suite-py 1.42.2__py3-none-any.whl → 1.43.0__py3-none-any.whl

suite_py/__version__.py

@@ -1,2 +1,2 @@
 # -*- encoding: utf-8 -*-
-__version__ = "1.42.2"
+__version__ = "1.43.0"

suite_py/cli.py

@@ -49,6 +49,7 @@ from suite_py.lib.handler import git_handler as git
 from suite_py.lib.handler import prompt_utils
 from suite_py.lib.handler.captainhook_handler import CaptainHook
 from suite_py.lib.handler.okta_handler import Okta
+from suite_py.lib.handler.pre_commit_handler import PreCommit
 from suite_py.lib.tokens import Tokens
 
 # pylint: enable=wrong-import-position
@@ -195,6 +196,9 @@ def main(ctx, project, timeout, verbose):
         or ctx.invoked_subcommand not in ALLOW_NO_HOME_SUBCOMMAND
     ):
         os.chdir(os.path.join(config.user["projects_home"], ctx.obj.project))
+    # Warn on missing pre_commit hook
+    if ctx.invoked_subcommand not in ALLOW_NO_GIT_SUBCOMMAND:
+        ctx.obj.call(PreCommit).check_and_warn()
 
 
 @main.result_callback()

suite_py/lib/handler/captainhook_handler.py

@@ -1,9 +1,9 @@
 # -*- encoding: utf-8 -*-
 import requests
 
+from suite_py.__version__ import __version__
 from suite_py.lib.handler.github_handler import GithubHandler
 from suite_py.lib.handler.okta_handler import Okta
-from suite_py.__version__ import __version__
 
 
 class UnauthorizedError(Exception):

suite_py/lib/handler/git_handler.py

@@ -269,6 +269,45 @@ class GitHandler:
             logger.error(f"Error during git reset on {self._repo}: {e}")
             sys.exit(-1)
 
+    def get_git_config(self, option):
+        """
+        Get git config value.
+        Git configs are very versitile and allow arbitrary string KV pairs to be stored,
+        support per-repo, or more complex conditional and global configurations,
+        making it the perfect place for us to store a lot of our configs.
+        """
+        proc = subprocess.run(
+            ["git", "config", "get", option],
+            cwd=self._path,
+            check=False,
+            capture_output=True,
+        )
+        if proc.returncode == 0:
+            return proc.stdout.decode().strip()
+        return None
+
+    def hooks_path(self):
+        """
+        Get path to git-hooks
+        See: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks for more details
+        """
+        try:
+            proc = subprocess.run(
+                ["git", "rev-parse", "--git-path", "hooks"],
+                cwd=self._path,
+                check=True,
+                capture_output=True,
+            )
+            hooks = proc.stdout.decode().strip()
+
+            # Return absolute path to the hooks dir,
+            # since we overwrite the subprocesses cwd.
+            abs_path = os.path.join(self._path, hooks)
+            return abs_path
+        except CalledProcessError as e:
+            logger.error(f"Error getting hooks path {self._repo}: {e}")
+            sys.exit(-1)
+
 
