devsecops-engine-tools 1.7.21__py3-none-any.whl → 1.7.23__py3-none-any.whl

devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py

@@ -10,6 +10,9 @@ from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s
 from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.azure.azure_devops import (
     AzureDevops,
 )
+from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions import (
+    GithubActions,
+)
 from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.runtime_local.runtime_local import (
     RuntimeLocal,
 )
@@ -45,7 +48,7 @@ def parse_choices(choices):
 def get_inputs_from_cli(args):
     parser = argparse.ArgumentParser()
     parser.add_argument("-v", "--version", action='version', version='{version}'.format(version=version))
-    parser.add_argument("-pd", "--platform_devops", choices=["azure", "local"], type=str, required=True, help="Platform where is executed")
+    parser.add_argument("-pd", "--platform_devops", choices=["azure", "github", "local"], type=str, required=True, help="Platform where is executed")
     parser.add_argument("-rcf" ,"--remote_config_repo", type=str, required=True, help="Name or Folder Path of Config Repo")
     parser.add_argument("-t",
         "--tool",
@@ -114,7 +117,11 @@ def application_core():
         # Define driven adapters for gateways
         vulnerability_management_gateway = DefectDojoPlatform()
         secrets_manager_gateway = SecretsManager()
-        devops_platform_gateway = AzureDevops() if args["platform_devops"] == "azure" else RuntimeLocal()
+        devops_platform_gateway = {
+            "azure": AzureDevops(),
+            "github": GithubActions(),
+            "local": RuntimeLocal()
+        }.get(args["platform_devops"])
         printer_table_gateway = PrinterPrettyTable()
         metrics_manager_gateway = S3Manager()
         

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py

@@ -0,0 +1,96 @@
+from dataclasses import dataclass
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
+    DevopsPlatformGateway,
+)
+from devsecops_engine_tools.engine_utilities.github.models.GithubPredefinedVariables import (
+    BuildVariables,
+    SystemVariables,
+    ReleaseVariables,
+    AgentVariables
+)
+from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import (
+    GithubApi,
+)
+import os
+
+
+@dataclass
+class GithubActions(DevopsPlatformGateway):
+    OKGREEN = "\033[92m"
+    FAIL = "\033[91m"
+    ENDC = "\033[0m"
+    ICON_FAIL = "\u2718"
+    ICON_SUCCESS = "\u2714"
+
+    def get_remote_config(self, repository, path):
+
+        github_repository = SystemVariables.github_repository.value()
+        split = github_repository.split("/")
+        owner = split[0]
+
+        utils_github = GithubApi(
+            personal_access_token=SystemVariables.github_access_token.value()
+        )
+
+        git_client = utils_github.get_github_connection()
+        json_config = utils_github.get_remote_json_config(git_client, owner, repository, path)
+
+        return json_config
+
+    def message(self, type, message):
+        formats = {
+            "succeeded": f"::group::{message}",
+            "info": f"::notice::{message}",
+            "warning": f"::warning::{message}",
+            "error": f"::error::{message}"
+        }
+        return formats.get(type, message)
+
+    def result_pipeline(self, type):
+        results = {
+            "failed": f"{self.FAIL}{self.ICON_FAIL}Failed{self.ENDC}",
+            "succeeded": f"{self.OKGREEN}{self.ICON_SUCCESS}Succeeded{self.ENDC}"
+        }
+        return results.get(type)
+
+    def get_source_code_management_uri(self):
+        return f"{SystemVariables.github_server_url}/{SystemVariables.github_repository}"
+
+    def get_base_compact_remote_config_url(self, remote_config_repo):
+        github_repository = SystemVariables.github_repository.value()
+        split = github_repository.split("/")
+        owner = split[0]
+        return f"{SystemVariables.github_server_url}/{owner}/{remote_config_repo}"
+
+    def get_variable(self, variable):
+        variable_map = {
+            "branch_name": BuildVariables.github_ref,
+            "build_id": BuildVariables.github_run_number,
+            "build_execution_id": BuildVariables.github_run_id,
+            "commit_hash": BuildVariables.github_sha,
+            "environment": ReleaseVariables.github_env,
+            "release_id": ReleaseVariables.github_run_number,
+            "branch_tag": BuildVariables.github_ref,
+            "access_token": SystemVariables.github_access_token,
+            "organization": f"{SystemVariables.github_server_url}/{SystemVariables.github_repository}",
+            "project_name": SystemVariables.github_repository,
+            "repository": BuildVariables.github_repository,
+            "pipeline_name": (
+                BuildVariables.github_workflow
+                if SystemVariables.build.value() == "build"
+                else ReleaseVariables.github_workflow
+            ),
+            "stage": SystemVariables.build,
+            "path_directory": SystemVariables.github_workspace,
+            "os": AgentVariables.runner_os,
+            "work_folder": AgentVariables.github_workspace,
+            "temp_directory": AgentVariables.runner_tool_cache,
+            "agent_directory": AgentVariables.runner_workspace,
+            "target_branch": SystemVariables.github_event_base_ref,
+            "source_branch": SystemVariables.github_ref,
+            "repository_provider": BuildVariables.GitHub,
+        }
+        try:
+            return variable_map.get(variable).value()
+        except ValueError:
+            return None

devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py

@@ -1,7 +1,6 @@
 from dataclasses import dataclass
 import os
 import subprocess
-import git
 from urllib.parse import quote
 from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway import GitGateway
 
