resqui 0.2.0__py3-none-any.whl

resqui/api.py

@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+
+import http.client
+import os
+from resqui.version import version
+
+
+class APIClient:
+    endpoint_url = "api.dashverse.cloud"
+
+    def __init__(self, bearer_token=None):
+        if bearer_token is None:
+            bearer_token = os.environ.get("DASHVERSE_TOKEN")
+        if bearer_token is None or bearer_token == "":
+            raise ValueError("Missing authentication token")
+        self.headers = {
+            "accept": "application/json",
+            "Authorization": f"Bearer {bearer_token}",
+            "Content-Type": "application/json",
+            # TODO: turn this into minimal in production
+            "Prefer": "return=representation",
+            "User-Agent": f"resqui/{version}",
+        }
+
+    def post(self, payload):
+        conn = http.client.HTTPSConnection(self.endpoint_url)
+        conn.request("POST", "/assessment", payload, self.headers)
+        res = conn.getresponse()
+        status = res.status
+        reason = res.reason
+        data = res.read().decode("utf-8")
+        if not (200 <= status < 300):
+            raise RuntimeError(f"Request failed with {status} {reason}: {data}")

resqui/cli.py

@@ -0,0 +1,261 @@
+"""
+Usage:
+    resqui [options]
+    resqui indicators
+
+Options:
+    -u <repository_url>   URL of the repository to be analyzed.
+    -c <config_file>      Path to the configuration file.
+    -o <output_file>      Path to the output file [default: resqui_summary.json].
+    -t <github_token>     GitHub API token.
+    -d <dashverse_token>  DashVerse API token.
+    -b <branch>           The Git branch to be checked.
+    -v                    Verbose output.
+    --version             Show the version of the script.
+    --help                Show this help message.
+"""
+
+import itertools
+import time
+import threading
+import importlib
+import os
+import shutil
+import subprocess
+import sys
+import tempfile
+
+from resqui.core import Context, Summary
+from resqui.config import Configuration
+from resqui.tools import indented, to_https, project_name_from_url, ensure_list
+from resqui.plugins import IndicatorPlugin, PluginInitError
+from resqui.executors import ExecutorInitError
+from resqui.docopt import docopt
+from resqui.version import __version__
+
+
+class Spinner:
+    """
+    A simple spinner class to indicate progress in the console.
+    Use it as a context manager.
+    """
+
+    def __init__(self, print_time=True):
+        self.spinning = False
+        self.spinner_thread = None
+        self.start_time = time.time()
+        self.print_time = print_time
+
+    def start(self):
+        self.spinning = True
+        self.spinner_thread = threading.Thread(target=self._spinner)
+        self.spinner_thread.start()
+
+    def stop(self):
+        self.spinning = False
+        elapsed_time = time.time() - self.start_time
+        if self.spinner_thread:
+            self.spinner_thread.join()
+        if self.print_time:
+            print(f"({elapsed_time:.1f}s)", end=": ")
+
+    def _spinner(self):
+        for char in itertools.cycle("|/-\\"):
+            sys.stdout.write(char)
+            sys.stdout.flush()
+            time.sleep(0.1)
+            sys.stdout.write("\b")
+            if not self.spinning:
+                break
+
+    def __enter__(self):
+        if not sys.stdout.isatty():
+            return self
+        self.start()
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        self.stop()
+
+
+class GitInspector:
+    def __init__(self, path="."):
+        self.path = os.path.abspath(path)
+
+    def git(self, *args):
+        return subprocess.check_output(
+            ["git", "-C", self.path] + list(args), text=True
+        ).strip()
+
+    @property
+    def version(self):
+        return self.git("describe", "--tags", "--always")
+
+    @property
+    def project_name_from_url(self):
+        return project_name_from_url(self.remote_url)
+
+    @property
+    def current_commit_hash(self):
+        return self.git("rev-parse", "HEAD")
+
+    @property
+    def author(self):
+        return self.git("show", "-s", "--pretty=format:%an", "HEAD")
+
+    @property
+    def email(self):
+        return self.git("show", "-s", "--pretty=format:%ae", "HEAD")
+
+    @property
+    def remote_url(self):
+        return self.git("config", "--get", "remote.origin.url")
+
+    @property
+    def remote_https_url(self):
+        return to_https(self.remote_url)
+
+    @property
+    def is_a_git_repository(self):
+        return os.path.isdir(os.path.join(self.path, ".git"))
