sap-jenkins-library/cmd/githubCheckBranchProtection.go

package cmd

import (
	"context"
	"fmt"
	"strings"

	"github.com/SAP/jenkins-library/pkg/log"
	"github.com/SAP/jenkins-library/pkg/telemetry"
	"github.com/google/go-github/v32/github"

	"github.com/pkg/errors"

	piperGithub "github.com/SAP/jenkins-library/pkg/github"
)

type gitHubBranchProtectionRepositoriesService interface {
	GetBranchProtection(ctx context.Context, owner, repo, branch string) (*github.Protection, *github.Response, error)
}

func githubCheckBranchProtection(config githubCheckBranchProtectionOptions, telemetryData *telemetry.CustomData) {
	//TODO provide parameter for trusted certs
	ctx, client, err := piperGithub.NewClient(config.Token, config.APIURL, "", []string{})
	if err != nil {
		log.Entry().WithError(err).Fatal("Failed to get GitHub client")
	}

	err = runGithubCheckBranchProtection(ctx, &config, telemetryData, client.Repositories)
	if err != nil {
		log.Entry().WithError(err).Fatal("GitHub branch protection check failed")
	}
}

func runGithubCheckBranchProtection(ctx context.Context, config *githubCheckBranchProtectionOptions, telemetryData *telemetry.CustomData, ghRepositoriesService gitHubBranchProtectionRepositoriesService) error {
	ghProtection, _, err := ghRepositoriesService.GetBranchProtection(ctx, config.Owner, config.Repository, config.Branch)
	if err != nil {
		return errors.Wrap(err, "failed to read branch protection information")
	}

	// validate required status checks
	for _, check := range config.RequiredChecks {
		var found bool
		foundContexts := []string{}
		if requiredStatusChecks := ghProtection.GetRequiredStatusChecks(); requiredStatusChecks != nil {
			foundContexts = requiredStatusChecks.Contexts
		}
		for _, context := range foundContexts {
			if check == context {
				found = true
			}
		}
		if !found {
			return fmt.Errorf("required status check '%v' not found among '%v' in branch protection configuration", check, strings.Join(foundContexts, ","))
		}
	}

	// validate that admins are enforced in checks
	if config.RequireEnforceAdmins && !ghProtection.GetEnforceAdmins().Enabled {
		return fmt.Errorf("admins are not enforced in branch protection configuration")
	}

	// validate number of mandatory reviewers
	if config.RequiredApprovingReviewCount > 0 && ghProtection.GetRequiredPullRequestReviews().RequiredApprovingReviewCount < config.RequiredApprovingReviewCount {
		return fmt.Errorf("not enough mandatory reviewers in branch protection configuration, expected at least %v, got %v", config.RequiredApprovingReviewCount, ghProtection.GetRequiredPullRequestReviews().RequiredApprovingReviewCount)
	}

	return nil
}
Add step for GitHub branch protection check (2) (#2016) * add step for GitHub branch protection check * add command to piper command * remove unnecessary parameter * Update resources/metadata/githubbranchprotection.yaml * add groovy part * update generation & go mod tidy * update groovy tests * fix bug with go-github version * Add step to check GitHub branch protection settings * include PR review feedabck Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> 2020-09-14 12:05:12 +02:00			`package cmd`

			`import (`
			`"context"`
			`"fmt"`
			`"strings"`

			`"github.com/SAP/jenkins-library/pkg/log"`
			`"github.com/SAP/jenkins-library/pkg/telemetry"`
			`"github.com/google/go-github/v32/github"`

			`"github.com/pkg/errors"`

			`piperGithub "github.com/SAP/jenkins-library/pkg/github"`
			`)`

Add step to set GitHub status (#2012) * add step for GitHub branch protection check * add command to piper command * remove unnecessary parameter * Update resources/metadata/githubbranchprotection.yaml * Add step to set GitHub status * add groovy part * update generation & go mod tidy * update groovy tests * update github api to fix bug * add comment * go mod tidy * update naming * update docs * update docs * Update resources/metadata/githubstatus.yaml Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> * Update resources/metadata/githubstatus.yaml Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> * Update resources/metadata/githubstatus.yaml Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> * update generated files * update GitHub step order * Update interface usage * do not export interfaces * go mod tidy Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> 2020-09-14 18:08:24 +02:00			`type gitHubBranchProtectionRepositoriesService interface {`
Add step for GitHub branch protection check (2) (#2016) * add step for GitHub branch protection check * add command to piper command * remove unnecessary parameter * Update resources/metadata/githubbranchprotection.yaml * add groovy part * update generation & go mod tidy * update groovy tests * fix bug with go-github version * Add step to check GitHub branch protection settings * include PR review feedabck Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> 2020-09-14 12:05:12 +02:00			`GetBranchProtection(ctx context.Context, owner, repo, branch string) (github.Protection, github.Response, error)`
			`}`

