Merge pull request #4 from sonatype-nexus-community/standard_props

Apply standards only if out of spec
sonatype-nexus-community · Oct 18, 2024 · 9dcb4b8 · 9dcb4b8
2 parents 6cdf9a7 + 40cb575
commit 9dcb4b8
Show file tree

Hide file tree

Showing 6 changed files with 411 additions and 25 deletions.
diff --git a/.github/workflows/GITHUBACTIONS-README.md b/.github/workflows/GITHUBACTIONS-README.md
@@ -0,0 +1,6 @@
+GitHub Actions Notes
+====================
+
+Local Builds
+---------------
+See: [Running GitHub Actions Locally](https://contribute.sonatype.com/docs/how-to/testing-github-actions-locally/).
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -0,0 +1,34 @@
+name: Run tests
+
+on:
+  pull_request_target:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        # This is the version of the action for setting up Python, not the Python version.
+        uses: actions/setup-python@v5
+        with:
+          # Semantic version range syntax or exact version of a Python version
+          python-version: '3.x'
+      - name: Display Python version
+        run: python -c "import sys; print(sys.version)"
+      - name: Install poetry
+        # see https://github.com/marketplace/actions/setup-poetry
+        uses: Gr1N/setup-poetry@v9
+        with:
+          poetry-version: 1.8.4
+      - name: Install dependencies
+        run: poetry install
+      - name: Run tests
+        run: |
+          poetry run python -m unittest discover -s github_standards/test -p '*.py'
diff --git a/github_standards/__main__.py b/github_standards/__main__.py
@@ -20,6 +20,8 @@
 from github import Auth, Github
 from github.Repository import Repository
 
+from github_standards.standards import check_and_apply_standard_properties_to_repo, check_and_apply_standard_properties_to_branch
+
 GH_ORG_NAME = 'sonatype-nexus-community'
 EXCLUDED_REPO_NAMES = ['.github']
 
@@ -28,41 +30,20 @@ def apply_standards_to_repo(repo: Repository, do_actual_work: bool = False) -> N
     if repo.name not in EXCLUDED_REPO_NAMES:
         print(f'Reviewing Repo: {repo.name}...')
 
-        if repo.custom_properties.get('Owner-Assigned', 'false') == 'false':
+        if repo.custom_properties.get('Auto-Apply-Standards', 'false') == 'false':
             print(f'    Skipping {repo.name} as not part of standards management (yet!)')
 
-        print(f'    Enforcing Standards for {repo.name}')
-        if do_actual_work:
-            repo.edit(
-                allow_auto_merge=False,
-                allow_merge_commit=True,
-                allow_rebase_merge=False,
-                allow_squash_merge=True,
-                allow_update_branch=True,
-                delete_branch_on_merge=True,
-                has_discussions=True,
-                has_issues=True,
-                has_projects=False,
-                has_wiki=False,
-                web_commit_signoff_required=True
-            )
-        print(f'        Repo Standards applied')
+        print(f'    Assessing Standards for {repo.name}')
+        check_and_apply_standard_properties_to_repo(repo, do_actual_work)
 
         main_branch = repo.default_branch
         if main_branch != 'main':
             print(f'    WARNING: {repo.name}\'s default branch is not called main it is: {main_branch}')
 
         if do_actual_work:
             main_b = repo.get_branch(main_branch)
-
             if main_b:
-                main_b.edit_protection(
-                    allow_deletions=False,
-                    allow_force_pushes=False,
-                    require_code_owner_reviews=True,
-                    required_approving_review_count=1,
-                )
-                main_b.add_required_signatures()
+                check_and_apply_standard_properties_to_branch(repo, main_b, do_actual_work)
 
