From 969c6a1b0397f061c955295caf01d04f3b344e5f Mon Sep 17 00:00:00 2001
From: Justin Kufro <jkufro@mitre.org>
Date: Fri, 18 Jun 2021 11:39:29 -0600
Subject: [PATCH] added github workflows

---
 .github/workflows/release.yml | 35 +++++++++++++++++++++++
 .github/workflows/static.yml  | 25 +++++++++++++++++
 .rubocop.yml                  | 29 +++++++++++++++++++
 src/Gemfile                   |  2 +-
 src/lambda_function.rb        | 52 +++++++++++++++++------------------
 src/run_lambda_locally.rb     | 30 ++++++++++----------
 6 files changed, 131 insertions(+), 42 deletions(-)
 create mode 100644 .github/workflows/release.yml
 create mode 100644 .github/workflows/static.yml
 create mode 100644 .rubocop.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..d00fbda
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,35 @@
+name: Release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Log into GitHub Container Registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and Push image
+        run: |
+          # Calculate ENV variables
+          VERSION=$(cat ./version)
+          IMAGE_ID=ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:$VERSION
+          IMAGE_LATEST_ID=ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:latest
+
+          # Build the image
+          docker build ./src/ --file ./src/Dockerfile --tag $IMAGE_ID --label "runnumber=${GITHUB_RUN_ID}"
+
+          # Tag image as latest
+          docker tag $IMAGE_ID $IMAGE_LATEST_ID
+
+          # Push the image to GitHub Container Registry
+          docker push $IMAGE_ID
+          docker push $IMAGE_LATEST_ID
diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml
new file mode 100644
index 0000000..d179385
--- /dev/null
+++ b/.github/workflows/static.yml
@@ -0,0 +1,25 @@
+name: Static Analysis
+
+on: [push, workflow_dispatch]
+
+jobs:
+  static:
+    runs-on: ubuntu-18.04
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7.2
+
+      - name: Rubocop
+        run: |
+          gem install rubocop
+          rubocop
+
+      - name: Bundle Audit
+        run: |
+          gem install bundler bundle-audit
+          cd ./src/
+          bundle-audit
diff --git a/.rubocop.yml b/.rubocop.yml
new file mode 100644
index 0000000..618d451
--- /dev/null
+++ b/.rubocop.yml
@@ -0,0 +1,29 @@
+AllCops:
+  TargetRubyVersion: 2.7
+  NewCops: enable
+Layout/LineLength:
+  Max: 160
+Metrics/PerceivedComplexity:
+  Enabled: false
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Metrics/MethodLength:
+  Max: 160
+Metrics/AbcSize:
+  Enabled: false
+Metrics/ClassLength:
+  Max: 750
+Metrics/ParameterLists:
+  Max: 8
+Metrics/BlockLength:
+  Enabled: false
+Style/ClassAndModuleChildren:
+  Enabled: false
+Naming/VariableNumber:
+  EnforcedStyle: snake_case
+Style/MultilineTernaryOperator:
+  Enabled: false
+Style/NestedTernaryOperator:
+  Enabled: false
+Style/GlobalVars:
+  Enabled: false
\ No newline at end of file
diff --git a/src/Gemfile b/src/Gemfile
index 8b1e3ed..b8b8961 100644
--- a/src/Gemfile
+++ b/src/Gemfile
@@ -3,6 +3,6 @@
 source 'https://rubygems.org'
 
 gem 'aws-sdk-lambda', '~> 1'
-gem 'aws-sdk-ssm', '~> 1'
 gem 'aws-sdk-s3', '~> 1'
+gem 'aws-sdk-ssm', '~> 1'
 gem 'multipart-post'
diff --git a/src/lambda_function.rb b/src/lambda_function.rb
index d48feaa..3c19ba4 100644
--- a/src/lambda_function.rb
+++ b/src/lambda_function.rb
@@ -33,16 +33,16 @@
 # Invoking lambda from the Ruby SDK:
 # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#invoke_async-instance_method
 #
-def lambda_handler(event:, context:)
+def lambda_handler(event:, _context:)
   $logger.info(event)
 
   validate_variables(event)
 
   records = (event['Records'] || [])
   records.each do |record|
-      bucket_name = record.dig('s3', 'bucket', 'name')
-      object_key = record.dig('s3', 'object', 'key')
-      process_record(event, bucket_name, object_key)
+    bucket_name = record.dig('s3', 'bucket', 'name')
+    object_key = record.dig('s3', 'object', 'key')
+    process_record(event, bucket_name, object_key)
   end
 
   $logger.info('Lambda completed successfully!')
@@ -51,7 +51,7 @@ def lambda_handler(event:, context:)
 ##
 # Process a S3 record that was passed via the event
 #
-def process_record(event, bucket_name, object_key)
+def process_record(_event, bucket_name, object_key)
   return if bucket_name.nil? || object_key.nil?
 