@@ -44,15 +43,16 @@ class GitRun(GitGateway):
             os.chdir(sys_working_dir)
             subprocess.run(["git", "clone", url_with_token, path_new_folder], capture_output=True, text=True)
             os.chdir(path_new_folder)
-            
-            repository = git.Repo(path_new_folder)
-
+ 
             source_branch = source_branch.replace("refs/heads/", "")
-            subprocess.run(["git", "checkout", f"origin/{source_branch}"], capture_output=True, text=True)
+            subprocess.run(["git", "checkout", "-b", source_branch], capture_output=True, text=True)
+            command = ["git","-c","user.email=you@example.com","-c","user.name=Your Name","pull","--rebase","-X", "theirs","--no-edit","origin",source_branch]
+            subprocess.run(command, capture_output=True, text=True)
+
             if source_branch != None:
-                diff = repository.git.diff(f"origin/{source_branch}..origin/{target_branch}", name_only=True)
+                diff = subprocess.run(['git', 'diff', '--name-only', f'{source_branch}..{target_branch}'], capture_output=True, text=True)
                 if diff:
-                    diff_files = diff.strip().split("\n")
+                    diff_files = diff.stdout.strip().split("\n")
                 print("Pull Requests Associated Files:",len(diff_files))
                 return diff_files
         except Exception as e:

devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py

@@ -1,13 +1,16 @@
 import requests
 import zipfile
+import json
+from github import Github
+from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError
 
 
 class GithubApi:
     def __init__(
-        self,
-        token: str = ""
+            self,
+            personal_access_token: str = ""
     ):
-        self.token = token
+        self.__personal_access_token = personal_access_token
 
     def unzip_file(self, zip_file_path, extract_path):
         with zipfile.ZipFile(zip_file_path, "r") as zip_ref:
@@ -18,7 +21,7 @@ class GithubApi:
     ):
         url = f"https://api.github.com/repos/{owner}/{repository}/releases/latest"
 
-        headers = {"Authorization": f"token {self.token}"}
+        headers = {"Authorization": f"token {self.__personal_access_token}"}
 
         response = requests.get(url, headers=headers)
 
@@ -47,3 +50,19 @@ class GithubApi:
             print(
                 f"Error getting the assets of the last release. Status code: {response.status_code}"
             )
+
+    def get_github_connection(self):
+        git_client = Github(self.__personal_access_token)
+
+        return git_client
+
+    def get_remote_json_config(self, git_client: Github, owner, repository, path):
+        try:
+            repo = git_client.get_repo(f"{owner}/{repository}")
+            file_content = repo.get_contents(path)
+            data = file_content.decoded_content.decode()
+            content_json = json.loads(data)
+
+            return content_json
+        except Exception as e:
+            raise ApiError("Error getting remote github configuration file: " + str(e))

devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py

@@ -0,0 +1,56 @@
+import os
+from enum import Enum
+from devsecops_engine_tools.engine_utilities.input_validations.env_utils import EnvVariables
+
+
+class EnvVariables:
+    @staticmethod
+    def get_value(env_name):
+        env_var = os.environ.get(env_name)
+        if env_var is None:
+            raise ValueError(f"La variable de entorno {env_name} no está definida")
+        return env_var
+
+
+class BaseEnum(Enum):
+    @property
+    def env_name(self):
+        return self._value_.replace(".", "_").upper()
+
+    def value(self):
+        return EnvVariables.get_value(self.env_name)
+
+
+class SystemVariables(BaseEnum):
+    github_access_token = "github.access.token"
+    github_workspace = "github.workspace"
+    build = "build"
+    github_server_url = "github.server.url"
+    github_repository = "github.repository"
+    github_event_number = "github.event.number"
+    github_event_base_ref = "github.event.base.ref"
+    github_ref = "github.ref"
+
+
+class BuildVariables(BaseEnum):
+    github_run_id = "github.run.id"
+    github_run_number = "github.run.number"
+    github_workflow = "github.workflow"
+    github_repository = "github.repository"
+    github_ref = "github.ref"
+    runner_temp = "runner.temp"
+    github_sha = "github.sha"
+    GitHub = "GitHub"
+
+
+class ReleaseVariables(BaseEnum):
+    github_workflow = "github.workflow"
+    github_env = "github.env"
+    github_run_number = "github.run.number"
+
+
+class AgentVariables(BaseEnum):
+    runner_workspace = "runner.workspace"
+    github_workspace = "github.workspace"
+    runner_os = "runner.os"
+    runner_tool_cache = "runner.tool.cache"

