From fcc74ebe4b4f3255551e94b20d730f12cf548e34 Mon Sep 17 00:00:00 2001 From: Dmitry Kolomiets <55797411+kolomied@users.noreply.github.com> Date: Mon, 1 Aug 2022 15:09:14 +0100 Subject: [PATCH 1/8] Update .goreleaser.yml --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 23ef6a3..fc986fc 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -26,6 +26,6 @@ archives: release: prerelease: auto github: - owner: aquasecurity + owner: kolomied name: tfsec-pr-commenter-action From ad9d1b9effb88b823a34c1aa18280149e1abc124 Mon Sep 17 00:00:00 2001 From: Dmitry Kolomiets Date: Mon, 1 Aug 2022 16:27:58 +0100 Subject: [PATCH 2/8] Trying out enterprise connector version --- cmd/commenter/commenter.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/commenter/commenter.go b/cmd/commenter/commenter.go index 5b83e35..22bed40 100644 --- a/cmd/commenter/commenter.go +++ b/cmd/commenter/commenter.go @@ -47,7 +47,9 @@ func main() { } fmt.Printf("TFSec found %v issues\n", len(results)) - c, err := commenter.NewCommenter(token, owner, repo, prNo) + //c, err := commenter.NewCommenter(token, owner, repo, prNo) + c, err := commenter.NewEnterpriseCommenter(token, "https://github.dxc.com/api/v3/", "https://github.dxc.com/api/v3/", owner, repo, prNo) + if err != nil { fail(fmt.Sprintf("could not connect to GitHub (%s)", err.Error())) } From c539b6b74d94a9bbb5aa3cfcc1b575bacc441347 Mon Sep 17 00:00:00 2001 From: Dmitry Kolomiets Date: Mon, 1 Aug 2022 17:32:28 +0100 Subject: [PATCH 3/8] Add support for Enterprise URL --- cmd/commenter/commenter.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/cmd/commenter/commenter.go b/cmd/commenter/commenter.go index 22bed40..bf1d578 100644 --- a/cmd/commenter/commenter.go +++ b/cmd/commenter/commenter.go @@ -7,6 +7,7 @@ import ( "os" "strconv" "strings" + "net/url" "github.com/owenrumney/go-github-pr-commenter/commenter" ) @@ -47,8 +48,20 @@ func main() { } fmt.Printf("TFSec found %v issues\n", len(results)) - //c, err := commenter.NewCommenter(token, owner, repo, prNo) - c, err := commenter.NewEnterpriseCommenter(token, "https://github.dxc.com/api/v3/", "https://github.dxc.com/api/v3/", owner, repo, prNo) + github_api_url := os.Getenv("GITHUB_API_URL") + + var c *commenter.Commenter + if github_api_url == "" || github_api_url == "https://api.github.com" { + c, err = commenter.NewCommenter(token, owner, repo, prNo) + } else { + url, err := url.Parse(github_api_url) + if err != nil { + fail(fmt.Sprintf("failed to parse GitHub API URL. %s", err.Error())) + } + + enterpriseUrl := fmt.Sprintf("%s://%s", url.Scheme, url.Hostname()) + c, err = commenter.NewEnterpriseCommenter(token, enterpriseUrl, enterpriseUrl, owner, repo, prNo) + } if err != nil { fail(fmt.Sprintf("could not connect to GitHub (%s)", err.Error())) From 5076f0fd4f40635e408f0492ef8dfe1722042528 Mon Sep 17 00:00:00 2001 From: Dmitry Kolomiets Date: Tue, 2 Aug 2022 10:35:23 +0100 Subject: [PATCH 4/8] Minor refactoring - extract commenter creation method --- cmd/commenter/commenter.go | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/cmd/commenter/commenter.go b/cmd/commenter/commenter.go index bf1d578..b65b47d 100644 --- a/cmd/commenter/commenter.go +++ b/cmd/commenter/commenter.go @@ -48,21 +48,7 @@ func main() { } fmt.Printf("TFSec found %v issues\n", len(results)) - github_api_url := os.Getenv("GITHUB_API_URL") - - var c *commenter.Commenter - if github_api_url == "" || github_api_url == "https://api.github.com" { - c, err = commenter.NewCommenter(token, owner, repo, prNo) - } else { - url, err := url.Parse(github_api_url) - if err != nil { - fail(fmt.Sprintf("failed to parse GitHub API URL. %s", err.Error())) - } - - enterpriseUrl := fmt.Sprintf("%s://%s", url.Scheme, url.Hostname()) - c, err = commenter.NewEnterpriseCommenter(token, enterpriseUrl, enterpriseUrl, owner, repo, prNo) - } - + c, err := createCommenter(token, owner, repo, prNo) if err != nil { fail(fmt.Sprintf("could not connect to GitHub (%s)", err.Error())) } @@ -116,6 +102,24 @@ func main() { } } +func createCommenter(token, owner, repo string, prNo int) (*commenter.Commenter, error) { + var err error + var c *commenter.Commenter + + githubApiUrl := os.Getenv("GITHUB_API_URL") + if githubApiUrl == "" || githubApiUrl == "https://api.github.com" { + c, err = commenter.NewCommenter(token, owner, repo, prNo) + } else { + url, err := url.Parse(githubApiUrl) + if err != nil { + enterpriseUrl := fmt.Sprintf("%s://%s", url.Scheme, url.Hostname()) + c, err = commenter.NewEnterpriseCommenter(token, enterpriseUrl, enterpriseUrl, owner, repo, prNo) + } + } + + return c, err +} + func generateErrorMessage(result result) string { return fmt.Sprintf(`:warning: tfsec found a **%s** severity issue from rule `+"`%s`"+`: > %s From 452f539fd3fa60318764554148914ac85e88c66a Mon Sep 17 00:00:00 2001 From: Dmitry Kolomiets Date: Wed, 3 Aug 2022 09:35:42 +0100 Subject: [PATCH 5/8] Revert owner back to aquasecurity --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index fc986fc..23ef6a3 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -26,6 +26,6 @@ archives: release: prerelease: auto github: - owner: kolomied + owner: aquasecurity name: tfsec-pr-commenter-action From 683c3f74ccec8eaaaa0eeaa959dd7b288b73a334 Mon Sep 17 00:00:00 2001 From: Dmitry Kolomiets Date: Wed, 3 Aug 2022 09:43:02 +0100 Subject: [PATCH 6/8] Get rid of GITHUB_EVENT_PATH as it is covered by another PR --- cmd/commenter/commenter.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cmd/commenter/commenter.go b/cmd/commenter/commenter.go index b65b47d..6bb67ad 100644 --- a/cmd/commenter/commenter.go +++ b/cmd/commenter/commenter.go @@ -129,10 +129,7 @@ More information available %s`, } func extractPullRequestNumber() (int, error) { - github_event_file := os.Getenv("GITHUB_EVENT_PATH") - if github_event_file == "" { - github_event_file = "/github/workflow/event.json" - } + github_event_file := "/github/workflow/event.json" file, err := ioutil.ReadFile(github_event_file) if err != nil { From cf94b67fdd052fdedd8f7a2d7378e0390b50f104 Mon Sep 17 00:00:00 2001 From: Dmitry Kolomiets Date: Wed, 3 Aug 2022 09:43:40 +0100 Subject: [PATCH 7/8] Remove whitespace --- cmd/commenter/commenter.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/commenter/commenter.go b/cmd/commenter/commenter.go index 6bb67ad..c5ffe47 100644 --- a/cmd/commenter/commenter.go +++ b/cmd/commenter/commenter.go @@ -130,7 +130,6 @@ More information available %s`, func extractPullRequestNumber() (int, error) { github_event_file := "/github/workflow/event.json" - file, err := ioutil.ReadFile(github_event_file) if err != nil { fail(fmt.Sprintf("GitHub event payload not found in %s", github_event_file)) From 63bd3c441c78ca8a60964fc62b0e2cc028ae4fce Mon Sep 17 00:00:00 2001 From: Dmitry Kolomiets Date: Tue, 9 Aug 2022 15:49:45 +0100 Subject: [PATCH 8/8] Fixing typo - create the connector if there is NO error with URL parsing --- cmd/commenter/commenter.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/commenter/commenter.go b/cmd/commenter/commenter.go index c5ffe47..63bb2f4 100644 --- a/cmd/commenter/commenter.go +++ b/cmd/commenter/commenter.go @@ -111,7 +111,7 @@ func createCommenter(token, owner, repo string, prNo int) (*commenter.Commenter, c, err = commenter.NewCommenter(token, owner, repo, prNo) } else { url, err := url.Parse(githubApiUrl) - if err != nil { + if err == nil { enterpriseUrl := fmt.Sprintf("%s://%s", url.Scheme, url.Hostname()) c, err = commenter.NewEnterpriseCommenter(token, enterpriseUrl, enterpriseUrl, owner, repo, prNo) }