// Code generated by piper's step-generator. DO NOT EDIT. package cmd import ( "fmt" "os" "time" "github.com/SAP/jenkins-library/pkg/config" "github.com/SAP/jenkins-library/pkg/log" "github.com/SAP/jenkins-library/pkg/splunk" "github.com/SAP/jenkins-library/pkg/telemetry" "github.com/SAP/jenkins-library/pkg/validation" "github.com/spf13/cobra" ) type githubCheckBranchProtectionOptions struct { APIURL string `json:"apiUrl,omitempty"` Branch string `json:"branch,omitempty"` Owner string `json:"owner,omitempty"` Repository string `json:"repository,omitempty"` RequiredChecks []string `json:"requiredChecks,omitempty"` RequireEnforceAdmins bool `json:"requireEnforceAdmins,omitempty"` RequiredApprovingReviewCount int `json:"requiredApprovingReviewCount,omitempty"` Token string `json:"token,omitempty"` } // GithubCheckBranchProtectionCommand Check branch protection of a GitHub branch func GithubCheckBranchProtectionCommand() *cobra.Command { const STEP_NAME = "githubCheckBranchProtection" metadata := githubCheckBranchProtectionMetadata() var stepConfig githubCheckBranchProtectionOptions var startTime time.Time var logCollector *log.CollectorHook var splunkClient *splunk.Splunk telemetryClient := &telemetry.Telemetry{} var createGithubCheckBranchProtectionCmd = &cobra.Command{ Use: STEP_NAME, Short: "Check branch protection of a GitHub branch", Long: `This step allows you to check if certain branch protection rules are fulfilled. It can for example be used to verify if certain status checks are mandatory. This can be helpful to decide if a certain check needs to be performed again after merging a pull request.`, PreRunE: func(cmd *cobra.Command, _ []string) error { startTime = time.Now() log.SetStepName(STEP_NAME) log.SetVerbose(GeneralConfig.Verbose) GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) path, _ := os.Getwd() fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} log.RegisterHook(fatalHook) err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) if err != nil { log.SetErrorCategory(log.ErrorConfiguration) return err } log.RegisterSecret(stepConfig.Token) if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) log.RegisterHook(&sentryHook) } if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { splunkClient = &splunk.Splunk{} logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} log.RegisterHook(logCollector) } if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil { log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook") } validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) if err != nil { return err } if err = validation.ValidateStruct(stepConfig); err != nil { log.SetErrorCategory(log.ErrorConfiguration) return err } return nil }, Run: func(_ *cobra.Command, _ []string) { stepTelemetryData := telemetry.CustomData{} stepTelemetryData.ErrorCode = "1" handler := func() { config.RemoveVaultSecretFiles() stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() stepTelemetryData.PiperCommitHash = GitCommit telemetryClient.SetData(&stepTelemetryData) telemetryClient.Send() if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { splunkClient.Send(telemetryClient.GetData(), logCollector) } } log.DeferExitHandler(handler) defer handler() telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { splunkClient.Initialize(GeneralConfig.CorrelationID, GeneralConfig.HookConfig.SplunkConfig.Dsn, GeneralConfig.HookConfig.SplunkConfig.Token, GeneralConfig.HookConfig.SplunkConfig.Index, GeneralConfig.HookConfig.SplunkConfig.SendLogs) } githubCheckBranchProtection(stepConfig, &stepTelemetryData) stepTelemetryData.ErrorCode = "0" log.Entry().Info("SUCCESS") }, } addGithubCheckBranchProtectionFlags(createGithubCheckBranchProtectionCmd, &stepConfig) return createGithubCheckBranchProtectionCmd } func addGithubCheckBranchProtectionFlags(cmd *cobra.Command, stepConfig *githubCheckBranchProtectionOptions) { cmd.Flags().StringVar(&stepConfig.APIURL, "apiUrl", `https://api.github.com`, "Set the GitHub API url.") cmd.Flags().StringVar(&stepConfig.Branch, "branch", `master`, "The name of the branch for which the protection settings should be checked.") cmd.Flags().StringVar(&stepConfig.Owner, "owner", os.Getenv("PIPER_owner"), "Name of the GitHub organization.") cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "Name of the GitHub repository.") cmd.Flags().StringSliceVar(&stepConfig.RequiredChecks, "requiredChecks", []string{}, "List of checks which have to be set to 'required' in the GitHub repository configuration.") cmd.Flags().BoolVar(&stepConfig.RequireEnforceAdmins, "requireEnforceAdmins", false, "Check if 'Include Administrators' option is set in the GitHub repository configuration.") cmd.Flags().IntVar(&stepConfig.RequiredApprovingReviewCount, "requiredApprovingReviewCount", 0, "Check if 'Require pull request reviews before merging' option is set with at least the defined number of reviewers in the GitHub repository configuration.") cmd.Flags().StringVar(&stepConfig.Token, "token", os.Getenv("PIPER_token"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.") cmd.MarkFlagRequired("apiUrl") cmd.MarkFlagRequired("branch") cmd.MarkFlagRequired("owner") cmd.MarkFlagRequired("repository") cmd.MarkFlagRequired("token") } // retrieve step metadata func githubCheckBranchProtectionMetadata() config.StepData { var theMetaData = config.StepData{ Metadata: config.StepMetadata{ Name: "githubCheckBranchProtection", Aliases: []config.Alias{}, Description: "Check branch protection of a GitHub branch", }, Spec: config.StepSpec{ Inputs: config.StepInputs{ Secrets: []config.StepSecrets{ {Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"}, }, Parameters: []config.StepParameters{ { Name: "apiUrl", ResourceRef: []config.ResourceReference{}, Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{{Name: "githubApiUrl"}}, Default: `https://api.github.com`, }, { Name: "branch", ResourceRef: []config.ResourceReference{}, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{}, Default: `master`, }, { Name: "owner", ResourceRef: []config.ResourceReference{ { Name: "commonPipelineEnvironment", Param: "github/owner", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{{Name: "githubOrg"}}, Default: os.Getenv("PIPER_owner"), }, { Name: "repository", ResourceRef: []config.ResourceReference{ { Name: "commonPipelineEnvironment", Param: "github/repository", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{{Name: "githubRepo"}}, Default: os.Getenv("PIPER_repository"), }, { Name: "requiredChecks", ResourceRef: []config.ResourceReference{}, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "[]string", Mandatory: false, Aliases: []config.Alias{}, Default: []string{}, }, { Name: "requireEnforceAdmins", ResourceRef: []config.ResourceReference{}, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "bool", Mandatory: false, Aliases: []config.Alias{}, Default: false, }, { Name: "requiredApprovingReviewCount", ResourceRef: []config.ResourceReference{}, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "int", Mandatory: false, Aliases: []config.Alias{}, Default: 0, }, { Name: "token", ResourceRef: []config.ResourceReference{ { Name: "githubTokenCredentialsId", Type: "secret", }, { Name: "githubVaultSecretName", Type: "vaultSecret", Default: "github", }, }, Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{{Name: "githubToken"}, {Name: "access_token"}}, Default: os.Getenv("PIPER_token"), }, }, }, }, } return theMetaData }