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.7.21'
+version = '1.7.23'

{devsecops_engine_tools-1.7.21.dist-info → devsecops_engine_tools-1.7.23.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.7.21
+Version: 1.7.23
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team
@@ -23,6 +23,7 @@ Requires-Dist: python-decouple ==3.8
 Requires-Dist: requests-toolbelt ==1.0.0
 Requires-Dist: python-dateutil ==2.8.2
 Requires-Dist: pexpect ==4.9.0
+Requires-Dist: PyGithub ==2.3.0
 
 # DevSecOps Engine Tools
 
@@ -63,7 +64,7 @@ pip3 install devsecops-engine-tools
 ### Scan running - flags (CLI)
 
 ```bash
-devsecops-engine-tools --platform_devops ["local","azure"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container"] --folder_path ["Folder path scan engine_iac"] --platform ["eks","openshift"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] 
+devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container"] --folder_path ["Folder path scan engine_iac"] --platform ["eks","openshift"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] 
 ```
 
 ### Structure Remote Config

{devsecops_engine_tools-1.7.21.dist-info → devsecops_engine_tools-1.7.23.dist-info}/RECORD

@@ -1,9 +1,9 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=OswmJbbdP6j-8j-P6qOqozXr7DTBdHZC5V7RnSqE-YQ,19
+devsecops_engine_tools/version.py,sha256=QMGesPOoNc-S-Q4OAGkG93FJLERtxasiwcJiAGieylA,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=CbLdGjyZkgpSYPe-7Q3Xus83BHq5wWwwMaFB29VaILA,5748
+devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=4eJwsuSRAD3psUBvWZVWu9XR9rwvagFs6FqnKFz0eEU,5965
 devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -37,6 +37,8 @@ devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/__in
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py,sha256=Ot1j5my-iEpU-ZYy9yNXkwmwLOmJ3f95JyyAUcpFN5g,4967
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=qOqipt7P6THEjoaBwpIPO8OEN9OKpW6u_X_c4DeGhx8,10903
+devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=PsDCUfVHgUJL9AKwB2FyQ6VdUtgawyYTtvRcSscX_9A,3723
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py,sha256=Tz056qYuIKrdYGKyoPo7xFdOpfN3A0YMd3cCSAGVrYQ,3828
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -118,7 +120,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_c
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py,sha256=xKIUAnNK4u0pTHgo5tFrzmnquBegBQgN2-3jU6V6vxQ,2642
+devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py,sha256=ImINYwL3OSj5wMsEik3zDM6b_J7ma_lBD3lRAQqv6zw,2826
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=HZcNUa9VvK1InsDY94HiuDQuEH_R6pJIeAN3Zwi8CBA,1825
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=cvCSKTDN-4oL9H5EZF_-WrP5bNamFt0WfeCwaMO_Nfo,5345
@@ -226,7 +228,8 @@ devsecops_engine_tools/engine_utilities/defect_dojo/infraestructure/driver_adapt
 devsecops_engine_tools/engine_utilities/defect_dojo/infraestructure/repository/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/github/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py,sha256=sb9qQNoag87eCrCdXTht2b4TDV9oF-3faOS4TDtDYjU,1657
+devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py,sha256=AURk8GGAkNuHCqTEsiS6UxClL_YYJoqtBrWGBSYgWO4,2436
+devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py,sha256=uPoiBRo0tlxQ69cqob40hmIdNk1BSbKqF1hpjsvhXdQ,1579
 devsecops_engine_tools/engine_utilities/github/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/input_validations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/input_validations/env_utils.py,sha256=nHp9YIuG1k-IvxssQslrE9ny62juJMovmBTzcM7PPk0,258
@@ -241,8 +244,8 @@ devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9Mku
 devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=GAslbWaBpwP3mP6fBsgVl07TTBgcCggQTy8h2M9ibeo,612
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
-devsecops_engine_tools-1.7.21.dist-info/METADATA,sha256=OFB3Zu1FeDt3y40b88HAY4wCs5isbf8WKfYsBV8QWs8,4840
-devsecops_engine_tools-1.7.21.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-devsecops_engine_tools-1.7.21.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
-devsecops_engine_tools-1.7.21.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.7.21.dist-info/RECORD,,
+devsecops_engine_tools-1.7.23.dist-info/METADATA,sha256=SLAil6N__fvnC22sThN1En0EV8CWQYKvjSegSJ9YLJM,4881
+devsecops_engine_tools-1.7.23.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+devsecops_engine_tools-1.7.23.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
+devsecops_engine_tools-1.7.23.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.7.23.dist-info/RECORD,,