@intecoag/inteco-cli 1.6.1 → 1.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@intecoag/inteco-cli",
-  "version": "1.6.1",
+  "version": "1.7.0",
   "description": "CLI-Tools for Inteco",
   "main": "src/index.js",
   "type": "module",

package/src/index.js

@@ -21,6 +21,7 @@ import syncConfig from './modules/syncConfig.js';
 import configMutation from './modules/configMutation.js';
 import bundleProduct from './modules/bundleProduct.js';
 import { azureCreateSyncConfig, azurePush, azurePull } from './modules/azureSync.js';
+import githubSecurityAdvisories from './modules/githubSecurityAdvisories.js';
 
 import updateNotifier from 'update-notifier';
 
@@ -107,6 +108,9 @@ switch (cli.input[0]) {
     case "azure_sync_pull":
         azurePull();
         break;
+    case "github_security_advisories":
+        githubSecurityAdvisories();
+        break;
     default:
         cli.showHelp()
         break;

package/src/modules/githubSecurityAdvisories.js

@@ -0,0 +1,160 @@
+import prompts from 'prompts';
+import chalk from 'chalk';
+import Table from 'cli-table3';
+import ora from 'ora';
+import { getGithubToken, fetchPaginatedGithubAPI, fetchGithubAPI } from '../utils/github/github.js';
+
+async function githubSecurityAdvisories() {
+  console.log();
+
+  // Get GitHub authentication token
+  let token;
+  let authMethod;
+  
+  try {
+    ({ token, authMethod } = await getGithubToken());
+  } catch (error) {
+    console.log();
+    console.error(chalk.red(`✗ ${error.message}`));
+    console.log(chalk.yellow('\nAuthentication setup:'));
+    console.log(chalk.gray('  Option 1: Install GitHub CLI and run: gh auth login'));
+    console.log(chalk.gray('  Option 2: Set GITHUB_TOKEN environment variable'));
+    console.log();
+    process.exit(1);
+  }
+
+  console.log(chalk.green(`✓ Authenticated via: ${authMethod}`));
+  console.log();
+
+  const responses = await prompts([
+    {
+      type: 'text',
+      name: 'organization',
+      message: 'GitHub Organization Name?',
+      initial: 'intecoag',
+      validate: (value) => value.length > 0 || 'Organization name is required'
+    }
+  ], {
+    onCancel: () => {
+      console.log();
+      console.log(chalk.red('Cancelled GitHub Security Advisories check!'));
+      console.log();
+      process.exit(0);
+    }
+  });
+
+  const { organization } = responses;
+
+  const spinner = ora('Fetching repositories...').start();
+
+  try {
+    // Fetch all repositories for the organization
+    const baseUrl = `https://api.github.com/orgs/${organization}/repos`;
+    const repos = await fetchPaginatedGithubAPI(baseUrl, token);
+
+    if (repos.length === 0) {
+      spinner.warn(`No repositories found in organization "${organization}"`);
+      console.log();
+      return;
+    }
+
+    spinner.text = `Found ${repos.length} repositories. Checking security advisories...`;
+
+    // Check security advisories for each repo
+    const results = [];
+    for (let i = 0; i < repos.length; i++) {
+      const repo = repos[i];
+      spinner.text = `Checking security advisories... [${i + 1}/${repos.length}] ${repo.name}`;
+
+      const advisories = await fetchSecurityAdvisories(organization, repo.name, token);
+      
+      if (advisories.length > 0) {
+        results.push({
+          repository: repo.name,
+          advisoryCount: advisories.length,
+          url: repo.html_url
+        });
+      }
+    }
+
+    spinner.succeed('Security advisories check completed!');
+    console.log();
+
+    if (results.length === 0) {
+      console.log(chalk.green.bold('✓ No security advisories found in any repositories!'));
+      console.log();
+      return;
+    }
+
+    // Sort by advisory count (descending)
+    results.sort((a, b) => b.advisoryCount - a.advisoryCount);
+
+    // Display results in a table
+    const table = new Table({
+      head: [
+        chalk.bold.cyan('Repository'),
+        chalk.bold.cyan('Advisories'),
+        chalk.bold.cyan('URL')
+      ],
+      style: {
+        head: [],
+        border: ['cyan']
+      },
+      colWidths: [40, 15, 60],
+      wordWrap: true
+    });
+
+    for (const result of results) {
+      const advisoryColor = chalk.red;
+      table.push([
+        result.repository,
+        advisoryColor.bold(result.advisoryCount.toString()),
+        chalk.blue.underline(result.url)
+      ]);
+    }
+
+    console.log(table.toString());
+    console.log();
+    console.log(chalk.yellow.bold(`Summary: ${results.length} repository/repositories with open security advisories`));
+    console.log();
+
+  } catch (error) {
+    console.log();
+    spinner.fail('Error checking security advisories');
+    
+    if (error.message.includes('Organization')) {
+      console.error(chalk.red(`✗ ${error.message}`));
+    } else if (error.message.includes('authentication')) {
+      console.error(chalk.red(`✗ ${error.message}`));
+      console.log(chalk.yellow('\nAuthentication setup:'));
+      console.log(chalk.gray('  Option 1: Install GitHub CLI and run: gh auth login'));
+      console.log(chalk.gray('  Option 2: Set GITHUB_TOKEN environment variable'));
+    } else {
+      console.error(chalk.red(`Error: ${error.message}`));
+    }
+    console.log();
+    process.exit(1);
+  }
+}
+
+async function fetchSecurityAdvisories(organization, repository, token) {
+  const url = `https://api.github.com/repos/${organization}/${repository}/dependabot/alerts`;
+
+  try {
+    const res = await fetchGithubAPI(url, token);
+    const alerts = await res.json();
+
+    // Filter for open and unresolved alerts
+    const openAlerts = Array.isArray(alerts) ? alerts.filter(alert => alert.state === 'open') : [];
+
+    return openAlerts;
+  } catch (error) {
+    // If the endpoint is not available or the repo is not accessible, return empty array
+    if (error.message.includes('404') || error.message.includes('403')) {
+      return [];
+    }
+    throw error;
+  }
+}
+
+export default githubSecurityAdvisories;

