enable restriction to repos matching a pattern

judell commented 2 years ago

This mod can wind up checking a lot of repos that you might not care about, and can hit rate limits doing so.

Would be nice to be able to check this way:

steampipe check benchmark.public_repo_best_practices --var repo_pattern=turbot/steampipe-mod

E.g. by doing something like this.

variable "repo_pattern" {
  type = string
  default = ""
}

benchmark "public_repo_best_practices" {
  title = "Public Repository Best Practices"
  description = "Best practices for your public repositories."
  children = [
    control.public_repo_issues_enabled
  ]
}

control "public_repo_issues_enabled" {
  title = "Issues should be enabled in each public repository"
  description = "Issues are essential to keep track of tasks, enhancements, and bugs."
  sql = <<-EOT
    select
      html_url as resource,
      case
        when has_issues then 'ok'
        else 'alarm'
      end as status,
      full_name || ' issues are ' || case when(has_issues)::bool then 'enabled' else 'disabled' end || '.' as reason,
      full_name
    from
      github_my_repository
    where
      full_name ~ $1
      and visibility = 'public' 
      and fork = ${local.include_forks}
  EOT
  param "repo_pattern" {
    default = var.repo_pattern
  }  
}

@cbruno10 we talked about this way back when I first started, was reminded of it today when building an example of using this mod. Would this be the right approach?

github-actions[bot] commented 1 year ago

'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.'

github-actions[bot] commented 1 year ago

'This issue was closed because it has been stalled for 90 days with no activity.'

turbot / steampipe-mod-github-sherlock

enable restriction to repos matching a pattern #30