Merge pull request #31 from mszostok/add-action-support

mszostok · web-flow · commit d18c45dcfcc4 · 2020-03-29T14:37:53.000+02:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,5 @@
+# Ignore everything
+**
+
+# Allow files and directories
+!/codeowners-validator
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,6 +1,9 @@
 builds:
 - env:
   - CGO_ENABLED=0
+  hooks:
+    # Install upx first, https://github.com/upx/upx/releases
+    post: ./hack/ci/compress.sh
   goos:
   - linux
   - darwin
@@ -30,3 +33,12 @@ changelog:
     exclude:
     - '^docs:'
     - '^test:'
+
+dockers:
+  - dockerfile: Dockerfile
+    binaries:
+      - codeowners-validator
+    image_templates:
+      - "mszostok/codeowners-validator:latest"
+      - "mszostok/codeowners-validator:{{ .Tag }}"
+      - "mszostok/codeowners-validator:v{{ .Major }}.{{ .Minor }}"
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,19 @@
+# Get latest CA certs & git
+FROM alpine:latest as deps
+RUN apk --update add ca-certificates
+RUN apk --update add git
+
+FROM scratch
+
+LABEL source=https://github.com/mszostok/codeowners-validator.git
+
+COPY ./codeowners-validator /codeowners-validator
+
+COPY --from=deps /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=deps /usr/bin/git /usr/bin/git
+COPY --from=deps /usr/bin/xargs  /usr/bin/xargs
+COPY --from=deps /lib /lib
+COPY --from=deps /usr/lib /usr/lib
+
+CMD ["/codeowners-validator"]
+
diff --git a/README.md b/README.md
@@ -47,27 +47,39 @@ You can install `codeowners-validator` with `env GO111MODULE=on go get -u github
 
 This will put `codeowners-validator` in `$(go env GOPATH)/bin`
 
-## Checks
+## Usage
 
-The following checks are enabled by default:
+#### Docker
 
-| Name       | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
-|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| duppatterns | **[Duplicated Pattern Checker]** <br /><br /> Reports if CODEOWNERS file contain duplicated lines with the same file pattern.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
-| files      | **[File Exist Checker]** <br /><br /> Reports if CODEOWNERS file contain lines with the file pattern that do not exist in a given repository.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
-| owners     | **[Valid Owner Checker]** <br /><br /> Reports if CODEOWNERS file contain invalid owners definition. Allowed owner syntax: `@username`, `@org/team-name` or `user@example.com` <br /> _source: https://help.github.com/articles/about-code-owners/#codeowners-syntax_. <br /> <br /> **Checks:** <br /> &#x09; 1. Check if the owner's definition is valid (is either a GitHub user name, an organization team name or an email address). <br /><br /> 2. Check if a GitHub owner has a GitHub account <br /><br /> 3. Check if a GitHub owner is in a given organization <br /> <br />4. Check if an organization team exists |
+```bash
+export GH_TOKEN=<your_token>
+docker run --rm -v $(pwd):/repo -w /repo \
+  -e REPOSITORY_PATH="." \
+  -e GITHUB_ACCESS_TOKEN="$GH_TOKEN" \
+  -e EXPERIMENTAL_CHECKS="notowned" \
+  -e OWNER_CHECKER_REPOSITORY="org-name/rep-name" \
+  mszostok/codeowners-validator:v0.4.0
+```
 
-The experimental checks are disabled by default:
+#### Command line
 
-| Name     | Description                                                                                                                                 |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------|
-| notowned | **[Not Owned File Checker]** <br /><br /> Reports if a given repository contain files that do not have specified owners in CODEOWNERS file. |
+```bash
+export GH_TOKEN=<your_token>
+env REPOSITORY_PATH="." \
+    GITHUB_ACCESS_TOKEN="$GH_TOKEN" \
+    EXPERIMENTAL_CHECKS="notowned" \
+    OWNER_CHECKER_REPOSITORY="org-name/rep-name" \
+  codeowners-validator
+```
 
-To enable experimental check set `EXPERIMENTAL_CHECKS=notowned` environment variable. 
+#### GitHub Action
 
-Check the [Usage](#usage) section for more info on how to enable and configure given checks.
+Coming soon 😎 Stay tuned!
 
