Features & Refactors (#64)

* chore: 🔧 Rename repos.json This change is to allow repos.json & organizations.json to be added to gitignore so that privacy can be maintained in private organizations. * feat: ✨ Add missing java codeql file Not sure if this was intentional, but a java codeql file doesn't exists. This commit introduces the file * chore: ⬆️ Update deps Update documentation. `Yarn add` expects a package. The equivalent of npm install (install all deps)ya is `yarn install` or just `yarn` See: https://classic.yarnpkg.com/lang/en/docs/cli/install/ * feat: ✨ Simplify destDir, user, add root This commit attempts to simplify the determination of the destination directory and username. It also introduces the root for user home to be used in later feature. * refactor: ♻️ command refactor This commit is largely a refactor of the existing code. The point is to simplify the commands required for windows/macos/linux. They largely all use the same commands with slight variations, such as home directory, and command arguments. It is a larger commit than I'd like, but all three file changes do go together. globals.ts: - Removes the need to create separate vars for windows vs everything else. Determine the differences in globals and send 1 var. - Determine OS here so we can set root to home path. No longer needed in commitFile.ts commands.ts: - Squash windows/macOS/linux into a single command array. - Introduce platform and root to differ commands/paths - Remove unnecessary commands like mv as cp can accomplish this - Make commands/arguments conditional - Add helper function to convert linux paths to windows paths - This really helps with mkdir as Windows can natively create multi-leveled directory structures when correct paths are used: `\` commitFile.ts: - Moved existsSync, os and isCodespace to globals.ts - Replaced mac/windowsCommands w/ genearlCommands - Simplified gitCommands condition - Added informs - Added try catch to "for loop" of commands. I may just be missing it, but the If (stderr) block didn't seem to be activating. The app would die after stating the error. - Whitelist function for known error responses like this folder alredy exists and can't delete a folder that doesn't exists. The whitelist function feels hacky, so I welcome any thoughts on it. * feat: ✨ ISSUE-61 PR comments This commit contains the recommended changes from Nick. 1. globals consolidates all OS types to a common cwd under destdir 2. The commands.ts file consolidates all commands into a single list 3. Backticks are used in string block. Also introduces user specified temp directory. It turns out I don't have a ~/Desktop thanks to OneDrive. ISSUE-61
NickLiffen · May 10, 2022 · c32bab9 · c32bab9
1 parent 22ddf32
commit c32bab9
Show file tree

Hide file tree

Showing 9 changed files with 491 additions and 856 deletions.
diff --git a/.env.sample b/.env.sample
@@ -17,7 +17,7 @@ GITHUB_API_TOKEN=
 
 ### OPTIONAL ###
 
-# Set one of the GITHUB_ENTERPRISE or GITHUB_ORG variables. 
+# Set one of the GITHUB_ENTERPRISE or GITHUB_ORG variables.
 GITHUB_ENTERPRISE=
 GITHUB_ORG=
 
@@ -35,4 +35,7 @@ DEBUG=ghas:*
 
 # GHES Configuration
 GHES=false
-GHES_SERVER_BASE_URL=
+GHES_SERVER_BASE_URL=
+
+# Temp working directory. This path needs to already exist and follow linux style paths. c:\ghas\tmp == ghas/tmp
+TEMP_DIR=
diff --git a/.gitignore b/.gitignore
@@ -78,6 +78,10 @@ web_modules/
 .env
 .env.test
 
+# privacy
+bin/repos.json
+bin/organizations.json
+
 # parcel-bundler cache (https://parceljs.org/)
 .cache
 .parcel-cache

diff --git a/README.md b/README.md
@@ -19,8 +19,8 @@ There are two main actions this tool does:
 Goes and collects repositories that will have Code Scanning(CodeQL)/Secret Scanning/Dependabot Alerts/Dependabot Security Updates enabled. There are three main ways these repositories are collected.
 
 - Collect the repositories where the primary language matches a specific value. For example, if you provide JavaScript, all repositories will be collected where the primary language is, Javascript.
-- Collect the repositories to which a user (PAT) has administrative access, or a GitHub App has access.
-- Manually create `repos.json`.
+- Collect the repositories to which a user has administrative access, or a GitHub App has access.
+- Manually create `repos.json` or rename `repos-sample.json` -> `repos.json` in the bin folder.
 
 If you select option 1, the script will return all repositories in the language you specify (which you have access to). The repositories collected from this script are then stored within a `repos.json` file. If you specify option 2, the script will return all repositories you are an administrator over. The third option is to define the `repos.json` manually. We don't recommend this, but it's possible. If you want to go down this path, first run one of the above options for collecting repository information automatically, look at the structure, and build your fine of the laid out format.
 
@@ -93,7 +93,7 @@ mv .env.sample .env
 
 11. If you are enabling Code Scanning (CodeQL), check the `codeql-analysis.yml` file. This is a sample file; please configure this file to suit your repositories needs.
 
-12. Run `yarn add` or `npm install`, which will install the necessary dependencies.
+12. Run `yarn install` or `npm install`, which will install the necessary dependencies.
 
 13. Run `yarn run build` or `npm run build`, which will create the JavaScript bundle from TypeScript.
 

diff --git a/bin/repos.json → bin/repos-sample.json b/bin/repos.json → bin/repos-sample.json
diff --git a/bin/workflows/codeql-analysis-java.yml b/bin/workflows/codeql-analysis-java.yml
@@ -0,0 +1,67 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+  schedule:
+    - cron: "28 5 * * 3"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["java"]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-extended
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1