mirror of
https://github.com/SAP/jenkins-library.git
synced 2025-02-05 13:25:19 +02:00
af05acad58
* test * test * draft * generator * some polishing * go mod tidy * fix unit * fix unit * fix unit * fix unit * fix unit * resolve review comments * resolve review comments * add debug message on successful publish * refactor to use global vault client * cleanup * rename * clenup * refactor * remove token revocation * handle nil vaultClient and add comments * feat(events): Publish events (generated part) (#5131) * add generated * add generated * refactor vaultClient usage * fix unit tests * fix unit tests * fix
279 lines
11 KiB
Go
279 lines
11 KiB
Go
// Code generated by piper's step-generator. DO NOT EDIT.
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/SAP/jenkins-library/pkg/config"
|
|
"github.com/SAP/jenkins-library/pkg/gcp"
|
|
"github.com/SAP/jenkins-library/pkg/log"
|
|
"github.com/SAP/jenkins-library/pkg/splunk"
|
|
"github.com/SAP/jenkins-library/pkg/telemetry"
|
|
"github.com/SAP/jenkins-library/pkg/validation"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
type githubCheckBranchProtectionOptions struct {
|
|
APIURL string `json:"apiUrl,omitempty"`
|
|
Branch string `json:"branch,omitempty"`
|
|
Owner string `json:"owner,omitempty"`
|
|
Repository string `json:"repository,omitempty"`
|
|
RequiredChecks []string `json:"requiredChecks,omitempty"`
|
|
RequireEnforceAdmins bool `json:"requireEnforceAdmins,omitempty"`
|
|
RequiredApprovingReviewCount int `json:"requiredApprovingReviewCount,omitempty"`
|
|
Token string `json:"token,omitempty"`
|
|
}
|
|
|
|
// GithubCheckBranchProtectionCommand Check branch protection of a GitHub branch
|
|
func GithubCheckBranchProtectionCommand() *cobra.Command {
|
|
const STEP_NAME = "githubCheckBranchProtection"
|
|
|
|
metadata := githubCheckBranchProtectionMetadata()
|
|
var stepConfig githubCheckBranchProtectionOptions
|
|
var startTime time.Time
|
|
var logCollector *log.CollectorHook
|
|
var splunkClient *splunk.Splunk
|
|
telemetryClient := &telemetry.Telemetry{}
|
|
|
|
var createGithubCheckBranchProtectionCmd = &cobra.Command{
|
|
Use: STEP_NAME,
|
|
Short: "Check branch protection of a GitHub branch",
|
|
Long: `This step allows you to check if certain branch protection rules are fulfilled.
|
|
|
|
It can for example be used to verify if certain status checks are mandatory. This can be helpful to decide if a certain check needs to be performed again after merging a pull request.`,
|
|
PreRunE: func(cmd *cobra.Command, _ []string) error {
|
|
startTime = time.Now()
|
|
log.SetStepName(STEP_NAME)
|
|
log.SetVerbose(GeneralConfig.Verbose)
|
|
|
|
GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
|
|
|
|
path, _ := os.Getwd()
|
|
fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
|
|
log.RegisterHook(fatalHook)
|
|
|
|
err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile)
|
|
if err != nil {
|
|
log.SetErrorCategory(log.ErrorConfiguration)
|
|
return err
|
|
}
|
|
log.RegisterSecret(stepConfig.Token)
|
|
|
|
if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 {
|
|
sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID)
|
|
log.RegisterHook(&sentryHook)
|
|
}
|
|
|
|
if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 || len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 {
|
|
splunkClient = &splunk.Splunk{}
|
|
logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID}
|
|
log.RegisterHook(logCollector)
|
|
}
|
|
|
|
if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil {
|
|
log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook")
|
|
}
|
|
|
|
validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if err = validation.ValidateStruct(stepConfig); err != nil {