 def get_root_folder(directory):
     return (

suite_py/lib/handler/pre_commit_handler.py

@@ -0,0 +1,95 @@
+import os
+import yaml
+
+from suite_py.lib import logger
+from suite_py.lib.config import Config
+from suite_py.lib.handler.git_handler import GitHandler
+
+
+class PreCommit:
+    """
+    Handler checking whether the user has the prima pre-commit hooks setup and print a warning if they are missing
+    """
+
+    def __init__(self, project: str, config: Config):
+        self._git = GitHandler(project, config)
+
+    def check_and_warn(self):
+        if self.is_enabled() and not self.is_pre_commit_hooks_installed():
+            self.warn_missing_pre_commit_hook()
+
+    def is_pre_commit_hooks_installed(self):
+        """
+        Apply some heuteristics to check whether the gitleaks pre-commit hook is installed.
+        This is extremely imperfect, and only supports direct calls in shell scripts.
+        More hooks, like husky should be added later
+        """
+        return self.is_vanilla_hook_setup() or self.is_pre_commit_py_hook_setup()
+
+    def warn_missing_pre_commit_hook(self):
+        logger.warning(
+            """
+Looks like the current repo is missing the gitleaks pre-commit hook!
+Please install it per the security guide:
+https://www.notion.so/helloprima/Install-Gitleaks-pre-commit-hook-aaaa6beafafa4c298b537afcb52bb25a
+
+If you have installed them already you can report the false positive to team-platform-shared-services (on Slack) and run:
+    git config suite-py.disable-pre-commit-warning true
+to disable the check for this repo, or
+    git config --global suite-py.disable-pre-commit-warning true
+to disable it globally
+        """
+        )
+
+    def is_vanilla_hook_setup(self):
+        """
+        Check whether the gitleaks hook is setup as a regular bash script
+        """
+        pre_commit_file = self.read_pre_commit_hook()
+
+        # Assume everything is a shell script.
+        # Technically you could use a binary, or even python code,
+        # But those are out of scope for us, and the user should just disable the warning themselves
+        lines = pre_commit_file.splitlines()
+
+        # Filter out lines that start with '#' since those are probably just comments.
+        without_comments = filter(lambda l: not l.strip().startswith("#"), lines)
+
+        return any("gitleaks" in line for line in without_comments)
+
+    def is_pre_commit_py_hook_setup(self):
+        """
+        Check whether the gitleaks hook is setup with the pre-commit python framework
+        """
+        # If the framework is not setup skip
+        if "pre-commit" not in self.read_pre_commit_hook():
+            logger.debug("pre-commit.com not installed, skipping config check")
+            return False
+
+        config_path = os.path.join(self._git.get_path(), ".pre-commit-config.yaml")
+        try:
+            with open(config_path, encoding="utf-8") as f:
+                config = yaml.safe_load(f)
+        except FileNotFoundError:
+            logger.debug("pre-commit config file(%s) not found", config_path)
+            return False
+        except yaml.YAMLError:
+            logger.warning(".pre-commit-config.yaml file is invalid!", exc_info=True)
+            return False
+
+        return any(
+            repo.get("repo", "") == "git@github.com:primait/security-hooks.git"
+            for repo in config.get("repos", [])
+        )
+
+    def read_pre_commit_hook(self):
+        pre_commit_file_path = os.path.join(self._git.hooks_path(), "pre-commit")
+        logger.debug("Reading pre-commit script from %s", pre_commit_file_path)
+        try:
+            with open(pre_commit_file_path, encoding="utf-8") as f:
+                return f.read()
+        except FileNotFoundError:
+            return ""
+
+    def is_enabled(self):
+        return self._git.get_git_config("suite-py.disable-pre-commit-warning") != "true"

suite_py/lib/metrics.py

@@ -1,7 +1,7 @@
 # -*- encoding: utf-8 -*-
 import functools
-from suite_py.lib.config import Config
 
+from suite_py.lib.config import Config
 from suite_py.lib.handler.captainhook_handler import CaptainHook
 from suite_py.lib.handler.metrics_handler import Metrics
 

{suite_py-1.42.2.dist-info → suite_py-1.43.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: suite-py
-Version: 1.42.2
+Version: 1.43.0
 Summary: 
 Author: larrywax, EugenioLaghi, michelangelomo
 Author-email: devops@prima.it
@@ -39,4 +39,4 @@ Requires-Dist: requests-toolbelt (>=0.9.1)
 Requires-Dist: rich (==13.9.2)
 Requires-Dist: semver (>=2.13.0,<3.0.0)
 Requires-Dist: termcolor (>=1.1.0)
-Requires-Dist: truststore (>=0.7,<0.10) ; python_version >= "3.10"
+Requires-Dist: truststore (>=0.7,<0.11) ; python_version >= "3.10"