                 # @todo: Status Checks as this relies upon GitHub actions being present
                 # main_b.edit_required_status_checks(strict=True, contexts=[

diff --git a/github_standards/standards.py b/github_standards/standards.py
@@ -0,0 +1,105 @@
+# -*-: coding: utf-8
+
+#
+# Copyright 2023-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from github import Repository, Branch
+
+
+def check_and_apply_standard_properties_to_repo(repo: Repository, do_actual_work: bool = False) -> str:
+    # check if repo is already in spec
+    standard_props = {
+        'allow_auto_merge': False,
+        'allow_merge_commit': True,
+        'allow_rebase_merge': False,
+        'allow_squash_merge': True,
+        'allow_update_branch': True,
+        'delete_branch_on_merge': True,
+        'has_discussions': True,
+        'has_issues': True,
+        'has_projects': False,
+        'has_wiki': False,
+        'web_commit_signoff_required': True
+    }
+
+    props_not_as_per_standards = ''
+    for prop, val in standard_props.items():
+        if getattr(repo, prop) != val:
+            print(f'        {prop} is not set to {val} in {repo.name}')
+            if props_not_as_per_standards != '':
+                props_not_as_per_standards = f'{props_not_as_per_standards},'
+            props_not_as_per_standards = props_not_as_per_standards + prop
+
+    if props_not_as_per_standards != '':
+        print(f'    Setting Standards for {repo.name} - missing {props_not_as_per_standards}')
+        if do_actual_work:
+            repo.edit(**standard_props)
+            print(f'        Repo Standards applied')
+
+    return props_not_as_per_standards
+
+
+def check_and_apply_standard_properties_to_branch(repo, branch: Branch, do_actual_work: bool = False) -> str:
+    # check if branch is already in spec
+    standard_branch_protection = {
+        'allow_deletions': False,
+        'allow_force_pushes': False,
+    }
+    props_not_as_per_standards = ''
+    for prop, val in standard_branch_protection.items():
+        if getattr(branch.get_protection(), prop) != val:
+            print(f'        {prop} is not set to {val} in {repo.name}')
+            if props_not_as_per_standards != '':
+                props_not_as_per_standards = f'{props_not_as_per_standards},'
+            props_not_as_per_standards = props_not_as_per_standards + prop
+
+    if props_not_as_per_standards != '':
+        print(f'    Setting Standards for {repo.name} - missing {props_not_as_per_standards}')
+        if do_actual_work:
+            branch.edit_protection(**standard_branch_protection)
+            print(f'        Branch Standards applied')
+
+
+    standard_pull_request_reviews = {
+        'require_code_owner_reviews': True,
+        'required_approving_review_count': 1, # Perhaps we should allow this to be greater than 1?
+    }
+    missing_pr_standards = ''
+    for prop, val in standard_pull_request_reviews.items():
+        if getattr(branch.get_required_pull_request_reviews(), prop) != val:
+            print(f'        {prop} is not set to {val} in {repo.name}')
+            if missing_pr_standards != '':
+                missing_pr_standards = f'{missing_pr_standards},'
+            missing_pr_standards = missing_pr_standards + prop
+
+    if missing_pr_standards != '':
+        print(f'    Setting Standards for {repo.name} - missing {missing_pr_standards}')
+        if do_actual_work:
+            branch.edit_protection(**standard_pull_request_reviews)
+            print(f'        Branch Standards applied')
+
+    if not branch.get_required_signatures():
+        print(f'        required_signatures is not set to True in {repo.name}')
+        if missing_pr_standards != '':
+            missing_pr_standards = f'{missing_pr_standards},'
+        missing_pr_standards = missing_pr_standards + 'required_signatures'
+        if do_actual_work:
+            branch.add_required_signatures()
+            print(f'        Branch required signatures applied')
+
+    if missing_pr_standards != '':
+        props_not_as_per_standards = f'{props_not_as_per_standards},'
+
+    return props_not_as_per_standards + missing_pr_standards
diff --git a/github_standards/test/__init__.py b/github_standards/test/__init__.py
@@ -0,0 +1,17 @@
+# -*-: coding: utf-8
+
+#
+# Copyright 2023-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#