|
|
log.SetErrorCategory(log.ErrorConfiguration)
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
},
|
|
Run: func(_ *cobra.Command, _ []string) {
|
|
vaultClient := config.GlobalVaultClient()
|
|
if vaultClient != nil {
|
|
defer vaultClient.MustRevokeToken()
|
|
}
|
|
|
|
stepTelemetryData := telemetry.CustomData{}
|
|
stepTelemetryData.ErrorCode = "1"
|
|
handler := func() {
|
|
config.RemoveVaultSecretFiles()
|
|
stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
|
|
stepTelemetryData.ErrorCategory = log.GetErrorCategory().String()
|
|
stepTelemetryData.PiperCommitHash = GitCommit
|
|
telemetryClient.SetData(&stepTelemetryData)
|
|
telemetryClient.Send()
|
|
if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {
|
|
splunkClient.Initialize(GeneralConfig.CorrelationID,
|
|
GeneralConfig.HookConfig.SplunkConfig.Dsn,
|
|
GeneralConfig.HookConfig.SplunkConfig.Token,
|
|
GeneralConfig.HookConfig.SplunkConfig.Index,
|
|
GeneralConfig.HookConfig.SplunkConfig.SendLogs)
|
|
splunkClient.Send(telemetryClient.GetData(), logCollector)
|
|
}
|
|
if len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 {
|
|
splunkClient.Initialize(GeneralConfig.CorrelationID,
|
|
GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint,
|
|
GeneralConfig.HookConfig.SplunkConfig.ProdCriblToken,
|
|
GeneralConfig.HookConfig.SplunkConfig.ProdCriblIndex,
|
|
GeneralConfig.HookConfig.SplunkConfig.SendLogs)
|
|
splunkClient.Send(telemetryClient.GetData(), logCollector)
|
|
}
|
|
if GeneralConfig.HookConfig.GCPPubSubConfig.Enabled {
|
|
err := gcp.NewGcpPubsubClient(
|
|
vaultClient,
|
|
GeneralConfig.HookConfig.GCPPubSubConfig.ProjectNumber,
|
|
GeneralConfig.HookConfig.GCPPubSubConfig.IdentityPool,
|
|
GeneralConfig.HookConfig.GCPPubSubConfig.IdentityProvider,
|
|
GeneralConfig.CorrelationID,
|
|
GeneralConfig.HookConfig.OIDCConfig.RoleID,
|
|
).Publish(GeneralConfig.HookConfig.GCPPubSubConfig.Topic, telemetryClient.GetDataBytes())
|
|
if err != nil {
|
|
log.Entry().WithError(err).Warn("event publish failed")
|
|
}
|
|
}
|
|
}
|
|
log.DeferExitHandler(handler)
|
|
defer handler()
|
|
telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME, GeneralConfig.HookConfig.PendoConfig.Token)
|
|
githubCheckBranchProtection(stepConfig, &stepTelemetryData)
|
|
stepTelemetryData.ErrorCode = "0"
|
|
log.Entry().Info("SUCCESS")
|
|
},
|
|
}
|
|
|
|
addGithubCheckBranchProtectionFlags(createGithubCheckBranchProtectionCmd, &stepConfig)
|
|
return createGithubCheckBranchProtectionCmd
|
|
}
|
|
|
|
func addGithubCheckBranchProtectionFlags(cmd *cobra.Command, stepConfig *githubCheckBranchProtectionOptions) {
|
|
cmd.Flags().StringVar(&stepConfig.APIURL, "apiUrl", `https://api.github.com`, "Set the GitHub API url.")
|
|
cmd.Flags().StringVar(&stepConfig.Branch, "branch", `master`, "The name of the branch for which the protection settings should be checked.")
|
|
cmd.Flags().StringVar(&stepConfig.Owner, "owner", os.Getenv("PIPER_owner"), "Name of the GitHub organization.")
|
|
cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "Name of the GitHub repository.")
|
|
cmd.Flags().StringSliceVar(&stepConfig.RequiredChecks, "requiredChecks", []string{}, "List of checks which have to be set to 'required' in the GitHub repository configuration.")
|
|
cmd.Flags().BoolVar(&stepConfig.RequireEnforceAdmins, "requireEnforceAdmins", false, "Check if 'Include Administrators' option is set in the GitHub repository configuration.")
|
|
cmd.Flags().IntVar(&stepConfig.RequiredApprovingReviewCount, "requiredApprovingReviewCount", 0, "Check if 'Require pull request reviews before merging' option is set with at least the defined number of reviewers in the GitHub repository configuration.")