{suite_py-1.42.2.dist-info → suite_py-1.43.0.dist-info}/RECORD

@@ -1,6 +1,6 @@
 suite_py/__init__.py,sha256=REmi3D0X2G1ZWnYpKs8Ffm3NIj-Hw6dMuvz2b9NW344,142
-suite_py/__version__.py,sha256=epapGv8LINFClZsTAecNa7bKBm9IBjycsyHCcdVZdlc,49
-suite_py/cli.py,sha256=iJDqnKEPuvbX7OBawtkW38T_37xLFktohFz1YBjPUbs,10047
+suite_py/__version__.py,sha256=ieZXcKFUSr3HB9yG_7H6w0LtkWcCWwTjzJFoXitR7tQ,49
+suite_py/cli.py,sha256=sgJAT5ofSw4dCSVPtiatWaPrrMJdLSstsDiVcyl2IAE,10258
 suite_py/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 suite_py/commands/ask_review.py,sha256=yN__Ac-fiZBPShjRDhyCCQZGfVlQE16KozoJk4UtiNw,3788
 suite_py/commands/bump.py,sha256=oFZU1hPfD11ujFC5G7wFyQOf2alY3xp2SO1h1ldjf3s,5406
@@ -19,18 +19,19 @@ suite_py/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 suite_py/lib/config.py,sha256=52YV0K0GK1WRbeM70IDXkpG8oZD1Zvxipn1b-XekwNA,3907
 suite_py/lib/handler/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 suite_py/lib/handler/aws_handler.py,sha256=dRvRDicikfRbuFtCLPbevaX-yC-fO4LwXFdyqLPJ8OI,8815
-suite_py/lib/handler/captainhook_handler.py,sha256=sp1dxZXO1QJaq304JhtkTrQjn8Z4971e2uFTM7Dh5wg,2983
+suite_py/lib/handler/captainhook_handler.py,sha256=R30_Vvh2ck7fM5fwbpm3UV_FtlQr2xnx6RJpkG1Gn14,2983
 suite_py/lib/handler/changelog_handler.py,sha256=-ppnRl3smBA_ys8tPqXmytS4eyntlwfawC2fiXFcwlw,4818
 suite_py/lib/handler/frequent_reviewers_handler.py,sha256=EIJX5FEMWzrxuXS9A17hu1vfxgJSOHSBX_ahCEZ2FVA,2185
-suite_py/lib/handler/git_handler.py,sha256=boxhl9lQz6fjEJ10ib1KrDW-geCVjhA_6nKwv2ll01g,11333
+suite_py/lib/handler/git_handler.py,sha256=Y2hKR5sUKBhfRfQrMNjyCScJpdyPJ7XWK9f3ykx7Lf0,12710
 suite_py/lib/handler/github_handler.py,sha256=AnFL54yOZ5GDIU91wQat4s-d1WTcmg_B_5M7-Rop3wA,2900
 suite_py/lib/handler/metrics_handler.py,sha256=-Tp62pFIiYsBkDga0nQG3lWU-gxH68wEjIIIJeU1jHk,3159
 suite_py/lib/handler/okta_handler.py,sha256=UiRcBDmFkMFi9H7Me1QaruC8yPI5fFbnLGzOf3kfxG0,2805
+suite_py/lib/handler/pre_commit_handler.py,sha256=2-G67eS5LNYUK3P9JLJmhz_UbMIQr7RffsIaVZ34vy4,3739
 suite_py/lib/handler/prompt_utils.py,sha256=vgk1O7h-iYEAZv1sXtMh8xIgH1djI398rzxRIgZWZcg,2474
 suite_py/lib/handler/version_handler.py,sha256=DXTx4yCAbFVC6CdMqPJ-LiN5YM-dT2zklG8POyKTP5A,6774
 suite_py/lib/handler/youtrack_handler.py,sha256=eTGBBXjlN_ay1cawtnZ2IG6l78dDyKdMN1x6PxcvtA0,7499
 suite_py/lib/logger.py,sha256=q_qRtpg0Eh7r5tB-Rwz87dnWBwP-a2dIvggkiQikH8M,782
-suite_py/lib/metrics.py,sha256=CqAIwPIRm0AJR4qmCTj1rw-NCwdSL4Huj2eKhLxgLgU,1629
+suite_py/lib/metrics.py,sha256=urTBVzIc1Ys6OHPOO32fLPPRcQU45tzM3XMJ7mUl5dc,1629
 suite_py/lib/oauth.py,sha256=DhXimUu7MDscQsMyt3L04_kw0ZmuqmhYG6KZTPlKqNQ,5083
 suite_py/lib/requests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 suite_py/lib/requests/auth.py,sha256=wN_WtGFmDUWRFilWzOmUaRBvP2n3EPpPMqex9Zjddko,228
@@ -38,7 +39,7 @@ suite_py/lib/requests/session.py,sha256=P32H3cWnCWunu91WIj2iDM5U3HzaBglg60VN_C9J
 suite_py/lib/symbol.py,sha256=z3QYBuNIwD3qQ3zF-cLOomIr_-C3bO_u5UIDAHMiyTo,60
 suite_py/lib/tokens.py,sha256=4DbsHDFLIxs40t3mRw_ZyhmejZQ0Bht7iAL8dTCTQd4,5458
 suite_py/templates/login.html,sha256=fJLls2SB84oZTSrxTdA5q1PqfvIHcCD4fhVWfyco7Ig,861
-suite_py-1.42.2.dist-info/METADATA,sha256=2DH1B8DsS5SlkRpahd3ZQfGa6YLwBfP6U1PmnTxZih0,1533
-suite_py-1.42.2.dist-info/WHEEL,sha256=FMvqSimYX_P7y0a7UY-_Mc83r5zkBZsCYPm7Lr0Bsq4,88
-suite_py-1.42.2.dist-info/entry_points.txt,sha256=dVKLC-9Infy-dHJT_MkK6LcDjOgBCJ8lfPkURJhBjxE,46
-suite_py-1.42.2.dist-info/RECORD,,
+suite_py-1.43.0.dist-info/METADATA,sha256=F4M9UIEhOXN7cbAYMSYRI3lV5bVA3GWKtTEghpHQwg4,1533
+suite_py-1.43.0.dist-info/WHEEL,sha256=FMvqSimYX_P7y0a7UY-_Mc83r5zkBZsCYPm7Lr0Bsq4,88
+suite_py-1.43.0.dist-info/entry_points.txt,sha256=dVKLC-9Infy-dHJT_MkK6LcDjOgBCJ8lfPkURJhBjxE,46
+suite_py-1.43.0.dist-info/RECORD,,