+
+
+def resqui():
+    args = docopt(__doc__, version=__version__)
+
+    if args["indicators"]:
+        print_indicator_plugins()
+        exit(0)
+
+    configuration = Configuration(args["-c"])
+    output_file = args["-o"]
+    url = args["-u"]
+    branch = args["-b"]
+    github_token = args["-t"]
+    dashverse_token = args["-d"]
+    verbose = args["-v"]
+
+    temp_dir = None
+    if url is None:
+        gitinspector = GitInspector()
+        if not gitinspector.is_a_git_repository:
+            print(
+                "Error: Not a Git repository. Either run resqui from within a repository or specify one with -u <url>"
+            )
+            exit(1)
+    else:
+        temp_dir = tempfile.mkdtemp()
+        try:
+            subprocess.run(
+                ["git", "clone", url, temp_dir],
+                check=True,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL,
+            )
+        except subprocess.CalledProcessError as e:
+            print(f"Error cloning {url}: {e}")
+            raise
+        gitinspector = GitInspector(temp_dir)
+
+    url = gitinspector.remote_https_url
+    project_name = gitinspector.project_name_from_url
+    author = gitinspector.author
+    email = gitinspector.email
+    software_version = gitinspector.version
+
+    branch_hash_or_tag = gitinspector.current_commit_hash if branch is None else branch
+
+    if temp_dir is not None:
+        shutil.rmtree(temp_dir)
+
+    if github_token is not None:
+        print("GitHub API token \033[92m✔\033[0m")
+    else:
+        print("GitHub API token \033[91m✖\033[0m")
+
+    context = Context(github_token=github_token, dashverse_token=dashverse_token)
+
+    print(f"Repository URL: {url}")
+    print(f"Project name: {project_name}")
+    print(f"Author: {author}")
+    print(f"Email: {email}")
+    print(f"Version: {software_version}")
+    print(f"Branch, tag or commit hash: {branch_hash_or_tag}")
+    print("Checking indicators ...")
+
+    summary = Summary(
+        author, email, project_name, url, software_version, branch_hash_or_tag
+    )
+    plugin_instances = {}
+    for indicator in configuration._cfg["indicators"]:
+        print(
+            f"  {indicator['name']}/{indicator['plugin']}",
+            end=" ",
+        )
+        sys.stdout.flush()
+
+        base_package = __name__.rsplit(".", 1)[0]
+        plugin_class_name = indicator["plugin"]
+
+        if plugin_class_name not in plugin_instances:
+            plugin_module = importlib.import_module(base_package + ".plugins")
+            plugin_class = getattr(plugin_module, plugin_class_name)
+            with Spinner(print_time=False):
+                try:
+                    plugin_instances[plugin_class_name] = plugin_class(context)
+                except (ExecutorInitError, PluginInitError) as e:
+                    print(f"⚠️  {e} (skipping its indicators)")
+                    continue
+
+        plugin_instance = plugin_instances[plugin_class_name]
+        plugin_method = indicator["name"]
+
+        with Spinner():
+            results = getattr(plugin_instance, plugin_method)(url, branch_hash_or_tag)
+
+        for result in ensure_list(results):
+            status = "\033[92m✔\033[0m" if result else "\033[91m✖\033[0m"
+            if verbose:
+                print(indented("\n" + result.evidence + status, 4), end="")
+            else:
+                print(status, end=" ")
+
+            summary.add_indicator_result(indicator, plugin_class, result)
+        print()
+
+    summary.write(output_file)
+    print(f"Summary has been written to {output_file}")
+
+    print("Publishing summary ", end="")
+    sys.stdout.flush()
+    try:
+        summary.upload(context.dashverse_token)
+    except (RuntimeError, ValueError) as e:
+        print(f"\033[91m✖\033[0m {e}")
+    else:
+        print("\033[92m✔\033[0m")
+
+
+def print_indicator_plugins():
+    """
+    Prints a list of available indicator plugins.
+    """
+
+    def subclasses(cls):
+        return set(cls.__subclasses__()).union(
+            s for c in cls.__subclasses__() for s in subclasses(c)
+        )
+
+    for cls in sorted(subclasses(IndicatorPlugin), key=lambda c: c.__name__):
+        print(f"Class: {cls.__name__}")
+        for attr in ["name", "version", "id"]:
+            value = getattr(cls, attr, None)
+            print(f"  {attr.capitalize()}: {value}")
+        indicators = getattr(cls, "indicators", [])
+        print("  Indicators:")
+        if indicators:
+            for ind in indicators:
+                print(f"    - {ind}")
+        else:
+            print("    (none)")
+        print()