|
|
cmd.Flags().StringVar(&stepConfig.Token, "token", os.Getenv("PIPER_token"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.")
|
|
|
|
cmd.MarkFlagRequired("apiUrl")
|
|
cmd.MarkFlagRequired("branch")
|
|
cmd.MarkFlagRequired("owner")
|
|
cmd.MarkFlagRequired("repository")
|
|
cmd.MarkFlagRequired("token")
|
|
}
|
|
|
|
// retrieve step metadata
|
|
func githubCheckBranchProtectionMetadata() config.StepData {
|
|
var theMetaData = config.StepData{
|
|
Metadata: config.StepMetadata{
|
|
Name: "githubCheckBranchProtection",
|
|
Aliases: []config.Alias{},
|
|
Description: "Check branch protection of a GitHub branch",
|
|
},
|
|
Spec: config.StepSpec{
|
|
Inputs: config.StepInputs{
|
|
Secrets: []config.StepSecrets{
|
|
{Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"},
|
|
},
|
|
Parameters: []config.StepParameters{
|
|
{
|
|
Name: "apiUrl",
|
|
ResourceRef: []config.ResourceReference{},
|
|
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
|
|
Type: "string",
|
|
Mandatory: true,
|
|
Aliases: []config.Alias{{Name: "githubApiUrl"}},
|
|
Default: `https://api.github.com`,
|
|
},
|
|
{
|
|
Name: "branch",
|
|
ResourceRef: []config.ResourceReference{},
|
|
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
|
|
Type: "string",
|
|
Mandatory: true,
|
|
Aliases: []config.Alias{},
|
|
Default: `master`,
|
|
},
|
|
{
|
|
Name: "owner",
|
|
ResourceRef: []config.ResourceReference{
|
|
{
|
|
Name: "commonPipelineEnvironment",
|
|
Param: "github/owner",
|
|
},
|
|
},
|
|
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
|
|
Type: "string",
|
|
Mandatory: true,
|
|
Aliases: []config.Alias{{Name: "githubOrg"}},
|
|
Default: os.Getenv("PIPER_owner"),
|
|
},
|
|
{
|
|
Name: "repository",
|
|
ResourceRef: []config.ResourceReference{
|
|
{
|
|
Name: "commonPipelineEnvironment",
|
|
Param: "github/repository",
|
|
},
|
|
},
|
|
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
|
|
Type: "string",
|
|
Mandatory: true,
|
|
Aliases: []config.Alias{{Name: "githubRepo"}},
|
|
Default: os.Getenv("PIPER_repository"),
|
|
},
|
|
{
|
|
Name: "requiredChecks",
|
|
ResourceRef: []config.ResourceReference{},
|
|
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
|
|
Type: "[]string",
|
|
Mandatory: false,
|
|
Aliases: []config.Alias{},
|
|
Default: []string{},
|
|
},
|
|
{
|
|
Name: "requireEnforceAdmins",
|
|
ResourceRef: []config.ResourceReference{},
|
|
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
|
|
Type: "bool",
|
|
Mandatory: false,
|
|
Aliases: []config.Alias{},
|
|
Default: false,
|
|
},
|
|
{
|
|
Name: "requiredApprovingReviewCount",
|
|
ResourceRef: []config.ResourceReference{},
|
|
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
|
|
Type: "int",
|
|
Mandatory: false,
|
|
Aliases: []config.Alias{},
|
|
Default: 0,
|
|
},
|
|
{
|
|
Name: "token",
|
|
ResourceRef: []config.ResourceReference{
|
|
{
|
|
Name: "githubTokenCredentialsId",
|
|
Type: "secret",
|
|
},
|
|
|
|
{
|
|
Name: "githubVaultSecretName",
|
|
Type: "vaultSecret",
|
|
Default: "github",
|
|
},
|
|
},
|
|
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
|
|
Type: "string",
|
|
Mandatory: true,
|
|
Aliases: []config.Alias{{Name: "githubToken"}, {Name: "access_token"}},
|
|
Default: os.Getenv("PIPER_token"),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
return theMetaData
|
|
}
|