check for settings issues across all repos (#128)

* check for settings issues across all repos * Updating build files in dist/ * typos * tweak * remove exec repos * remove exec repos * use underscore convension for private private repos * fix * fix * add ignore repo as action param * force boolean Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
KittyCAD · Oct 19, 2022 · 14d846c · 14d846c
1 parent d621e27
commit 14d846c
Show file tree

Hide file tree

Showing 17 changed files with 14,193 additions and 4,109 deletions.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -35,7 +35,7 @@
       "@typescript-eslint/no-unnecessary-type-assertion": "error",
       "@typescript-eslint/no-useless-constructor": "error",
       "@typescript-eslint/no-var-requires": "error",
-      "@typescript-eslint/prefer-for-of": "warn",
+      "@typescript-eslint/prefer-for-of": "off",
       "@typescript-eslint/prefer-function-type": "warn",
       "@typescript-eslint/prefer-includes": "error",
       "@typescript-eslint/prefer-string-starts-ends-with": "error",
@@ -46,7 +46,7 @@
       "@typescript-eslint/semi": ["error", "never"],
       "@typescript-eslint/type-annotation-spacing": "error",
       "@typescript-eslint/unbound-method": "error",
-      "github/array-foreach": "warn",
+      "github/array-foreach": "off",
       "no-console": "warn"
     },
     "env": {

diff --git a/.github/workflows/check-repo-settings.yml b/.github/workflows/check-repo-settings.yml
@@ -0,0 +1,31 @@
+name: 'get markdowns repo settings'
+
+on:
+  pull_request:
+    paths:
+      - src/check-repo-settings.ts
+      - dist/check-repo-settings/**.js
+      - .github/workflows/check-repo-settings.yml
+      - check-repo-settings/action.yml
+
+jobs:
+  check-repo-settings-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./check-repo-settings/
+        id: check-repo-settings
+        with:
+          github-token: ${{ secrets.GLOBAL_PAT }}
+          ignore-repos: |
+            [
+              "jordansPersonalLitterbox"
+            ]
+      - name: setup gh cli
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
+      - name: comment markdown
+        env:
+          PRNUM: ${{ github.event.pull_request.number }}
+          BODY: '${{ steps.check-repo-settings.outputs.body }}'
+        run: gh pr comment $PRNUM --body "$BODY"
diff --git a/check-repo-settings/action.yml b/check-repo-settings/action.yml
@@ -0,0 +1,18 @@
+name: 'Generate a report on which repos differ from settings we want across all repos'
+description: Looks at all KittyCAD repos to find issues with settings
+author: 'KittyCAD'
+inputs:
+  github-token:
+    required: true
+    description: github token
+  ignore-repos:
+    required: false
+    description: repos to ignore
+outputs:
+  body:
+    description: Output summary
+  isproblems:
+    description: if the action found any issues with our repos
+runs:
+  using: 'node16'
+  main: '../dist/check-repo-settings/index.js'
diff --git a/dist/check-repo-settings/index.js b/dist/check-repo-settings/index.js
diff --git a/dist/check-repo-settings/index.js.map b/dist/check-repo-settings/index.js.map
diff --git a/dist/check-repo-settings/licenses.txt b/dist/check-repo-settings/licenses.txt
diff --git a/dist/check-repo-settings/sourcemap-register.js b/dist/check-repo-settings/sourcemap-register.js