   record_contents = get_record_contents(bucket_name, object_key)
@@ -59,10 +59,10 @@ def process_record(event, bucket_name, object_key)
   filename = object_key.split('/').last
   $logger.info("Processing file (#{object_key}) with filename (#{filename})")
 
-  record_contents['eval_tags'] = record_contents['eval_tags'].nil? ? 'HeimdallPusher' : record_contents['eval_tags'] + ',HeimdallPusher'
+  record_contents['eval_tags'] = record_contents['eval_tags'].nil? ? 'HeimdallPusher' : "#{record_contents['eval_tags']},HeimdallPusher"
 
   # Save to Heimdall
-  heimdall_user_password = get_heimdall_password
+  heimdall_user_password = heimdall_password
   user_id, token = get_heimdall_api_token(heimdall_user_password)
   push_to_heimdall(filename, hdf, user_id, token, record_contents['eval_tags'])
 
@@ -82,29 +82,29 @@ def save_hdf_to_bucket(hdf, bucket_name, filename)
   $logger.info('Saving processed HDF to bucket.')
   s3_client = Aws::S3::Client.new
   s3_client.put_object({
-    body: StringIO.new(hdf.to_json), 
-    bucket: bucket_name, 
-    key: "hdf/#{filename}", 
-  }) 
+                         body: StringIO.new(hdf.to_json),
+                         bucket: bucket_name,
+                         key: "hdf/#{filename}"
+                       })
 end
 
 def save_results_to_bucket(results, bucket_name, filename)
   $logger.info('Saving processed result to bucket.')
   s3_client = Aws::S3::Client.new
   s3_client.put_object({
-    body: StringIO.new(results.to_json), 
-    bucket: bucket_name, 
-    key: "processed/#{filename}", 
-  }) 
+                         body: StringIO.new(results.to_json),
+                         bucket: bucket_name,
+                         key: "processed/#{filename}"
+                       })
 end
 
 def remove_unprocessed_from_bucket(bucket_name, object_key)
   $logger.info('Removing unprocessed result from bucket.')
   s3_client = Aws::S3::Client.new
   s3_client.delete_object({
-    bucket: bucket_name, 
-    key: object_key, 
-  })
+                            bucket: bucket_name,
+                            key: object_key
+                          })
 end
 
 ##
@@ -136,7 +136,7 @@ def validate_variables(event)
 # specifying the SSM_ENDPOINT variable will allow reaching
 # SSM parameter store properly.
 #
-def get_heimdall_password
+def heimdall_password
   $logger.info('Fetching Heimdall Password Secret from SSM parameter store...')
   ssm_client = nil
 
@@ -165,8 +165,8 @@ def get_heimdall_password
 def get_heimdall_api_token(heimdall_user_password)
   $logger.info('Getting token from Heimdall Server...')
   payload = {
-    'email': ENV['HEIMDALL_API_USER'],
-    'password': heimdall_user_password
+    email: ENV['HEIMDALL_API_USER'],
+    password: heimdall_user_password
   }
   resp = Net::HTTP.post(
     URI("#{ENV['HEIMDALL_URL']}/authn/login"),
@@ -205,11 +205,11 @@ def push_to_heimdall(filename, hdf, user_id, token, eval_tags)
   $logger.info('Pushing HDF results to Heimdall Server...')
   url = URI("#{ENV['HEIMDALL_URL']}/evaluations")
   payload = {
-    'data': UploadIO.new(StringIO.new(hdf.to_json), 'application/json', filename),
-    'filename': filename,
-    'userId': user_id,
-    'public': ENV['HEIMDALL_PUBLIC'] || 'true',
-    'evaluationTags': eval_tags
+    data: UploadIO.new(StringIO.new(hdf.to_json), 'application/json', filename),
+    filename: filename,
+    userId: user_id,
+    public: ENV['HEIMDALL_PUBLIC'] || 'true',
+    evaluationTags: eval_tags
   }
   request = Net::HTTP::Post::Multipart.new(url.path, payload)
   request['Authorization'] = "Bearer #{token}"
diff --git a/src/run_lambda_locally.rb b/src/run_lambda_locally.rb
index 29e8b73..ffcbd87 100644
--- a/src/run_lambda_locally.rb
+++ b/src/run_lambda_locally.rb
@@ -14,19 +14,19 @@
 require_relative 'lambda_function'
 
 lambda_handler(
-    event: {
-        "Records" => [
-            {
-                "s3" => {
-                    "bucket" => {
-                        "name" => "inspec-results-bucket-dev-myzr"
-                    },
-                    "object" => {
-                        "key" => "unprocessed/2021-05-27_14-14-46_ConfigToHdf.json"
-                    }
-                }
-            }
-        ]
-    }, 
-    context: nil
+  event: {
+    'Records' => [
+      {
+        's3' => {
+          'bucket' => {
+            'name' => 'inspec-results-bucket-dev-myzr'
+          },
+          'object' => {
+            'key' => 'unprocessed/2021-05-27_14-14-46_ConfigToHdf.json'
+          }
+        }
+      }
+    ]
+  },
+  context: nil
 )