resqui/config.py

@@ -0,0 +1,43 @@
+import json
+
+DEFAULT_CONFIG = {
+    "indicators": [
+        {
+            "name": "has_license",
+            "plugin": "HowFairIs",
+            "@id": "https://w3id.org/everse/i/indicators/license",
+        },
+        {
+            "name": "has_citation",
+            "plugin": "CFFConvert",
+            "@id": "https://w3id.org/everse/i/indicators/citation",
+        },
+        {"name": "has_ci_tests", "plugin": "OpenSSFScorecard", "@id": "missing"},
+        {
+            "name": "human_code_review_requirement",
+            "plugin": "OpenSSFScorecard",
+            "@id": "missing",
+        },
+        {
+            "name": "has_published_package",
+            "plugin": "OpenSSFScorecard",
+            "@id": "missing",
+        },
+        {"name": "has_no_security_leak", "plugin": "Gitleaks", "@id": "missing"},
+    ]
+}
+
+
+class Configuration:
+    """
+    A basic wrapper for the configuration.
+    """
+
+    def __init__(self, filepath=None):
+        if filepath is None:
+            print("Loading default configuration.")
+            self._cfg = DEFAULT_CONFIG
+        else:
+            print(f"Loading configuration from '{filepath}'.")
+            with open(filepath) as f:
+                self._cfg = json.load(f)

resqui/core.py

@@ -0,0 +1,98 @@
+#!/usr/bin/env python3
+from datetime import datetime
+from dataclasses import dataclass
+from typing import Optional
+import json
+
+from resqui.api import APIClient
+
+
+@dataclass(frozen=True)
+class Context:
+    """A basic context to hold"""
+
+    github_token: Optional[str] = None
+    dashverse_token: Optional[str] = None
+
+
+@dataclass
+class CheckResult:
+    """
+    Datatype for indicator check results.
+    """
+
+    process: str = "Undefined process"
+    status_id: str = "missing"
+    output: str = "missing"
+    evidence: str = "missing"
+    success: bool = False
+
+    def __bool__(self):
+        return self.success
+
+
+class Summary:
+    """
+    Summary of the software quality assessment.
+    """
+
+    def __init__(
+        self,
+        author,
+        email,
+        project_name,
+        repo_url,
+        software_version,
+        branch_hash_or_tag,
+    ):
+        self.author = author
+        self.email = email
+        self.project_name = project_name
+        self.repo_url = repo_url
+        self.software_version = software_version
+        self.branch_hash_or_tag = branch_hash_or_tag
+        self.checks = []
+
+    def add_indicator_result(self, indicator, checking_software, result):
+        self.checks.append(
+            {
+                "@type": "CheckResult",
+                "assessesIndicator": {"@id": indicator["@id"]},
+                "checkingSoftware": {
+                    "name": checking_software.name,
+                    "version": checking_software.version,
+                },
+                "process": result.process,
+                "status": {"@id": result.status_id},
+                "output": result.output,
+                "evidence": result.evidence,
+            }
+        )
+
+    def to_json(self):
+        return json.dumps(
+            {
+                "@context": "https://w3id.org/everse/rsqa/0.0.1/",
+                "@type": "SoftwareQualityAssessment",
+                "dateCreated": str(datetime.now()),
+                "license": "CC0-1.0",
+                "author": {"@type": "Person", "name": "Quality Pipeline"},
+                "assessedSoftware": {
+                    "@type": "SoftwareApplication",
+                    "name": self.project_name,
+                    "softwareVersion": self.software_version,
+                    "url": self.repo_url,
+                },
+                "checks": self.checks,
+            },
+            sort_keys=True,
+            indent=4,
+        )
+
+    def write(self, filename):
+        with open(filename, "w") as f:
+            f.write(self.to_json())
+
+    def upload(self, dashverse_token=None):
+        api = APIClient(dashverse_token)
+        api.post(self.to_json())