			`func githubCheckBranchProtection(config githubCheckBranchProtectionOptions, telemetryData *telemetry.CustomData) {`
feat(whitesourceExecuteScan): GitHub issue creation + SARIF (#3535) * Add GH issue creation + SARIF * Code cleanup * Fix fmt, add debug * Code enhancements * Fix * Added debug info * Rework UA log scan * Fix code * read UA version * Fix nil reference * Extraction * Credentials * Issue creation * Error handling * Fix issue creation * query escape * Query escape 2 * Revert * Test avoid update * HTTP client * Add support for custom TLS certs * Fix code * Fix code 2 * Fix code 3 * Disable cert check * Fix auth * Remove implicit trust * Skip verification * Fix * Fix client * Fix HTTP auth * Fix trusted certs * Trim version * Code * Add token * Added token handling to client * Fix token * Cleanup * Fix token * Token rework * Fix code * Kick out oauth client * Kick out oauth client * Transport wrapping * Token * Simplification * Refactor * Variation * Check * Fix * Debug * Switch client * Variation * Debug * Switch to cert check * Add debug * Parse self * Cleanup * Update resources/metadata/whitesourceExecuteScan.yaml * Add debug * Expose subjects * Patch * Debug * Debug2 * Debug3 * Fix logging response body * Cleanup * Cleanup * Fix request body logging * Cleanup import * Fix import cycle * Cleanup * Fix fmt * Fix NopCloser reference * Regenerate * Reintroduce * Fix test * Fix tests * Correction * Fix error * Code fix * Fix tests * Add tests * Fix code climate issues * Code climate * Code climate again * Code climate again * Fix fmt * Fix fmt 2 Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2022-02-23 10:30:19 +02:00			`//TODO provide parameter for trusted certs`
			`ctx, client, err := piperGithub.NewClient(config.Token, config.APIURL, "", []string{})`
Add step for GitHub branch protection check (2) (#2016) * add step for GitHub branch protection check * add command to piper command * remove unnecessary parameter * Update resources/metadata/githubbranchprotection.yaml * add groovy part * update generation & go mod tidy * update groovy tests * fix bug with go-github version * Add step to check GitHub branch protection settings * include PR review feedabck Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> 2020-09-14 12:05:12 +02:00			`if err != nil {`
			`log.Entry().WithError(err).Fatal("Failed to get GitHub client")`
			`}`

			`err = runGithubCheckBranchProtection(ctx, &config, telemetryData, client.Repositories)`
			`if err != nil {`
			`log.Entry().WithError(err).Fatal("GitHub branch protection check failed")`
			`}`
			`}`

Add step to set GitHub status (#2012) * add step for GitHub branch protection check * add command to piper command * remove unnecessary parameter * Update resources/metadata/githubbranchprotection.yaml * Add step to set GitHub status * add groovy part * update generation & go mod tidy * update groovy tests * update github api to fix bug * add comment * go mod tidy * update naming * update docs * update docs * Update resources/metadata/githubstatus.yaml Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> * Update resources/metadata/githubstatus.yaml Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> * Update resources/metadata/githubstatus.yaml Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> * update generated files * update GitHub step order * Update interface usage * do not export interfaces * go mod tidy Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> 2020-09-14 18:08:24 +02:00			`func runGithubCheckBranchProtection(ctx context.Context, config githubCheckBranchProtectionOptions, telemetryData telemetry.CustomData, ghRepositoriesService gitHubBranchProtectionRepositoriesService) error {`
Add step for GitHub branch protection check (2) (#2016) * add step for GitHub branch protection check * add command to piper command * remove unnecessary parameter * Update resources/metadata/githubbranchprotection.yaml * add groovy part * update generation & go mod tidy * update groovy tests * fix bug with go-github version * Add step to check GitHub branch protection settings * include PR review feedabck Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> 2020-09-14 12:05:12 +02:00			`ghProtection, _, err := ghRepositoriesService.GetBranchProtection(ctx, config.Owner, config.Repository, config.Branch)`
			`if err != nil {`
			`return errors.Wrap(err, "failed to read branch protection information")`
			`}`

			`// validate required status checks`
			`for _, check := range config.RequiredChecks {`
			`var found bool`
GitHub steps: convenience updates (#2026) * GitHub steps: convenience updates * update generated files * Update cmd/githubCheckBranchProtection.go Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com> * Update cmd/githubCheckBranchProtection.go Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com> * Update cmd/githubCheckBranchProtection.go Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com> 2020-09-15 17:50:55 +02:00			`foundContexts := []string{}`
			`if requiredStatusChecks := ghProtection.GetRequiredStatusChecks(); requiredStatusChecks != nil {`
			`foundContexts = requiredStatusChecks.Contexts`
			`}`
Add step for GitHub branch protection check (2) (#2016) * add step for GitHub branch protection check * add command to piper command * remove unnecessary parameter * Update resources/metadata/githubbranchprotection.yaml * add groovy part * update generation & go mod tidy * update groovy tests * fix bug with go-github version * Add step to check GitHub branch protection settings * include PR review feedabck Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> 2020-09-14 12:05:12 +02:00			`for _, context := range foundContexts {`
			`if check == context {`
			`found = true`
			`}`
			`}`
			`if !found {`
			`return fmt.Errorf("required status check '%v' not found among '%v' in branch protection configuration", check, strings.Join(foundContexts, ","))`
			`}`
			`}`

			`// validate that admins are enforced in checks`
			`if config.RequireEnforceAdmins && !ghProtection.GetEnforceAdmins().Enabled {`
			`return fmt.Errorf("admins are not enforced in branch protection configuration")`
			`}`

			`// validate number of mandatory reviewers`
			`if config.RequiredApprovingReviewCount > 0 && ghProtection.GetRequiredPullRequestReviews().RequiredApprovingReviewCount < config.RequiredApprovingReviewCount {`
			`return fmt.Errorf("not enough mandatory reviewers in branch protection configuration, expected at least %v, got %v", config.RequiredApprovingReviewCount, ghProtection.GetRequiredPullRequestReviews().RequiredApprovingReviewCount)`
			`}`

			`return nil`
			`}`