From ff8d9b316c0f34eb7754bb5f69859b7242859f8e Mon Sep 17 00:00:00 2001 From: Murilo Dal Ri Date: Tue, 28 Nov 2023 13:38:01 +0000 Subject: [PATCH] wip --- .github/workflows/morning_seal.yml | 2 +- lib/github_fetcher.rb | 28 +++++++++++++++++++++++++--- lib/message_builder.rb | 23 ++++++++++++++++++----- lib/seal.rb | 4 +++- lib/slack_poster.rb | 2 +- templates/list_ci_issues.text.erb | 1 + 6 files changed, 49 insertions(+), 11 deletions(-) create mode 100644 templates/list_ci_issues.text.erb diff --git a/.github/workflows/morning_seal.yml b/.github/workflows/morning_seal.yml index 1a6fa832..51d7cff0 100644 --- a/.github/workflows/morning_seal.yml +++ b/.github/workflows/morning_seal.yml @@ -46,7 +46,7 @@ jobs: ) for team in ${teams[*]}; do - ./bin/seal_runner.rb $team + ./bin/seal_runner.rb $team seal done morning_quote_teams=( diff --git a/lib/github_fetcher.rb b/lib/github_fetcher.rb index a9449bd0..a5fe6ee6 100644 --- a/lib/github_fetcher.rb +++ b/lib/github_fetcher.rb @@ -15,7 +15,7 @@ def initialize(team, dependabot_prs_only: false) @repos = team.repos @include_security_alerts = team.security_alerts @dependabot_prs_only = dependabot_prs_only - @repo_specific_alerts = {} + @repo_security_alerts = {} @security_alert_handler = dependabot_prs_only && @include_security_alerts ? SecurityAlertHandler.new(github, organisation, repos) : nil end @@ -32,11 +32,16 @@ def list_pull_requests def pull_requests_from_github repos.flat_map do |repo| - @repo_specific_alerts[repo] = @security_alert_handler.filter_security_alerts(repo) if @security_alert_handler + @repo_security_alerts[repo] = @security_alert_handler.filter_security_alerts(repo) if @security_alert_handler fetch_pull_requests(repo).reject(&:draft) end end + def check_team_repos_ci + sca_sast_enabled = {} + repos.flat_map { |repo| sca_sast_enabled[repo] = has_sas_sast_scans?(repo) } + end + def security_alerts_count @security_alert_handler&.security_alerts_count end @@ -64,7 +69,7 @@ def fetch_pull_requests(repo) def present_pull_request(pull_request) repo = pull_request.base.repo.name - security_label = @dependabot_prs_only && @include_security_alerts ? @security_alert_handler.label_for_branch(pull_request.head.ref, pull_request.title, @repo_specific_alerts[repo]) : nil + security_label = @dependabot_prs_only && @include_security_alerts ? @security_alert_handler.label_for_branch(pull_request.head.ref, pull_request.title, @repo_security_alerts[repo]) : nil { title: pull_request.title, @@ -141,4 +146,21 @@ def marked_ready_for_review_at(pull_request, repo) puts "Error fetching marked ready for review time for PR #{pull_request.html_url}: #{e.message}" nil end + + def repo_in_ignore_list?(repo) + ignored_repos = ["repo1", "repo2"] + ignored_repos.include?(repo) + end + + def has_sas_sast_scans?(repo) + return true if repo_in_ignore_list?(repo) + ci_file = Base64.decode64(github.contents(repo, path: ".github/workflows/ci.yml").content) + sca_string = "uses: alphagov/govuk-infrastructure/.github/workflows/dependency-review.yml@main" + sast_string = "uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main" + + ci_file.include? sca_string && ci_file.include? sast_string + rescue StandardError => e + puts "Error fetching CI file for repo #{repo}: #{e.message}" + false + end end diff --git a/lib/message_builder.rb b/lib/message_builder.rb index ccdeaa43..0b421cd4 100644 --- a/lib/message_builder.rb +++ b/lib/message_builder.rb @@ -7,17 +7,19 @@ class MessageBuilder attr_accessor :pull_requests, :report, :mood, :poster_mood - def initialize(team, animal) + def initialize(team, mode) @team = team - @animal = animal + @mode = mode end def build - case @animal + case @mode when :panda build_dependapanda_message - else + when :seal build_regular_message + when :sast-sca + build_sast_sca_message end rescue StandardError => e puts "Error building message: #{e.message}" @@ -62,13 +64,17 @@ def pr_date(pr) end def github_fetcher - @github_fetcher ||= GithubFetcher.new(team, dependabot_prs_only: @animal == :panda) + @github_fetcher ||= GithubFetcher.new(team, dependabot_prs_only: @mode == :panda) end def pull_requests @pull_requests ||= github_fetcher.list_pull_requests end + def check_team_repos_ci + @check_team_repos_ci ||= github_fetcher.check_team_repos_ci + end + def old_pull_requests @old_pull_requests ||= pull_requests.select { |pr| rotten?(pr) } end @@ -223,4 +229,11 @@ def panda_presenter puts "Error generating panda presenter: #{e.message}" [] end + + def build_sast_sca_message + @repos = check_team_repos_ci.reject { |_,v| v }.keys + return nil if repos.empty? + + render "list_ci_issues" + end end diff --git a/lib/seal.rb b/lib/seal.rb index 9be9bf3d..0b927e41 100755 --- a/lib/seal.rb +++ b/lib/seal.rb @@ -28,8 +28,10 @@ def bark_at(team, mode: nil) Message.new(team.quotes.sample) if team.quotes_days.map(&:downcase).include?(Date.today.strftime("%A").downcase) when "dependapanda" MessageBuilder.new(team, :panda).build - else + when "seal" MessageBuilder.new(team, :seal).build + else + MessageBuilder.new(team, :sast-sca).build end return if message.nil? diff --git a/lib/slack_poster.rb b/lib/slack_poster.rb index 66dd2567..1724c7a3 100644 --- a/lib/slack_poster.rb +++ b/lib/slack_poster.rb @@ -100,6 +100,6 @@ def set_mood_from_team end def channel - @team_channel = "#bot-testing" if ENV["DEVELOPMENT"] + @team_channel = "#murilo-testing" end end diff --git a/templates/list_ci_issues.text.erb b/templates/list_ci_issues.text.erb new file mode 100644 index 00000000..b8bf4c67 --- /dev/null +++ b/templates/list_ci_issues.text.erb @@ -0,0 +1 @@ +<%= @repos %> \ No newline at end of file