Add project support to security-issues (#126)

--------
Co-authored-by: Torsten Kilias <[email protected]>

Author: Nicoretti

.github/actions/security-issues/action.yml

@@ -15,6 +15,10 @@ inputs:
     description: 'Github Token'
     required: true
 
+  project:
+    description: 'Project the created tickets shall be associated with'
+    required: false
+
 runs:
 
   using: "composite"
@@ -28,7 +32,7 @@ runs:
     - name: Install Python Toolbox / Security tool
       shell: bash
       run: |
-        pip install exasol-toolbox==0.6.2
+        pip install exasol-toolbox==0.7.0
 
     - name: Create Security Issue Report
       shell: bash
@@ -53,7 +57,7 @@ runs:
         GH_TOKEN: ${{ inputs.github-token }}
       shell: bash
       run: |
-        tbx security cve create < issues.jsonl | tee created.txt
+        tbx security cve create --project "${{ inputs.project }}" < issues.jsonl | tee created.txt
 
     - name: Create Report
       shell: bash

doc/changelog.rst

@@ -6,8 +6,21 @@
 Unreleased
 ==========
 
+
+.. _changelog-0.7.0:
+
+
+0.7.0 - 2024-01-26
+==================
+
+✨ Added
+--------
+* Added support for referencing projects in security-issues action.
+
+
 .. _changelog-0.6.2:
 
+
 0.6.2 - 2023-11-20
 ==================
 

doc/github_actions/security_issues.rst

@@ -67,7 +67,7 @@ Currently there are only two converters available
 
 
 Input Format
-------------
+____________
 
 The expect intput format is jsonl (line based json), of the following form:
 
@@ -88,6 +88,19 @@ The temporary GitHub token of the workflow needs to be passed into the action (:
 in order to enable the action to query and created GitHub issues.
 
 
+project
++++++++
+Title of the GitHub-Project the created issue(s) shall be associated with (default = None).
+To determine the title of an project you can use the GitHub-CLI, see example below.
+
+.. code-block:: shell
+
+    gh project list --owner exasol
+
+    NUMBER  TITLE                             STATE  ID
+    ...
+
+
 Ideas
 -----
 

exasol/toolbox/metrics.py

@@ -34,6 +34,7 @@ class Rating(Enum):
     F = Broken (Get it fixed!)
     N/A = Rating is not available
     """
+
     A = "A"
     B = "B"
     C = "C"

exasol/toolbox/tools/security.py

@@ -128,14 +128,16 @@ def as_markdown_listing(elements: Iterable[str]):
     )
 
 
-def create_security_issue(issue: Issue) -> Tuple[str, str]:
+def create_security_issue(issue: Issue, project="") -> Tuple[str, str]:
     # fmt: off
     command = [
         "gh", "issue", "create",
         "--label", "security",
         "--title", security_issue_title(issue),
         "--body", security_issue_body(issue),
     ]
+    if project:
+        command.extend(['--project', project])
     # fmt: on
     try:
         result = subprocess.run(command, check=True, capture_output=True)
@@ -235,6 +237,9 @@ def create(
     input_file: typer.FileText = typer.Argument(
         default="-", mode="r", help="file of cve's in the jsonl format"
     ),
+    project: str = typer.Option(
+        default="", help="Project the created ticket shall be associated with."
+    ),
 ) -> None:
     """
     Create GitHub issues for CVE's
@@ -246,7 +251,7 @@ def create(
     Links to the created issue(s)
     """
     for issue in _issues(input_file):
-        std_err, std_out = create_security_issue(issue)
+        std_err, std_out = create_security_issue(issue, project)
         stderr(std_err)
         stdout(std_out)
 

exasol/toolbox/version.py

@@ -5,6 +5,6 @@
 # Do not edit this file manually!
 # If you need to change the version, do so in the project.toml, e.g. by using `poetry version X.Y.Z`.
 MAJOR = 0
-MINOR = 6
-PATCH = 2
+MINOR = 7
+PATCH = 0
 VERSION = f"{MAJOR}.{MINOR}.{PATCH}"

pyproject.toml

@@ -3,7 +3,7 @@ name = "exasol-toolbox"
 packages = [
     { include = "exasol" },
 ]
-version = "0.6.2"
+version = "0.7.0"
 description = ""
 authors = [
     "Nicola Coretti <[email protected]>"