entitlements-gitrepo-auditor-plugin

Author: DanHoerst

.github/workflows/acceptance.yml

@@ -0,0 +1,83 @@
+name: acceptance
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  # Detects changes to any of the source files for entitlements-gitrepo-auditor-plugin
+  changes:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    outputs:
+      has_change: ${{ steps.diff.outputs.has_change}}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - id: fetch-base
+        if: github.event_name == 'pull_request'
+        name: fetch the latest commit in the base branch to diff against
+        run: git fetch --no-tags --prune --depth=1 origin '+refs/heads/${{ github.base_ref }}:refs/remotes/origin/${{ github.base_ref }}'
+
+      - id: diff
+        if: github.event_name == 'pull_request'
+        name: diff against the base branch latest commit for specific paths
+        run: |
+          git diff \
+            origin/${{ github.base_ref }} \
+            HEAD \
+            -- \
+              'bin/**' \
+              'lib/**' \
+              'script/**' \
+              'spec/**' \
+              'vendor/**' \
+              '.ruby-version' \
+              'entitlements-gitrepo-auditor-plugin.gemspec' \
+              'Gemfile' \
+              'Gemfile.lock' \
+            > diff.txt
+
+            # If the diff file is not empty, it has changes.
+            [ -s diff.txt ] && echo "::set-output name=has_change::true" || echo "::set-output name=has_change::false"
+  
+      - name: set has_change to true for push to main/master
+        if: github.event_name == 'push'
+        run: echo "::set-output name=has_change::true"
+
+  acceptance-suite:
+    needs: changes
+    runs-on: ubuntu-latest
+    name: runner / acceptance-tests
+    permissions:
+      contents: read
+
+    steps:
+
+      # If source files were not changed, we don't need the acceptance test suite
+      - name: bypass
+        if: ${{ needs.changes.outputs.has_change != 'true' }}
+        run: |
+          echo "✅ Bypassing acceptance tests - they are not required for this change"
+
+      - name: Check out code
+        if: ${{ needs.changes.outputs.has_change == 'true' }}
+        uses: actions/checkout@v2
+
+      # Use Docker layer caching for 'docker build' and 'docker-compose build' commands.
+      # https://github.com/satackey/action-docker-layer-caching/releases/tag/v0.0.11
+      - uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052
+        if: ${{ needs.changes.outputs.has_change == 'true' }}
+        continue-on-error: true
+
+      - name: acceptance tests
+        if: ${{ needs.changes.outputs.has_change == 'true' }}
+        run: script/cibuild-entitlements-gitrepo-auditor-plugin-acceptance
+
+      - name: acceptance tests passed
+        run: echo "✅ The acceptance test suite has passed"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,45 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '25 4 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'ruby' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/lint.yml

@@ -0,0 +1,27 @@
+name: lint
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  rubocop:
+    name: runner / rubocop
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      # https://github.com/ruby/setup-ruby/releases/tag/v1.87.0
+      - uses: ruby/setup-ruby@cf1a6dd2d8563b59c7007e381836fd252ab2ac5b
+        with:
+          ruby-version: 2.7.5
+          bundler-cache: true
+
+      - name: rubocop
+        run: bundle exec rubocop -c .rubocop.yml lib/ spec/

.github/workflows/test.yml

@@ -0,0 +1,27 @@
+name: test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  rubocop:
+    name: runner / rspec
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      # https://github.com/ruby/setup-ruby/releases/tag/v1.87.0
+      - uses: ruby/setup-ruby@cf1a6dd2d8563b59c7007e381836fd252ab2ac5b
+        with:
+          ruby-version: 2.7.5
+          bundler-cache: true
+
+      - name: rspec tests
+        run: script/test -d

.gitignore

@@ -0,0 +1,19 @@
+/.bundle
+/vendor/gems
+
+# Ignore binstubs
+bin/*
+!bin/.keep
+
+# There's a place for local caching of container gems to make local builds faster.
+# Keep the .keep file but not the gems themselves
+vendor/container-gems/*
+!vendor/container-gems/.keep
+
+# Coverage reports
+coverage/*
+
+.*.swp
+
+# Ignore JetBrains IDEs
+.idea

.rubocop.yml

@@ -0,0 +1,12 @@
+inherit_gem:
+  rubocop-github:
+    - config/default.yml
+
+AllCops:
+  DisplayCopNames: true
+  TargetRubyVersion: 2.7.5
+  Exclude:
+    - 'bin/*'
+    - 'spec/acceptance/fixtures/**/*'
+    - 'spec/unit/fixtures/**/*'
+    - 'vendor/gems/**/*'

.ruby-version

@@ -0,0 +1 @@
+2.7.5

Gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec

Gemfile.lock

@@ -0,0 +1,138 @@
+PATH
+  remote: .
+  specs:
+    entitlements-gitrepo-auditor-plugin (0.1.0)
+      concurrent-ruby (= 1.1.9)
+      contracts (= 0.16.0)
+      faraday (>= 0.17.3, < 0.18)
+      net-ldap (~> 0.17.0)
+      octokit (~> 4.18)
+      optimist (= 3.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (6.1.6)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ast (2.4.2)
+    concurrent-ruby (1.1.9)
+    contracts (0.16.0)
+    contracts-rspec (0.1.0)
+    crack (0.4.5)
+      rexml
+    diff-lcs (1.4.4)
+    docile (1.4.0)
+    entitlements (0.1.5.g6c8e3a79)
+      concurrent-ruby (= 1.1.9)
+      contracts (= 0.16.0)
+      faraday (>= 0.17.3, < 0.18)
+      net-ldap (~> 0.17.0)
+      octokit (~> 4.18)
+      optimist (= 3.0.0)
+    faraday (0.17.4)
+      multipart-post (>= 1.2, < 3)
+    hashdiff (1.0.1)
+    i18n (1.10.0)
+      concurrent-ruby (~> 1.0)
+    json (2.6.1)
+    minitest (5.15.0)
+    multipart-post (2.1.1)
+    net-ldap (0.17.0)
+    octokit (4.21.0)
+      faraday (>= 0.9)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    optimist (3.0.0)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.4.0)
+    rexml (3.2.5)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.6)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.3)
+    rubocop (1.29.1)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.17.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.18.0)
+      parser (>= 3.1.1.0)
+    rubocop-github (0.17.0)
+      rubocop
+      rubocop-performance
+      rubocop-rails
+    rubocop-performance (1.13.3)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rails (2.14.2)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.7.0, < 2.0)
+    ruby-progressbar (1.11.0)
+    rugged (0.27.5)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-erb (0.1.1)
+      simplecov
+    simplecov-html (0.10.2)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.1.0)
+    vcr (4.0.0)
+    webmock (3.4.2)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+    zeitwerk (2.5.4)
+
+PLATFORMS
+  ruby
+  x86_64-darwin-19
+
+DEPENDENCIES
+  contracts-rspec (= 0.1.0)
+  entitlements (= 0.1.5.g6c8e3a79)
+  entitlements-gitrepo-auditor-plugin!
+  rake (= 13.0.6)
+  rspec (= 3.8.0)
+  rspec-core (= 3.8.0)
+  rubocop (= 1.29.1)
+  rubocop-github (= 0.17.0)
+  rubocop-performance (= 1.13.3)
+  rugged (= 0.27.5)
+  simplecov (= 0.16.1)
+  simplecov-erb (= 0.1.1)
+  vcr (= 4.0.0)
+  webmock (= 3.4.2)
+
+BUNDLED WITH
+   2.2.24