-## Usage
+
+Check the [Configuration](#configuration) section for more info on how to enable and configure given checks.
+
+## Configuration
 
 Use the following environment variables to configure the application:
 
@@ -80,11 +92,31 @@ Use the following environment variables to configure the application:
 | <tt>CHECKS</tt>| - |  The list of checks that will be executed. By default, all checks are executed. Possible values: `files`,`owners`,`duppatterns` |
 | <tt>EXPERIMENTAL_CHECKS</tt> | - | The comma-separated list of experimental checks that should be executed. By default, all experimental checks are turned off. Possible values: `notowned`.|
 | <tt>CHECK_FAILURE_LEVEL</tt> | `warning` | Defines the level on which the application should treat check issues as failures. Defaults to `warning`, which treats both errors and warnings as failures, and exits with error code 3. Possible values are `error` and `warning`. |
-| <tt>OWNER_CHECKER_ORGANIZATION_NAME</tt>  <b>*</b>| | The organization name where the repository is created. Used to check if GitHub owner is in the given organization. |
+| <tt>OWNER_CHECKER_REPOSITORY</tt>  <b>*</b>| | The owner and repository name separated by slash. For example, gh-codeowners/codeowners-samples. Used to check if GitHub owner is in the given organization. |
 | <tt>NOT_OWNED_CHECKER_SKIP_PATTERNS</tt>| - | The comma-separated list of patterns that should be ignored by `not-owned-checker`. For example, you can specify `*` and as a result, the `*` pattern from the **CODEOWNERS** file will be ignored and files owned by this pattern will be reported as unowned unless a later specific pattern will match that path. It's useful because often we have default owners entry at the begging of the CODOEWNERS file, e.g. `*       @global-owner1 @global-owner2` |
 
  <b>*</b> - Required
 
+## Checks
+
+The following checks are enabled by default:
+
+| Name       | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| duppatterns | **[Duplicated Pattern Checker]** <br /><br /> Reports if CODEOWNERS file contain duplicated lines with the same file pattern.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
+| files      | **[File Exist Checker]** <br /><br /> Reports if CODEOWNERS file contain lines with the file pattern that do not exist in a given repository.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
+| owners     | **[Valid Owner Checker]** <br /><br /> Reports if CODEOWNERS file contain invalid owners definition. Allowed owner syntax: `@username`, `@org/team-name` or `user@example.com` <br /> _source: https://help.github.com/articles/about-code-owners/#codeowners-syntax_. <br /> <br /> **Checks:** <br /> &#x09; 1. Check if the owner's definition is valid (is either a GitHub user name, an organization team name or an email address). <br /><br /> 2. Check if a GitHub owner has a GitHub account <br /><br /> 3. Check if a GitHub owner is in a given organization <br /> <br />4. Check if an organization team exists |
+
+The experimental checks are disabled by default:
+
+| Name     | Description                                                                                                                                 |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------|
+| notowned | **[Not Owned File Checker]** <br /><br /> Reports if a given repository contain files that do not have specified owners in CODEOWNERS file. |
+
+To enable experimental check set `EXPERIMENTAL_CHECKS=notowned` environment variable. 
+
+Check the [Configuration](#configuration) section for more info on how to enable and configure given checks.
+
 #### Exit status codes
 
 Application exits with different status codes which allow you to easily distinguish between error categories.  
diff --git a/hack/ci/compress.sh b/hack/ci/compress.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# Inspired by https://liam.sh/post/makefiles-for-go-projects
+
+# standard bash error handling
+set -o nounset # treat unset variables as an error and exit immediately.
+set -o errexit # exit immediately when a command fails.
+set -E         # needs to be set if we want the ERR trap
+
+readonly CURRENT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+readonly ROOT_PATH=$( cd "${CURRENT_DIR}/../.." && pwd )
+readonly GOLANGCI_LINT_VERSION="v1.23.8"
+
+source "${CURRENT_DIR}/utilities.sh" || { echo 'Cannot load CI utilities.'; exit 1; }
+
+# This will find all files (not symlinks) with the executable bit set:
+# https://apple.stackexchange.com/a/116371
+binariesToCompress=$(find "${ROOT_PATH}/dist" -perm +111 -type f)
+
+shout "Staring compression for: \n$binariesToCompress"
+
+command -v upx > /dev/null || { echo 'UPX binary not found, skipping compression.'; exit 1; }
+
+# I just do not like playing with xargs ¯\_(ツ)_/¯
+for i in $binariesToCompress
+do
+  upx --brute "$i"
+done
diff --git a/internal/check/not_owned_file.go b/internal/check/not_owned_file.go
@@ -7,12 +7,12 @@ import (
 	"path"
 	"strings"
 
