github.com/xgoffin/jenkins-library@v1.154.0/cmd/githubCheckBranchProtection.go (about) 1 package cmd 2 3 import ( 4 "context" 5 "fmt" 6 "strings" 7 8 "github.com/SAP/jenkins-library/pkg/log" 9 "github.com/SAP/jenkins-library/pkg/telemetry" 10 "github.com/google/go-github/v32/github" 11 12 "github.com/pkg/errors" 13 14 piperGithub "github.com/SAP/jenkins-library/pkg/github" 15 ) 16 17 type gitHubBranchProtectionRepositoriesService interface { 18 GetBranchProtection(ctx context.Context, owner, repo, branch string) (*github.Protection, *github.Response, error) 19 } 20 21 func githubCheckBranchProtection(config githubCheckBranchProtectionOptions, telemetryData *telemetry.CustomData) { 22 //TODO provide parameter for trusted certs 23 ctx, client, err := piperGithub.NewClient(config.Token, config.APIURL, "", []string{}) 24 if err != nil { 25 log.Entry().WithError(err).Fatal("Failed to get GitHub client") 26 } 27 28 err = runGithubCheckBranchProtection(ctx, &config, telemetryData, client.Repositories) 29 if err != nil { 30 log.Entry().WithError(err).Fatal("GitHub branch protection check failed") 31 } 32 } 33 34 func runGithubCheckBranchProtection(ctx context.Context, config *githubCheckBranchProtectionOptions, telemetryData *telemetry.CustomData, ghRepositoriesService gitHubBranchProtectionRepositoriesService) error { 35 ghProtection, _, err := ghRepositoriesService.GetBranchProtection(ctx, config.Owner, config.Repository, config.Branch) 36 if err != nil { 37 return errors.Wrap(err, "failed to read branch protection information") 38 } 39 40 // validate required status checks 41 for _, check := range config.RequiredChecks { 42 var found bool 43 foundContexts := []string{} 44 if requiredStatusChecks := ghProtection.GetRequiredStatusChecks(); requiredStatusChecks != nil { 45 foundContexts = requiredStatusChecks.Contexts 46 } 47 for _, context := range foundContexts { 48 if check == context { 49 found = true 50 } 51 } 52 if !found { 53 return fmt.Errorf("required status check '%v' not found among '%v' in branch protection configuration", check, strings.Join(foundContexts, ",")) 54 } 55 } 56 57 // validate that admins are enforced in checks 58 if config.RequireEnforceAdmins && !ghProtection.GetEnforceAdmins().Enabled { 59 return fmt.Errorf("admins are not enforced in branch protection configuration") 60 } 61 62 // validate number of mandatory reviewers 63 if config.RequiredApprovingReviewCount > 0 && ghProtection.GetRequiredPullRequestReviews().RequiredApprovingReviewCount < config.RequiredApprovingReviewCount { 64 return fmt.Errorf("not enough mandatory reviewers in branch protection configuration, expected at least %v, got %v", config.RequiredApprovingReviewCount, ghProtection.GetRequiredPullRequestReviews().RequiredApprovingReviewCount) 65 } 66 67 return nil 68 }