From ff36bc3635d0e64e04bdf9b1e87c587d1cfceff9 Mon Sep 17 00:00:00 2001 From: Eric Bickle Date: Tue, 22 Feb 2022 12:18:36 -0800 Subject: [PATCH 1/4] Raise unhandled SnykHTTPErrors in import_manifest --- app/utils/snyk_helper.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/utils/snyk_helper.py b/app/utils/snyk_helper.py index 2ef4a65..9851b77 100644 --- a/app/utils/snyk_helper.py +++ b/app/utils/snyk_helper.py @@ -195,6 +195,8 @@ def import_manifests(org_id, repo_full_name, integration_id, files=[]) -> Import except snyk.errors.SnykHTTPError as err_retry: print(f"Still failed after retry with {str(err_retry.code)}!") raise + else: + raise return ImportStatus(re.search('org/.+/integrations/.+/import/(.+)', response.headers['Location']).group(1), response.headers['Location'], From 9bf0b20e2a2dba930ce90db9ba8772eaf92c5e5c Mon Sep 17 00:00:00 2001 From: Scott Esbrandt Date: Sat, 12 Mar 2022 00:53:26 -0500 Subject: [PATCH 2/4] chore: remove unwanted print statement --- app/utils/snyk_helper.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/utils/snyk_helper.py b/app/utils/snyk_helper.py index 2a33390..6315d83 100644 --- a/app/utils/snyk_helper.py +++ b/app/utils/snyk_helper.py @@ -44,7 +44,7 @@ def get_snyk_repos_from_snyk_orgs(snyk_orgs, ARGS): if num_projects > 0: curr_repo_name = snyk_projects[0]["repo_full_name"] - print(f"curr repo name: {curr_repo_name}") + # print(f"curr repo name: {curr_repo_name}") for (i, project) in enumerate(snyk_projects): #if i == num_projects-1: @@ -76,7 +76,7 @@ def get_snyk_repos_from_snyk_orgs(snyk_orgs, ARGS): # print(f"setting repo_projects to: {repo_projects}") if i == num_projects-1: - print("encountered last project") + # print("encountered last project") snyk_repos.append( SnykRepo(snyk_projects[i]["repo_full_name"], snyk_projects[i]["org_id"], From 16795d951a7652c96e13ce7c814d36ffe0b2b1e3 Mon Sep 17 00:00:00 2001 From: Scott Esbrandt Date: Sat, 12 Mar 2022 10:06:33 -0500 Subject: [PATCH 3/4] docs: using snyk GHE integration with GH cloud --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 3300aee..3bb8076 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,12 @@ If GITHUB_TOKEN is set, your Github.com repos will processed If GITHUB_ENTERPRISE_TOKEN and GITHUB_ENTERPRISE_HOST are BOTH set, your Github Enterprise Server repos will be processed +
+:information_source: +If using the Snyk Github Enterprise Integration type for your Github.com repositories, then set GITHUB_ENTERPRISE_HOST=api.github.com +
+
+ ## Instructions Make sure to use a user *API Token* that has acess to the Snyk Orgs you need to process with the script. A service account will *not* work for GitHub, which is the only SCM currently supported at this time. From 29ad2393891b9b9dc16882b4ecc685d0eab2f62f Mon Sep 17 00:00:00 2001 From: Scott Esbrandt Date: Sun, 20 Mar 2022 01:32:22 -0400 Subject: [PATCH 4/4] fix: handle errors gracefully when requesting repo status from github --- .pylintrc | 581 +++++++++++++++++++++++++++++ app/app.py | 33 +- app/gh_repo.py | 40 +- app/models.py | 18 +- app/tests/test_snyk_scm_refresh.py | 37 +- 5 files changed, 659 insertions(+), 50 deletions(-) create mode 100644 .pylintrc diff --git a/.pylintrc b/.pylintrc new file mode 100644 index 0000000..4c138a7 --- /dev/null +++ b/.pylintrc @@ -0,0 +1,581 @@ +[MASTER] + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. +extension-pkg-whitelist= + +# Add files or directories to the blacklist. They should be base names, not +# paths. +ignore=CVS + +# Add files or directories matching the regex patterns to the blacklist. The +# regex matches against base names, not paths. +ignore-patterns=test_ + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use. +jobs=1 + +# Control the amount of potential inferred values when inferring a single +# object. This can help the performance when dealing with large functions or +# complex, nested conditions. +limit-inference-results=100 + +# List of plugins (as comma separated values of python module names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# Specify a configuration file. +#rcfile= + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED. +confidence= + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once). You can also use "--disable=all" to +# disable everything first and then reenable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use "--disable=all --enable=classes +# --disable=W". +disable=print-statement, + parameter-unpacking, + unpacking-in-except, + old-raise-syntax, + backtick, + long-suffix, + old-ne-operator, + old-octal-literal, + import-star-module-level, + non-ascii-bytes-literal, + raw-checker-failed, + bad-inline-option, + locally-disabled, + file-ignored, + suppressed-message, + useless-suppression, + deprecated-pragma, + use-symbolic-message-instead, + apply-builtin, + basestring-builtin, + buffer-builtin, + cmp-builtin, + coerce-builtin, + execfile-builtin, + file-builtin, + long-builtin, + raw_input-builtin, + reduce-builtin, + standarderror-builtin, + unicode-builtin, + xrange-builtin, + coerce-method, + delslice-method, + getslice-method, + setslice-method, + no-absolute-import, + old-division, + dict-iter-method, + dict-view-method, + next-method-called, + metaclass-assignment, + indexing-exception, + raising-string, + reload-builtin, + oct-method, + hex-method, + nonzero-method, + cmp-method, + input-builtin, + round-builtin, + intern-builtin, + unichr-builtin, + map-builtin-not-iterating, + zip-builtin-not-iterating, + range-builtin-not-iterating, + filter-builtin-not-iterating, + using-cmp-argument, + eq-without-hash, + div-method, + idiv-method, + rdiv-method, + exception-message-attribute, + invalid-str-codec, + sys-max-int, + bad-python3-import, + deprecated-string-function, + deprecated-str-translate-call, + deprecated-itertools-function, + deprecated-types-field, + next-method-defined, + dict-items-not-iterating, + dict-keys-not-iterating, + dict-values-not-iterating, + deprecated-operator-function, + deprecated-urllib-function, + xreadlines-attribute, + deprecated-sys-function, + exception-escape, + comprehension-escape + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable=c-extension-no-member + + +[REPORTS] + +# Python expression which should return a score less than or equal to 10. You +# have access to the variables 'error', 'warning', 'refactor', and 'convention' +# which contain the number of messages in each category, as well as 'statement' +# which is the total number of statements analyzed. This score is used by the +# global evaluation report (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details. +#msg-template= + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio). You can also give a reporter class, e.g. +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Tells whether to display a full report or only the messages. +reports=no + +# Activate the evaluation score. +score=yes + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit + + +[LOGGING] + +# Format style used to check logging format string. `old` means using % +# formatting, `new` is for `{}` formatting,and `fstr` is for f-strings. +logging-format-style=fstr + +# Logging modules to check that the string format arguments are in logging +# function parameter format. +logging-modules=logging + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=4 + +# Spelling dictionary name. Available dictionaries: none. To make it work, +# install the python-enchant package. +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains the private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to the private dictionary (see the +# --spelling-private-dict-file option) instead of raising a message. +spelling-store-unknown-words=no + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis). It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + +# List of decorators that change the signature of a decorated function. +signature-mutators= + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expected to +# not be used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore. +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=100 + +# Maximum number of lines in a module. +max-module-lines=1000 + +# List of optional constructs for which whitespace checking is disabled. `dict- +# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}. +# `trailing-comma` allows a space between comma and closing bracket: (a, ). +# `empty-line` allows space-only lines. +no-space-check=trailing-comma, + dict-separator + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[SIMILARITIES] + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=no + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[BASIC] + +# Naming