search

turbot / steampipe-plugin-github

Use SQL to instantly query repositories, users, gists and more from GitHub. Open source CLI. No DB required.
https://hub.steampipe.io/plugins/turbot/github
Apache License 2.0
74 stars 30 forks source link

Add table github_repository_ruleset #437

Closed gabrielsoltz closed 5 months ago

gabrielsoltz commented 5 months ago

The table github_branch_protection returns the branch protection for a specific repository, which is correct, but there is another way of configuring branch protection: using rulesets at the repository level.

Rulesets are branch protection rules on steroids. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets

This is the API I found: https://docs.github.com/en/rest/repos/rules?apiVersion=2022-11-28

Happy to help testing if needed.

References

https://docs.github.com/en/rest/repos/rules?apiVersion=2022-11-28

ParthaI commented 5 months ago

Hello @gabrielsoltz,

We have submitted a PR that adds support for querying the github_repository_ruleset table in Steampipe.

We'd love for you to try it out on the PR branch and share your feedback.

To test it on the issue-437 branch, follow these steps:

  1. Clone the repository: git clone https://github.com/turbot/steampipe-plugin-github.git
  2. Navigate to the project directory: cd steampipe-plugin-github
  3. Check out the branch: git checkout issue-437
  4. Build the project: make
  5. Run your query.

Thank you!

gabrielsoltz commented 5 months ago

Hi @ParthaI, thank you so much for taking this issue! I'm testing the feature, and I think there is an issue. I can get the list of rules for each repository, but in every rule, the id and type get corrected populated, but the params field is always null, which is incorrect.

ParthaI commented 5 months ago

Sorry, @gabrielsoltz, for the inconvenience. I have pushed a fix in the same branch to correctly populate the parameters.

Result:

> select
  id,
  name,
  r -> 'parameters' ->> 'Type' as type,
  r -> 'parameters' -> 'PullRequestParameters' ->> 'require_code_owner_review' as require_code_owner_review,
  r -> 'parameters' -> 'PullRequestParameters' ->> 'required_approving_review_count' as required_approving_review_count
from
  github_repository_ruleset,
  jsonb_array_elements(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
and
  (r -> 'parameters' ->>  'Type') = 'PullRequestParameters';
+-------------------------------------+--------+-----------------------+---------------------------+---------------------------------+
| id                                  | name   | type                  | require_code_owner_review | required_approving_review_count |
+-------------------------------------+--------+-----------------------+---------------------------+---------------------------------+
| RRS_lACqUmVwb3NpdG9yec4wTU8vzgAND1Q | test34 | PullRequestParameters | true                      | 0                               |
+-------------------------------------+--------+-----------------------+---------------------------+---------------------------------+

It would be great if you could pull the latest changes to your local environment and try it out again.

Thank you for your feedback and cooperation.

gabrielsoltz commented 5 months ago

Hi @ParthaI, I tested the new code, but in my case, I'm still seeing parameters: null

Rules Examples with null parameters:

{"id":"changed","parameters":null,"type":"REQUIRED_STATUS_CHECKS"}
{"id":"changed","parameters":null,"type":"PULL_REQUEST"}
{"id":"changed","parameters":null,"type":"NON_FAST_FORWARD"}
{"id":"changed","parameters":null,"type":"REQUIRED_LINEAR_HISTORY"}
ParthaI commented 5 months ago

Hello @gabrielsoltz, Did you build the plugin again by pulling the latest change from the branch issue-437? Please terminate all the steampipe running processes before executing the query.

I am bale to get the details:

 select
  repeat('*', length(id)) as id,
  name,
  r -> 'parameters' ->> 'Type' as type,
  r -> 'parameters' as parameters
from
  github_repository_ruleset,
  jsonb_array_elements(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
+-------------------------------------+-------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------->
| id                                  | name        | type                  | parameters                                                                                                                                                   >
+-------------------------------------+-------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------->
| *********************************** | test-branct |                       | {"CodeScanningParameters":{"code_scanning_tools":{"alerts_threshold":"","security_alerts_threshold":"","tool":""}},"CommitAuthorEmailPatternParameters":{"nam>
|                                     |             |                       | e":"","negate":false,"operator":"","pattern":""},"Type":"","UpdateParameters":{"update_allows_fetch_and_merge":false},"WorkflowsParameters":{"workflows":{"Pa>
| *********************************** | test-branct |                       | {"CodeScanningParameters":{"code_scanning_tools":{"alerts_threshold":"","security_alerts_threshold":"","tool":""}},"CommitAuthorEmailPatternParameters":{"nam>
|                                     |             |                       | e":"","negate":false,"operator":"","pattern":""},"Type":"","UpdateParameters":{"update_allows_fetch_and_merge":false},"WorkflowsParameters":{"workflows":{"Pa>
| *********************************** | test34      |                       | {"CodeScanningParameters":{"code_scanning_tools":{"alerts_threshold":"","security_alerts_threshold":"","tool":""}},"CommitAuthorEmailPatternParameters":{"nam>
|                                     |             |                       | e":"","negate":false,"operator":"","pattern":""},"Type":"","UpdateParameters":{"update_allows_fetch_and_merge":false},"WorkflowsParameters":{"workflows":{"Pa>
| *********************************** | test34      |                       | {"CodeScanningParameters":{"code_scanning_tools":{"alerts_threshold":"","security_alerts_threshold":"","tool":""}},"CommitAuthorEmailPatternParameters":{"nam>
|                                     |             |                       | e":"","negate":false,"operator":"","pattern":""},"Type":"","UpdateParameters":{"update_allows_fetch_and_merge":false},"WorkflowsParameters":{"workflows":{"Pa>
| *********************************** | test34      | PullRequestParameters | {"CodeScanningParameters":{"code_scanning_tools":{"alerts_threshold":"","security_alerts_threshold":"","tool":""}},"CommitAuthorEmailPatternParameters":{"nam>
|                                     |             |                       | :"","negate":false,"operator":"","pattern":""},"Type":"PullRequestParameters","UpdateParameters":{"update_allows_fetch_and_merge":false},"WorkflowsParameters>
+-------------------------------------+-------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------->

What are you getting if you are running the following GraphQL query for a particular repository in the GitHub GraphQL Explorer? I have only added the __typename for parameters.

{
  repository(owner: "<Owner>", name: "<Repo Name>") {
    rulesets(first: 10) {
      pageInfo {
        hasNextPage
        hasPreviousPage
      }
      edges {
        node {
          createdAt
          databaseId
          enforcement
          name
          id
          rules(first: 10) {
            pageInfo {
              hasNextPage
              hasPreviousPage
            }
            edges {
              node {
                id
                type
                parameters {
                  __typename
                }
              }
            }
          }
        }
      }
    }
  }
}
gabrielsoltz commented 5 months ago

Hi @ParthaI thank you for this, you are right, I forgot to make. Now after that I'm getting the error: Error: github: slice doesn't exist in any of 14 places to unmarshal (SQLSTATE HV000)

ParthaI commented 5 months ago

Thank you very much, @gabrielsoltz, for testing the code changes. I have pushed another commit to address the error in the same branch. Hopefully, you won't encounter the error anymore. Could you please pull the latest changes to your local and try again?

gabrielsoltz commented 5 months ago

Working 🚀

Here is another example for your docs, how to get the required_status_checks:

select
  id,
  name,
  r -> 'parameters' ->> 'Type' as type,
  r -> 'parameters' -> 'RequiredStatusChecksParameters' ->> 'required_status_checks' as required_status_checks
from
  github_repository_ruleset,
  jsonb_array_elements(rules) as r where repository_full_name = repo