diff --git a/dist/update-machine-key-github/index.js b/dist/update-machine-key-github/index.js
diff --git a/dist/update-machine-key-github/index.js.map b/dist/update-machine-key-github/index.js.map
diff --git a/dist/update-machine-key-tfvars/index.js b/dist/update-machine-key-tfvars/index.js
diff --git a/dist/update-machine-key-tfvars/index.js.map b/dist/update-machine-key-tfvars/index.js.map
diff --git a/package.json b/package.json
@@ -9,10 +9,16 @@
     "format": "prettier --write '**/*.ts'",
     "format-check": "prettier --check '**/*.ts'",
     "lint": "eslint src/**/*.ts",
-    "package": "ncc build lib/autogen-readme-list/autogen-readme-list.js --source-map --license licenses.txt -o dist/autogen-readme-list && ncc build lib/weekly-contributions.js --source-map --license licenses.txt -o dist/weekly-contributions && ncc build lib/add-issues-to-project.js --source-map --license licenses.txt -o dist/add-issues-to-project && ncc build lib/show-visual-diffs-in-comment.js --source-map --license licenses.txt -o dist/show-visual-diffs-in-comment && ncc build lib/get-deployment-target-url.js --source-map --license licenses.txt -o dist/get-deployment-target-url && yarn cleanup && yarn package:update-machine-key-github && yarn package:update-machine-key-tfvars && yarn package:create-openapi-types",
+    "package": "yarn cleanup && yarn package:check-repo-settings && yarn package:autogen-readme-list && yarn package:weekly-contributions && yarn package:add-issues-to-project && yarn package:show-visual-diffs-in-comment && yarn package:get-deployment-target-url && yarn package:update-machine-key-github && yarn package:update-machine-key-tfvars && yarn package:create-openapi-types",
     "package:update-machine-key-github": "ncc build lib/update-machine-key-github.js --source-map --license licenses.txt -o dist/update-machine-key-github",
     "package:update-machine-key-tfvars": "ncc build lib/update-machine-key-tfvars.js --source-map --license licenses.txt -o dist/update-machine-key-tfvars",
     "package:create-openapi-types": "rm -rf dist/create-openapi-types/ && ncc build lib/create-openapi-types.js --source-map --license licenses.txt -o dist/create-openapi-types",
+    "package:autogen-readme-list": "ncc build lib/autogen-readme-list/autogen-readme-list.js --source-map --license licenses.txt -o dist/autogen-readme-list",
+    "package:weekly-contributions": "ncc build lib/weekly-contributions.js --source-map --license licenses.txt -o dist/weekly-contributions",
+    "package:add-issues-to-project": "ncc build lib/add-issues-to-project.js --source-map --license licenses.txt -o dist/add-issues-to-project",
+    "package:show-visual-diffs-in-comment": "ncc build lib/show-visual-diffs-in-comment.js --source-map --license licenses.txt -o dist/show-visual-diffs-in-comment",
+    "package:get-deployment-target-url": "ncc build lib/get-deployment-target-url.js --source-map --license licenses.txt -o dist/get-deployment-target-url",
+    "package:check-repo-settings": "ncc build lib/check-repo-settings.js --source-map --license licenses.txt -o dist/check-repo-settings",
     "test": "jest",
     "all": "npm run build && npm run format && npm run lint && npm run package && npm test",
     "cleanup": "rm -rf dist/create-openapi-types/"