-	"github.com/hashicorp/go-multierror"
+	ctxutil "github.com/mszostok/codeowners-validator/internal/context"
 	"github.com/mszostok/codeowners-validator/pkg/codeowners"
+
+	"github.com/hashicorp/go-multierror"
 	"github.com/pkg/errors"
 	"gopkg.in/pipe.v2"
-
-	ctxutil "github.com/mszostok/codeowners-validator/internal/context"
 )
 
 type NotOwnedFileConfig struct {
@@ -104,6 +104,8 @@ func (c *NotOwnedFile) AppendToGitignoreFile(repoDir string, patterns []string)
 	defer f.Close()
 
 	content := strings.Builder{}
+	// ensure we are starting from new line
+	content.WriteString("\n")
 	for _, p := range patterns {
 		content.WriteString(fmt.Sprintf("%s\n", p))
 	}
diff --git a/internal/check/valid_owner.go b/internal/check/valid_owner.go
@@ -9,26 +9,34 @@ import (
 	ctxutil "github.com/mszostok/codeowners-validator/internal/context"
 
 	"github.com/google/go-github/v29/github"
+	"github.com/pkg/errors"
 )
 
 type ValidOwnerConfig struct {
-	OrganizationName string `envconfig:"optional"`
+	Repository string
 }
 
 // ValidOwner validates each owner
 type ValidOwner struct {
-	ghClient   *github.Client
-	orgMembers *map[string]struct{}
-	orgName    string
-	orgTeams   map[string][]*github.Team
+	ghClient    *github.Client
+	orgMembers  *map[string]struct{}
+	orgName     string
+	orgTeams    []*github.Team
+	orgRepoName string
 }
 
 // NewValidOwner returns new instance of the ValidOwner
-func NewValidOwner(cfg ValidOwnerConfig, ghClient *github.Client) *ValidOwner {
-	return &ValidOwner{
-		ghClient: ghClient,
-		orgName:  cfg.OrganizationName,
+func NewValidOwner(cfg ValidOwnerConfig, ghClient *github.Client) (*ValidOwner, error) {
+	split := strings.Split(cfg.Repository, "/")
+	if len(split) != 2 {
+		return nil, errors.Errorf("Wrong repository name. Expected pattern 'owner/repository', got '%s'", cfg.Repository)
 	}
+
+	return &ValidOwner{
+		ghClient:    ghClient,
+		orgName:     split[0],
+		orgRepoName: split[1],
+	}, nil
 }
 
 // Check checks if defined owners are the valid ones.
@@ -60,7 +68,7 @@ func (v *ValidOwner) Check(ctx context.Context, in Input) (Output, error) {
 			validFn := v.selectValidateFn(ownerName)
 			if err := validFn(ctx, ownerName); err != nil {
 				output.ReportIssue(err.msg, WithEntry(entry))
-				if err.rateLimitReached { // Doesn't make sense to process further. TODO(mszostok): change for more generic solution like, `IsPermanentError`
+				if err.permanent { // Doesn't make sense to process further
 					return output, nil
 				}
 			}
@@ -87,24 +95,24 @@ func (v *ValidOwner) selectValidateFn(name string) func(context.Context, string)
 	}
 }
 
-func (v *ValidOwner) initOrgListTeams(ctx context.Context, org string) ([]*github.Team, *validateError) {
+func (v *ValidOwner) initOrgListTeams(ctx context.Context) *validateError {
 	var teams []*github.Team
 	req := &github.ListOptions{
 		PerPage: 100,
 	}
 	for {
-		resultPage, resp, err := v.ghClient.Teams.ListTeams(ctx, org, req)
+		resultPage, resp, err := v.ghClient.Repositories.ListTeams(ctx, v.orgName, v.orgRepoName, req)
 		if err != nil { // TODO(mszostok): implement retry?
 			switch err := err.(type) {
 			case *github.ErrorResponse:
 				if err.Response.StatusCode == http.StatusUnauthorized {
-					return nil, newValidateError("Teams for organization %q could not be queried. Requires GitHub authorization.", org)
+					return newValidateError("Teams for organization %q could not be queried. Requires GitHub authorization.", v.orgName)
 				}
-				return nil, newValidateError("HTTP error occurred while calling GitHub: %v", err)
+				return newValidateError("HTTP error occurred while calling GitHub: %v", err)
 			case *github.RateLimitError:
-				return nil, newValidateError("GitHub rate limit reached: %v", err.Message).RateLimitReached()
+				return newValidateError("GitHub rate limit reached: %v", err.Message)
 			default:
-				return nil, newValidateError("Unknown error occurred while calling GitHub: %v", err)
+				return newValidateError("Unknown error occurred while calling GitHub: %v", err)
 			}
 		}
 		teams = append(teams, resultPage...)
@@ -114,31 +122,30 @@ func (v *ValidOwner) initOrgListTeams(ctx context.Context, org string) ([]*githu
 		req.Page = resp.NextPage
 	}
 
-	if v.orgTeams == nil {
-		v.orgTeams = map[string][]*github.Team{}
-	}
-	v.orgTeams[org] = teams
+	v.orgTeams = teams
 
