Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for code_scanning #3256

Merged
merged 8 commits into from
Oct 17, 2024
Merged

feat: Add support for code_scanning #3256

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
0dba8da
feat: Add support for code_scanning
ihor-hrytskiv Sep 3, 2024
b700143
PR review fixes
ihor-hrytskiv Sep 3, 2024
2a80399
Add more tests
ihor-hrytskiv Sep 4, 2024
0e084f4
Merge branch 'master' into feat/code-scanning-rulesets
ihor-hrytskiv Sep 4, 2024
ce74de3
Add more tests
ihor-hrytskiv Sep 5, 2024
4ce9fd0
Merge branch 'master' into feat/code-scanning-rulesets
ihor-hrytskiv Sep 8, 2024
f4c9981
Merge branch 'master' into feat/code-scanning-rulesets
ihor-hrytskiv Oct 8, 2024
10a26f4
Merge branch 'master' into feat/code-scanning-rulesets
gmlewis Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions github/orgs_rules_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,18 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoNames(t *testing.T)
"operator": "contains",
"pattern": "github"
}
},
{
"type": "code_scanning",
"parameters": {
"code_scanning_tools": [
{
"tool": "CodeQL",
"security_alerts_threshold": "high_or_higher",
"alerts_threshold": "errors"
}
]
}
}
]
}`)
Expand Down Expand Up @@ -288,6 +300,15 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoNames(t *testing.T)
Operator: "contains",
Pattern: "github",
}),
NewRequiredCodeScanningRule(&RequiredCodeScanningRuleParameters{
RequiredCodeScanningTools: []*RuleRequiredCodeScanningTools{
{
Tool: "CodeQL",
SecurityAlertsThreshold: "high_or_higher",
AlertsThreshold: "errors",
},
},
}),
},
})
if err != nil {
Expand Down Expand Up @@ -374,6 +395,15 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoNames(t *testing.T)
Operator: "contains",
Pattern: "github",
}),
NewRequiredCodeScanningRule(&RequiredCodeScanningRuleParameters{
RequiredCodeScanningTools: []*RuleRequiredCodeScanningTools{
{
Tool: "CodeQL",
SecurityAlertsThreshold: "high_or_higher",
AlertsThreshold: "errors",
},
},
}),
},
}
if !cmp.Equal(ruleset, want) {
Expand Down Expand Up @@ -524,6 +554,18 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoProperty(t *testing.
"operator": "contains",
"pattern": "github"
}
},
{
"type": "code_scanning",
"parameters": {
"code_scanning_tools": [
{
"tool": "CodeQL",
"security_alerts_threshold": "high_or_higher",
"alerts_threshold": "errors"
}
]
}
}
]
}`)
Expand Down Expand Up @@ -617,6 +659,15 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoProperty(t *testing.
Operator: "contains",
Pattern: "github",
}),
NewRequiredCodeScanningRule(&RequiredCodeScanningRuleParameters{
RequiredCodeScanningTools: []*RuleRequiredCodeScanningTools{
{
Tool: "CodeQL",
SecurityAlertsThreshold: "high_or_higher",
AlertsThreshold: "errors",
},
},
}),
},
})
if err != nil {
Expand Down Expand Up @@ -710,6 +761,15 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoProperty(t *testing.
Operator: "contains",
Pattern: "github",
}),
NewRequiredCodeScanningRule(&RequiredCodeScanningRuleParameters{
RequiredCodeScanningTools: []*RuleRequiredCodeScanningTools{
{
Tool: "CodeQL",
SecurityAlertsThreshold: "high_or_higher",
AlertsThreshold: "errors",
},
},
}),
},
}
if !cmp.Equal(ruleset, want) {
Expand Down Expand Up @@ -852,6 +912,18 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoIDs(t *testing.T) {
"operator": "contains",
"pattern": "github"
}
},
{
"type": "code_scanning",
"parameters": {
"code_scanning_tools": [
{
"tool": "CodeQL",
"security_alerts_threshold": "high_or_higher",
"alerts_threshold": "errors"
}
]
}
}
]
}`)
Expand Down Expand Up @@ -936,6 +1008,15 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoIDs(t *testing.T) {
Operator: "contains",
Pattern: "github",
}),
NewRequiredCodeScanningRule(&RequiredCodeScanningRuleParameters{
RequiredCodeScanningTools: []*RuleRequiredCodeScanningTools{
{
Tool: "CodeQL",
SecurityAlertsThreshold: "high_or_higher",
AlertsThreshold: "errors",
},
},
}),
},
})
if err != nil {
Expand Down Expand Up @@ -1020,6 +1101,15 @@ func TestOrganizationsService_CreateOrganizationRuleset_RepoIDs(t *testing.T) {
Operator: "contains",
Pattern: "github",
}),
NewRequiredCodeScanningRule(&RequiredCodeScanningRuleParameters{
RequiredCodeScanningTools: []*RuleRequiredCodeScanningTools{
{
Tool: "CodeQL",
SecurityAlertsThreshold: "high_or_higher",
AlertsThreshold: "errors",
},
},
}),
},
}
if !cmp.Equal(ruleset, want) {
Expand Down
33 changes: 33 additions & 0 deletions github/repos_rules.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,18 @@ type RequiredWorkflowsRuleParameters struct {
RequiredWorkflows []*RuleRequiredWorkflow `json:"workflows"`
}

