wip

alphagov · Nov 28, 2023 · 05fb621 · 05fb621
1 parent dd84f6d
commit 05fb621
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 11 deletions.
diff --git a/.github/workflows/morning_seal.yml b/.github/workflows/morning_seal.yml
@@ -46,7 +46,7 @@ jobs:
           )
           
           for team in ${teams[*]}; do
-            ./bin/seal_runner.rb $team
+            ./bin/seal_runner.rb $team seal
           done
           
           morning_quote_teams=(

diff --git a/lib/github_fetcher.rb b/lib/github_fetcher.rb
@@ -15,7 +15,7 @@ def initialize(team, dependabot_prs_only: false)
     @repos = team.repos
     @include_security_alerts = team.security_alerts
     @dependabot_prs_only = dependabot_prs_only
-    @repo_specific_alerts = {}
+    @repo_security_alerts = {}
     @security_alert_handler = dependabot_prs_only && @include_security_alerts ? SecurityAlertHandler.new(github, organisation, repos) : nil
   end
 
@@ -32,11 +32,16 @@ def list_pull_requests
 
   def pull_requests_from_github
     repos.flat_map do |repo|
-      @repo_specific_alerts[repo] = @security_alert_handler.filter_security_alerts(repo) if @security_alert_handler
+      @repo_security_alerts[repo] = @security_alert_handler.filter_security_alerts(repo) if @security_alert_handler
       fetch_pull_requests(repo).reject(&:draft)
     end
   end
 
+  def check_team_repos_ci
+    sca_sast_enabled = {}
+    repos.flat_map { |repo| sca_sast_enabled[repo] = has_sas_sast_scans?(repo) }
+  end
+
   def security_alerts_count
     @security_alert_handler&.security_alerts_count
   end
@@ -64,7 +69,7 @@ def fetch_pull_requests(repo)
 
   def present_pull_request(pull_request)
     repo = pull_request.base.repo.name
-    security_label = @dependabot_prs_only && @include_security_alerts ? @security_alert_handler.label_for_branch(pull_request.head.ref, pull_request.title, @repo_specific_alerts[repo]) : nil
+    security_label = @dependabot_prs_only && @include_security_alerts ? @security_alert_handler.label_for_branch(pull_request.head.ref, pull_request.title, @repo_security_alerts[repo]) : nil
 
     {
       title: pull_request.title,
@@ -141,4 +146,21 @@ def marked_ready_for_review_at(pull_request, repo)
     puts "Error fetching marked ready for review time for PR #{pull_request.html_url}: #{e.message}"
     nil
   end
+
+  def repo_in_ignore_list?(repo)
+    ignored_repos = ["repo1", "repo2"]
+    ignored_repos.include?(repo)
+  end
+
+  def has_sas_sast_scans?(repo)
+    return true if repo_in_ignore_list?(repo)
+    ci_file = Base64.decode64(github.contents(repo, path: ".github/workflows/ci.yml").content)
+    sca_string = "uses: alphagov/govuk-infrastructure/.github/workflows/dependency-review.yml@main"
+    sast_string = "uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main"
+
+    ci_file.include?(sca_string) && ci_file.include?(sast_string)
+  rescue StandardError => e
+    puts "Error fetching CI file for repo #{repo}: #{e.message}"
+    false
+  end
 end
diff --git a/lib/message_builder.rb b/lib/message_builder.rb
@@ -7,17 +7,19 @@ class MessageBuilder
 
   attr_accessor :pull_requests, :report, :mood, :poster_mood
 
-  def initialize(team, animal)
+  def initialize(team, mode)
     @team = team
-    @animal = animal
+    @mode = mode
   end
 
   def build
-    case @animal
+    case @mode
     when :panda
       build_dependapanda_message
-    else
+    when :seal
       build_regular_message
+    when :sast-sca
+      build_sast_sca_message
     end
   rescue StandardError => e
     puts "Error building message: #{e.message}"
@@ -62,13 +64,17 @@ def pr_date(pr)
   end
 
   def github_fetcher
-    @github_fetcher ||= GithubFetcher.new(team, dependabot_prs_only: @animal == :panda)
+    @github_fetcher ||= GithubFetcher.new(team, dependabot_prs_only: @mode == :panda)
   end
 
   def pull_requests
     @pull_requests ||= github_fetcher.list_pull_requests
   end
 
+  def check_team_repos_ci
+    @check_team_repos_ci ||= github_fetcher.check_team_repos_ci
+  end
+
   def old_pull_requests
     @old_pull_requests ||= pull_requests.select { |pr| rotten?(pr) }
   end
@@ -223,4 +229,11 @@ def panda_presenter
     puts "Error generating panda presenter: #{e.message}"
     []
   end
+
+  def build_sast_sca_message
+    @repos = check_team_repos_ci.reject { |_,v| v }.keys
+    return nil if repos.empty?
+
+    render "list_ci_issues"
+  end
 end
diff --git a/lib/seal.rb b/lib/seal.rb
@@ -28,8 +28,10 @@ def bark_at(team, mode: nil)
                 Message.new(team.quotes.sample) if team.quotes_days.map(&:downcase).include?(Date.today.strftime("%A").downcase)
               when "dependapanda"
                 MessageBuilder.new(team, :panda).build
-              else
+              when "seal"
                 MessageBuilder.new(team, :seal).build
+              else
+                MessageBuilder.new(team, :sast-sca).build
               end
 
     return if message.nil?

diff --git a/lib/slack_poster.rb b/lib/slack_poster.rb
@@ -100,6 +100,6 @@ def set_mood_from_team
   end
 
   def channel
-    @team_channel = "#bot-testing" if ENV["DEVELOPMENT"]
+    @team_channel = "#murilo-testing"
   end
 end
diff --git a/templates/list_ci_issues.text.erb b/templates/list_ci_issues.text.erb
@@ -0,0 +1 @@
+<%= @repos %>