-	return teams, nil
+	return nil
 }
 
 func (v *ValidOwner) validateTeam(ctx context.Context, name string) *validateError {
+	if v.orgTeams == nil {
+		if err := v.initOrgListTeams(ctx); err != nil {
+			return err.AsPermanent()
+		}
+	}
+
+	// called after validation it's safe to work on `parts` slice
 	parts := strings.SplitN(name, "/", 2)
 	org := parts[0]
 	org = strings.TrimPrefix(org, "@")
 	team := parts[1]
 
-	allTeams, ok := v.orgTeams[org]
-	if !ok {
-		var err *validateError
-		allTeams, err = v.initOrgListTeams(ctx, org)
-		if err != nil {
-			return err
-		}
+	if org != v.orgName {
+		return newValidateError("Team %q does not belongs to %q organization.", team, v.orgName)
 	}
 
 	teamExists := func() bool {
-		for _, v := range allTeams {
+		for _, v := range v.orgTeams {
 			if v.GetSlug() == team {
 				return true
 			}
@@ -156,7 +163,7 @@ func (v *ValidOwner) validateTeam(ctx context.Context, name string) *validateErr
 func (v *ValidOwner) validateGithubUser(ctx context.Context, name string) *validateError {
 	if v.orgMembers == nil { //TODO(mszostok): lazy init, make it more robust.
 		if err := v.initOrgListMembers(ctx); err != nil {
-			return newValidateError("Cannot initialize organization member list: %v", err)
+			return newValidateError("Cannot initialize organization member list: %v", err).AsPermanent()
 		}
 	}
 
@@ -168,11 +175,11 @@ func (v *ValidOwner) validateGithubUser(ctx context.Context, name string) *valid
 			if err.Response.StatusCode == http.StatusNotFound {
 				return newValidateError("User %q does not have github account", name)
 			}
-			return newValidateError("HTTP error occurred while calling GitHub: %v", err)
+			return newValidateError("HTTP error occurred while calling GitHub: %v", err).AsPermanent()
 		case *github.RateLimitError:
-			return newValidateError("GitHub rate limit reached: %v", err.Message).RateLimitReached()
+			return newValidateError("GitHub rate limit reached: %v", err.Message).AsPermanent()
 		default:
-			return newValidateError("Unknown error occurred while calling GitHub: %v", err)
+			return newValidateError("Unknown error occurred while calling GitHub: %v", err).AsPermanent()
 		}
 	}
 
@@ -223,9 +230,9 @@ func isEmailAddress(s string) bool {
 func isGithubTeam(s string) bool {
 	hasPrefix := strings.HasPrefix(s, "@")
 	containsSlash := strings.Contains(s, "/")
-	splited := strings.SplitN(s, "/", 3) // 3 is enough to confirm that is invalid + will not overflow the buffer
+	split := strings.SplitN(s, "/", 3) // 3 is enough to confirm that is invalid + will not overflow the buffer
 
-	if hasPrefix && containsSlash && len(splited) == 2 {
+	if hasPrefix && containsSlash && len(split) == 2 {
 		return true
 	}
 
diff --git a/internal/check/valid_owner_error.go b/internal/check/valid_owner_error.go
@@ -3,8 +3,8 @@ package check
 import "fmt"
 
 type validateError struct {
-	msg              string
-	rateLimitReached bool
+	msg       string
+	permanent bool
 }
 
 func newValidateError(format string, a ...interface{}) *validateError {
@@ -13,7 +13,7 @@ func newValidateError(format string, a ...interface{}) *validateError {
 	}
 }
 
-func (err *validateError) RateLimitReached() *validateError {
-	err.rateLimitReached = true
+func (err *validateError) AsPermanent() *validateError {
+	err.permanent = true
 	return err
 }
diff --git a/internal/envconfig/envconfig.go b/internal/envconfig/envconfig.go
diff --git a/internal/load/load.go b/internal/load/load.go
diff --git a/main.go b/main.go

Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,8 @@ package check`
`3`	`3`	`import "fmt"`
`4`	`4`
`5`	`5`	`type validateError struct {`
`6`		`- msg string`
`7`		`- rateLimitReached bool`
	`6`	`+ msg string`
	`7`	`+ permanent bool`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`func newValidateError(format string, a ...interface{}) *validateError {`
`@@ -13,7 +13,7 @@ func newValidateError(format string, a ...interface{}) *validateError {`
`13`	`13`	`}`
`14`	`14`	`}`
`15`	`15`
`16`		`-func (err validateError) RateLimitReached() validateError {`
`17`		`- err.rateLimitReached = true`
	`16`	`+func (err validateError) AsPermanent() validateError {`
	`17`	`+ err.permanent = true`
`18`	`18`	`return err`
`19`	`19`	`}`