style matching correct argument names. +argument-naming-style=snake_case + +# Regular expression matching correct argument names. Overrides argument- +# naming-style. +#argument-rgx= + +# Naming style matching correct attribute names. +attr-naming-style=snake_case + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style. +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma. +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style. +#class-attribute-rgx= + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming- +# style. +#class-rgx= + +# Naming style matching correct constant names. +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names. Overrides const-naming- +# style. +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names. +function-naming-style=snake_case + +# Regular expression matching correct function names. Overrides function- +# naming-style. +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma. +good-names=i, + j, + k, + ex, + Run, + _ + +# Include a hint for the correct naming format with invalid-name. +include-naming-hint=no + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style. +#inlinevar-rgx= + +# Naming style matching correct method names. +method-naming-style=snake_case + +# Regular expression matching correct method names. Overrides method-naming- +# style. +#method-rgx= + +# Naming style matching correct module names. +module-naming-style=snake_case + +# Regular expression matching correct module names. Overrides module-naming- +# style. +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +# These decorators are taken in consideration only for invalid-name. +property-classes=abc.abstractproperty + +# Naming style matching correct variable names. +variable-naming-style=snake_case + +# Regular expression matching correct variable names. Overrides variable- +# naming-style. +#variable-rgx= + + +[STRING] + +# This flag controls whether the implicit-str-concat-in-sequence should +# generate a warning on implicit string concatenation in sequences defined over +# several lines. +check-str-concat-over-line-jumps=no + + +[IMPORTS] + +# List of modules that can be imported at any level, not just the top level +# one. +allow-any-import-level= + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Deprecated modules which should not be used, separated by a comma. +deprecated-modules=optparse,tkinter.tix + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled). +ext-import-graph= + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled). +import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled). +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + +# Couples of modules and preferred modules, separated by a comma. +preferred-modules= + + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp, + __post_init__ + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict, + _fields, + _replace, + _source, + _make + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=cls + + +[DESIGN] + +# Maximum number of arguments for function / method. +max-args=5 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr=5 + +# Maximum number of branch for function / method body. +max-branches=12 + +# Maximum number of locals for function / method body. +max-locals=15 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body. +max-returns=6 + +# Maximum number of statements in function / method body. +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "BaseException, Exception". +overgeneral-exceptions=BaseException, + Exception diff --git a/app/app.py b/app/app.py index d6671ec..682b7cc 100755 --- a/app/app.py +++ b/app/app.py @@ -67,31 +67,31 @@ def run(): app_print(snyk_repo.org_name, snyk_repo.full_name, - f"Github Status {gh_repo_status['response_code']}" \ - f"({gh_repo_status['response_message']}) [{snyk_repo.origin}]") + f"Github Status {gh_repo_status.response_code}" \ + f"({gh_repo_status.response_message}) [{snyk_repo.origin}]") #if snyk_repo does not still exist (removed/404), then log and skip to next repo - if gh_repo_status["response_code"] == 404: # project no longer exists + if gh_repo_status.response_code == 404: # project no longer exists log_potential_delete(snyk_repo.org_name, snyk_repo.full_name) - elif gh_repo_status["response_code"] == 200: # project exists and has not been