package/src/ressources/cmds.json

@@ -51,12 +51,15 @@
         "desc": "Shows the changelog history"
     },
     "azure_sync_config": {
-        "desc": "Creates or updates the .az-sync configuration file"
+        "desc": "Creates or updates the .az-sync configuration file (requires Azure-CLI)"
     },
     "azure_push": {
-        "desc": "Pushes local files to Azure Blob Storage using checksum comparison"
+        "desc": "Pushes local files to Azure Blob Storage using checksum comparison (requires Azure-CLI)"
     },
     "azure_pull": {
-        "desc": "Pulls blobs to local files using checksum comparison"
+        "desc": "Pulls blobs to local files using checksum comparison (requires Azure-CLI)"
+    },
+    "github_security_advisories": {
+        "desc": "Checks all GitHub repositories in an organization for open and unresolved security advisories (requires GitHub CLI or GITHUB_TOKEN)"
     }
 }

package/src/utils/github/github.js

@@ -0,0 +1,99 @@
+import chalk from 'chalk';
+import { execSync } from 'child_process';
+
+/**
+ * Get GitHub authentication token from environment or GitHub CLI
+ * @returns {Promise<{token: string, authMethod: string}>} Token and authentication method
+ * @throws {Error} If no authentication method is available
+ */
+export async function getGithubToken() {
+  let token = null;
+  let authMethod = null;
+
+  // 1. Try GITHUB_TOKEN environment variable
+  if (process.env.GITHUB_TOKEN) {
+    token = process.env.GITHUB_TOKEN;
+    authMethod = 'GITHUB_TOKEN (environment variable)';
+  }
+
+  // 2. Try GitHub CLI authentication if available
+  if (!token) {
+    try {
+      token = execSync('gh auth token', { encoding: 'utf-8' }).trim();
+      authMethod = 'GitHub CLI';
+    } catch (error) {
+      // GitHub CLI not available or not authenticated
+    }
+  }
+
+  // 3. If no token found, prompt user to authenticate
+  if (!token) {
+    console.log(chalk.yellow('No GitHub authentication found. Please authenticate with GitHub CLI:'));
+    console.log(chalk.gray('  Run: gh auth login'));
+    console.log();
+    throw new Error('GitHub authentication required. Please run "gh auth login" or set GITHUB_TOKEN environment variable.');
+  }
+
+  return { token, authMethod };
+}
+
+/**
+ * Make a GitHub API fetch request with proper headers and error handling
+ * @param {string} url - GitHub API endpoint URL
+ * @param {string} token - GitHub authentication token
+ * @returns {Promise<Response>} Fetch response
+ * @throws {Error} If fetch fails or returns error status
+ */
+export async function fetchGithubAPI(url, token) {
+  const res = await fetch(url, {
+    headers: {
+      'Authorization': `Bearer ${token}`,
+      'Accept': 'application/vnd.github+json',
+      'X-GitHub-Api-Version': '2022-11-28',
+      'User-Agent': 'inteco-cli'
+    }
+  });
+
+  if (!res.ok) {
+    if (res.status === 404) {
+      throw new Error('Resource not found (404)');
+    }
+    if (res.status === 401 || res.status === 403) {
+      throw new Error('GitHub authentication failed. Please ensure your authentication is valid (run "gh auth login" or check GITHUB_TOKEN)');
+    }
+    throw new Error(`GitHub API request failed: ${res.statusText}`);
+  }
+
+  return res;
+}
+
+/**
+ * Fetch all items from a paginated GitHub API endpoint
+ * @param {string} baseUrl - Base GitHub API endpoint URL (without pagination params)
+ * @param {string} token - GitHub authentication token
+ * @param {number} page - Current page (default: 1)
+ * @param {Array} allItems - Accumulated items (default: [])
+ * @returns {Promise<Array>} All items from all pages
+ */
+export async function fetchPaginatedGithubAPI(baseUrl, token, page = 1, allItems = []) {
+  const url = `${baseUrl}${baseUrl.includes('?') ? '&' : '?'}page=${page}&per_page=100`;
+
+  try {
+    const res = await fetchGithubAPI(url, token);
+    const items = await res.json();
+
+    if (items.length === 0) {
+      return allItems;
+    }
+
+    // Recursively fetch all pages
+    return fetchPaginatedGithubAPI(baseUrl, token, page + 1, [...allItems, ...items]);
+  } catch (error) {
+    if (page === 1) {
+      // Only throw on first page - error getting initial data
+      throw error;
+    }
+    // On subsequent pages, return what we have so far
+    return allItems;
+  }
+}