diff --git a/src/check-repo-settings.ts b/src/check-repo-settings.ts
@@ -0,0 +1,171 @@
+import * as core from '@actions/core'
+import * as github from '@actions/github'
+import {inspect} from 'util'
+
+async function main(): Promise<void> {
+  const token = core.getInput('github-token')
+  const ignoreRepos = JSON.parse(core.getInput('ignore-repos') || '[]')
+  //   const token = process.env.GITHUB_TOKEN
+  const octokit = github.getOctokit(token)
+
+  const repoRulesQuery: {
+    organization: {
+      repositories: {
+        nodes: {
+          id: string
+          name: string
+          branchProtectionRules: {
+            nodes: {
+              requiresApprovingReviews: boolean
+              dismissesStaleReviews: boolean
+              allowsForcePushes: boolean
+              pattern: string
+            }[]
+          }
+          mergeCommitAllowed: boolean
+          rebaseMergeAllowed: boolean
+          squashMergeAllowed: boolean
+        }[]
+      }
+    }
+  } = await octokit.graphql(
+    `
+    query {
+        organization(login: "KittyCAD") {
+        repositories(first: 100){ 
+          nodes {
+              id
+              name
+              branchProtectionRules(first: 50) {
+                nodes {
+                  requiresApprovingReviews
+                  # requiredApprovingReviewCount
+                  dismissesStaleReviews
+                  allowsForcePushes
+                  pattern
+                }
+              }
+              mergeCommitAllowed
+              rebaseMergeAllowed
+              squashMergeAllowed
+          }
+        }
+      }
+    }
+      `
+  )
+  const mergeRuleMessage = [
+    '### Bad merge rules',
+    'Merge rules for the repo should be:',
+    'mergeCommitAllowed: `false`, rebaseMergeAllowed: `false`, squashMergeAllowed: `true`',
+    'The following repos have different merge rule settings:',
+    ''
+  ]
+  const initialMergeRuleMessageLength = mergeRuleMessage.length
+
+  const protectedBranchMessage = [
+    '### Bad protected branch rules',
+    'The `main` branch should be protected, requiring pull requests',
+    "The following repos don't have the correct settings for `main`:",
+    ''
+  ]
+  const initialProtectedBranchMessageLength = protectedBranchMessage.length
+  const repos: string[] = []
+  repoRulesQuery.organization.repositories.nodes.forEach(repo => {
+    const isPrivatePrivateRepo = repo.name.startsWith('_')
+    if (!isPrivatePrivateRepo) {
+      repos.push(repo.name)
+    }
+    const hasCorrectMergeRules =
+      !repo.mergeCommitAllowed &&
+      !repo.rebaseMergeAllowed &&
+      repo.squashMergeAllowed
+    if (
+      !hasCorrectMergeRules &&
+      !ignoreRepos.includes(repo.name) &&
+      !isPrivatePrivateRepo
+    ) {
+      mergeRuleMessage.push(
+        `- [ ] [${repo.name}](https://github.com/KittyCAD/${repo.name}/settings)`
+      )
+    } else {
+      console.log(`${repo.name} good merge rules`)
+    }
+
+    const isMainBranchProtected = repo.branchProtectionRules.nodes.some(
+      ({allowsForcePushes, pattern, requiresApprovingReviews}) => {
+        return (
+          pattern === 'main' && !allowsForcePushes && !requiresApprovingReviews
+        )
+      }
+    )
+    if (
+      !isMainBranchProtected &&
+      !ignoreRepos.includes(repo.name) &&
+      !isPrivatePrivateRepo
+    ) {
+      protectedBranchMessage.push(
+        `- [ ] [${repo.name}](https://github.com/KittyCAD/${repo.name}/settings/branches)`
+      )
+    } else {
+      console.log(`${repo.name} has main protected`)
+    }
+  })
+
+  const dependabotYmlFetches = await Promise.all(
+    repos.map(async repo => {
+      try {
+        await octokit.rest.repos.getContent({
+          owner: 'KittyCAD',
+          repo,
+          path: '.github/dependabot.yml'
+        })
+        //   const content = Buffer(response.data.content, 'base64').toString('ascii')
+        return {repo, fileMissing: false}
+      } catch {
+        return {repo, fileMissing: true}
+      }
+    })
+  )
+  const dependabotBulletMessage = [
+    '### Missing dependabot setup',
+    'All repos should have `.github/dependabot.yml` files',
+    'They are missing in the following:',
+    ''
+  ]
+  const initialDependabotBulletMessageLength = dependabotBulletMessage.length
+
+  dependabotYmlFetches.forEach(value => {
+    if (value.fileMissing && !ignoreRepos.includes(value.repo)) {
+      dependabotBulletMessage.push(
+        `- [ ] [${value.repo}](https://github.com/KittyCAD/${value.repo}/new/main/.github)`
+      )
+    }
+  })
+
+  const mergeRuleMessageSection =
+    initialMergeRuleMessageLength < mergeRuleMessage.length
+      ? mergeRuleMessage.join('\n')
+      : ''
+  const protectedBranchMessageSection =
+    initialProtectedBranchMessageLength < protectedBranchMessage.length
+      ? protectedBranchMessage.join('\n')
+      : ''
+  const dependabotBulletMessageSection =
+    initialDependabotBulletMessageLength < dependabotBulletMessage.length
+      ? dependabotBulletMessage.join('\n')
+      : ''
+  const issueBody = [
+    mergeRuleMessageSection,
+    protectedBranchMessageSection,
+    dependabotBulletMessageSection
+  ].join('\n\n')
+  const isProblems =
+    mergeRuleMessageSection ||
+    protectedBranchMessageSection ||
+    dependabotBulletMessageSection
+  core.setOutput('isproblems', !!isProblems)
+  core.setOutput('body', issueBody)
+}
+
+main()