}' bypassActors must be an array`);
+        }
+        for (let i = 0; i < rs.bypassActors.length; i++) {
+            const actor = rs.bypassActors[i];
+            if (typeof actor !== "object" || actor === null) {
+                throw new Error(`${context}: ruleset '${name}' bypassActors[${i}] must be an object`);
+            }
+            if (typeof actor.actorId !== "number") {
+                throw new Error(`${context}: ruleset '${name}' bypassActors[${i}].actorId must be a number`);
+            }
+            if (!VALID_ACTOR_TYPES.includes(actor.actorType)) {
+                throw new Error(`${context}: ruleset '${name}' bypassActors[${i}].actorType must be one of: ${VALID_ACTOR_TYPES.join(", ")}`);
+            }
+            if (actor.bypassMode !== undefined &&
+                !VALID_BYPASS_MODES.includes(actor.bypassMode)) {
+                throw new Error(`${context}: ruleset '${name}' bypassActors[${i}].bypassMode must be one of: ${VALID_BYPASS_MODES.join(", ")}`);
+            }
+        }
+    }
+    // Validate conditions
+    if (rs.conditions !== undefined) {
+        if (typeof rs.conditions !== "object" ||
+            rs.conditions === null ||
+            Array.isArray(rs.conditions)) {
+            throw new Error(`${context}: ruleset '${name}' conditions must be an object`);
+        }
+        const conditions = rs.conditions;
+        if (conditions.refName !== undefined) {
+            const refName = conditions.refName;
+            if (typeof refName !== "object" ||
+                refName === null ||
+                Array.isArray(refName)) {
+                throw new Error(`${context}: ruleset '${name}' conditions.refName must be an object`);
+            }
+            if (refName.include !== undefined &&
+                (!Array.isArray(refName.include) ||
+                    !refName.include.every((s) => typeof s === "string"))) {
+                throw new Error(`${context}: ruleset '${name}' conditions.refName.include must be an array of strings`);
+            }
+            if (refName.exclude !== undefined &&
+                (!Array.isArray(refName.exclude) ||
+                    !refName.exclude.every((s) => typeof s === "string"))) {
+                throw new Error(`${context}: ruleset '${name}' conditions.refName.exclude must be an array of strings`);
+            }
+        }
+    }
+    // Validate rules array
+    if (rs.rules !== undefined) {
+        if (!Array.isArray(rs.rules)) {
+            throw new Error(`${context}: ruleset '${name}' rules must be an array`);
+        }
+        for (let i = 0; i < rs.rules.length; i++) {
+            validateRule(rs.rules[i], `${context}: ruleset '${name}' rules[${i}]`);
+        }
+    }
+}
+export { VALID_RULESET_TARGETS, VALID_ENFORCEMENT_LEVELS, VALID_ACTOR_TYPES, VALID_BYPASS_MODES, VALID_PATTERN_OPERATORS, VALID_MERGE_METHODS, VALID_ALERTS_THRESHOLDS, VALID_SECURITY_THRESHOLDS, VALID_RULE_TYPES, };

package/dist/index.d.ts

@@ -1,66 +1,3 @@
-#!/usr/bin/env node
-import { program } from "commander";
-import { MergeMode, MergeStrategy } from "./config.js";
-import { ProcessorResult } from "./repository-processor.js";
-import { RepoConfig } from "./config.js";
-import { RepoInfo } from "./repo-detector.js";
-import { ProcessorOptions } from "./repository-processor.js";
-import { RulesetProcessorOptions, RulesetProcessorResult } from "./ruleset-processor.js";
-import { IRepoSettingsProcessor } from "./repo-settings-processor.js";
-/**
- * Processor interface for dependency injection in tests.
- */
-export interface IRepositoryProcessor {
-    process(repoConfig: RepoConfig, repoInfo: RepoInfo, options: ProcessorOptions): Promise<ProcessorResult>;
-    updateManifestOnly(repoInfo: RepoInfo, repoConfig: RepoConfig, options: ProcessorOptions, manifestUpdate: {
-        rulesets: string[];
-    }): Promise<ProcessorResult>;
-}
-/**
- * Factory function type for creating processors.
- * Allows dependency injection for testing.
- */
-export type ProcessorFactory = () => IRepositoryProcessor;
-/**
- * Default factory that creates a real RepositoryProcessor.
- */
-export declare const defaultProcessorFactory: ProcessorFactory;
-/**
- * Ruleset processor interface for dependency injection in tests.
- */
-export interface IRulesetProcessor {
-    process(repoConfig: RepoConfig, repoInfo: RepoInfo, options: RulesetProcessorOptions): Promise<RulesetProcessorResult>;
-}
-/**
- * Factory function type for creating ruleset processors.
- */
-export type RulesetProcessorFactory = () => IRulesetProcessor;
-/**
- * Default factory that creates a real RulesetProcessor.
- */
-export declare const defaultRulesetProcessorFactory: RulesetProcessorFactory;
-/**
- * Repo settings processor factory function type.
- */
-export type RepoSettingsProcessorFactory = () => IRepoSettingsProcessor;
-/**
- * Default factory that creates a real RepoSettingsProcessor.
- */
-export declare const defaultRepoSettingsProcessorFactory: RepoSettingsProcessorFactory;
-interface SharedOptions {
-    config: string;
-    dryRun?: boolean;
-    workDir?: string;
-    retries?: number;
-    noDelete?: boolean;
-}
-interface SyncOptions extends SharedOptions {
-    branch?: string;
-    merge?: MergeMode;
-    mergeStrategy?: MergeStrategy;
-    deleteBranch?: boolean;
-}
-type SettingsOptions = SharedOptions;
-export declare function runSync(options: SyncOptions, processorFactory?: ProcessorFactory): Promise<void>;
-export declare function runSettings(options: SettingsOptions, processorFactory?: RulesetProcessorFactory, repoProcessorFactory?: ProcessorFactory, repoSettingsProcessorFactory?: RepoSettingsProcessorFactory): Promise<void>;
-export { program };
+export { runSync, runSettings } from "./cli/index.js";
+export type { SyncOptions, SettingsOptions, SharedOptions, } from "./cli/index.js";
+export { type IRepositoryProcessor, type ProcessorFactory, defaultProcessorFactory, type IRulesetProcessor, type RulesetProcessorFactory, defaultRulesetProcessorFactory, type RepoSettingsProcessorFactory, defaultRepoSettingsProcessorFactory, } from "./cli/index.js";