// RuleRequiredCodeScanningTools represents the RequiredCodeScanningTools for the RequiredCodeScanningParameters object.
type RuleRequiredCodeScanningTools struct {
AlertsThreshold string `json:"alerts_threshold"`
SecurityAlertsThreshold string `json:"security_alerts_threshold"`
Tool string `json:"tool"`
}

// RequiredCodeScanningRuleParameters represents the code_scanning rule parameters.
type RequiredCodeScanningRuleParameters struct {
RequiredCodeScanningTools []*RuleRequiredCodeScanningTools `json:"code_scanning_tools"`
}

// RepositoryRule represents a GitHub Rule.
type RepositoryRule struct {
Type string `json:"type"`
Expand Down Expand Up @@ -491,6 +503,15 @@ func (r *RepositoryRule) UnmarshalJSON(data []byte) error {
bytes, _ := json.Marshal(params)
rawParams := json.RawMessage(bytes)

r.Parameters = &rawParams
case "code_scanning":
params := RequiredCodeScanningRuleParameters{}
if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
return err
}
bytes, _ := json.Marshal(params)
rawParams := json.RawMessage(bytes)

r.Parameters = &rawParams
case "max_file_path_length":
params := RuleMaxFilePathLengthParameters{}
Expand Down Expand Up @@ -705,6 +726,18 @@ func NewRequiredWorkflowsRule(params *RequiredWorkflowsRuleParameters) (rule *Re
}
}

// NewRequiredCodeScanningRule creates a rule to require which tools must provide code scanning results before the reference is updated.
func NewRequiredCodeScanningRule(params *RequiredCodeScanningRuleParameters) (rule *RepositoryRule) {
bytes, _ := json.Marshal(params)

rawParams := json.RawMessage(bytes)

return &RepositoryRule{
Type: "code_scanning",
Parameters: &rawParams,
}
}

// NewFilePathRestrictionRule creates a rule to restrict file paths from being pushed to.
func NewFilePathRestrictionRule(params *RuleFileParameters) (rule *RepositoryRule) {
bytes, _ := json.Marshal(params)
Expand Down
30 changes: 29 additions & 1 deletion github/repos_rules_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,7 @@ func TestRepositoryRule_UnmarshalJSON(t *testing.T) {
},
wantErr: true,
},
"Required workflows params": {
"Valid Required workflows params": {
data: `{"type":"workflows","parameters":{"workflows":[{"path": ".github/workflows/test.yml", "repository_id": 1}]}}`,
want: NewRequiredWorkflowsRule(&RequiredWorkflowsRuleParameters{
RequiredWorkflows: []*RuleRequiredWorkflow{
Expand All @@ -305,6 +305,34 @@ func TestRepositoryRule_UnmarshalJSON(t *testing.T) {
},
}),
},
"Invalid Required workflows params": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

data: `{"type":"workflows","parameters":{"workflows":[{"path": ".github/workflows/test.yml", "repository_id": "test"}]}}`,
want: &RepositoryRule{
Type: "workflows",
Parameters: nil,
},
wantErr: true,
},
"Valid Required code_scanning params": {
data: `{"type":"code_scanning","parameters":{"code_scanning_tools":[{"tool": "CodeQL", "security_alerts_threshold": "high_or_higher", "alerts_threshold": "errors"}]}}`,
want: NewRequiredCodeScanningRule(&RequiredCodeScanningRuleParameters{
RequiredCodeScanningTools: []*RuleRequiredCodeScanningTools{
{
Tool: "CodeQL",
SecurityAlertsThreshold: "high_or_higher",
AlertsThreshold: "errors",
},
},
}),
},
"Invalid Required code_scanning params": {
data: `{"type":"code_scanning","parameters":{"code_scanning_tools":[{"tool": 1}]}}`,
want: &RepositoryRule{
Type: "code_scanning",
Parameters: nil,
},
wantErr: true,
},
"Invalid type": {
data: `{"type":"unknown"}`,
want: &RepositoryRule{
Expand Down
Loading