renamed + elif gh_repo_status.response_code == 200: # project exists and has not been renamed # snyk has the wrong branch, re-import - if gh_repo_status["repo_default_branch"] != snyk_repo.branch: + if gh_repo_status.repo_default_branch != snyk_repo.branch: app_print(snyk_repo.org_name, snyk_repo.full_name, f"Default branch name changed from {snyk_repo.branch}" \ - f" -> {gh_repo_status['repo_default_branch']}") + f" -> {gh_repo_status.repo_default_branch}") app_print(snyk_repo.org_name, snyk_repo.full_name, "Checking if existing default branch was just renamed?") try: if snyk_repo.origin == "github": is_default_renamed = is_default_branch_renamed( - snyk_repo, gh_repo_status["repo_default_branch"], + snyk_repo, gh_repo_status.repo_default_branch, common.GITHUB_TOKEN) elif snyk_repo.origin == "github-enterprise": is_default_renamed = is_default_branch_renamed( - snyk_repo, gh_repo_status["repo_default_branch"], + snyk_repo, gh_repo_status.repo_default_branch, common.GITHUB_ENTERPRISE_TOKEN, True) @@ -103,14 +103,14 @@ def run(): snyk_repo.full_name, "It's a different branch, update snyk projects...") updated_projects = snyk_repo.update_branch( - gh_repo_status['repo_default_branch'], + gh_repo_status.repo_default_branch, common.ARGS.dry_run) for project in updated_projects: if not common.ARGS.dry_run: app_print(snyk_repo.org_name, snyk_repo.full_name, f"Monitored branch set to " \ - f"{gh_repo_status['repo_default_branch']} " \ + f"{gh_repo_status.repo_default_branch} " \ f"for: {project['manifest']}") else: app_print(snyk_repo.org_name, @@ -158,20 +158,20 @@ def run(): # if snyk_repo has been moved/renamed (301), then re-import the entire repo # with the new name and remove the old one (make optional) - elif gh_repo_status["response_code"] == 301: + elif gh_repo_status.response_code == 301: app_print(snyk_repo.org_name, snyk_repo.full_name, - f"Repo has moved to {gh_repo_status['repo_full_name']}, submitting import...") + f"Repo has moved to {gh_repo_status.repo_full_name}, submitting import...") if not common.ARGS.dry_run: repo_import_status = import_manifests(snyk_repo.org_id, - gh_repo_status['repo_full_name'], + gh_repo_status.repo_full_name, snyk_repo.integration_id) # build list of projects to delete with old name # only when the repo with new name has been imported repo_projects = snyk_repo.get_projects() # pylint: disable=unused-variable for (j, repo_project) in enumerate(repo_projects): - repo_projects[j]["pending_repo"] = gh_repo_status["repo_full_name"] + repo_projects[j]["pending_repo"] = gh_repo_status.repo_full_name repo_import_status.pending_project_deletes = repo_projects import_status_checks.append(repo_import_status) @@ -180,6 +180,11 @@ def run(): snyk_repo.full_name, "Would import repo (all targets) under new name") + else: + app_print(snyk_repo.org_name, + snyk_repo.full_name, + f"Skipping due to invalid response") + time.sleep(1) process_import_status_checks(import_status_checks) diff --git a/app/gh_repo.py b/app/gh_repo.py index 2830045..5c53593 100755 --- a/app/gh_repo.py +++ b/app/gh_repo.py @@ -1,6 +1,8 @@ """utilities for github""" +import logging import re import requests +from app.models import GithubRepoStatus import common def get_repo_manifests(snyk_repo_name, origin, skip_snyk_code): @@ -57,13 +59,15 @@ def passes_manifest_filter(path, skip_snyk_code=False): return passes_filter def get_gh_repo_status(snyk_gh_repo): + # pylint: disable=too-many-branches """detect if repo still exists, has been removed, or renamed""" repo_owner = snyk_gh_repo.full_name.split("/")[0] repo_name = snyk_gh_repo.full_name.split("/")[1] response_message = "" + response_status_code = "" repo_default_branch = "" - # print(f'snyk_gh_repo origin: {snyk_gh_repo.origin}') + # logging.debug(f"snyk_gh_repo origin: {snyk_gh_repo.origin}") if snyk_gh_repo.origin == "github": github_token = common.GITHUB_TOKEN @@ -82,8 +86,10 @@ def get_gh_repo_status(snyk_gh_repo): f"/api/v3/repos/{snyk_gh_repo['full_name']}" try: response = requests.get(url=request_url, allow_redirects=False, headers=headers) - # print("response_code: %d" % response.status_code) - # print(f"response default branch -> {response.json()['default_branch']}") + # logging.debug("response_code: %d" % response.status_code) + # logging.debug(f"response default branch -> {response.json()['default_branch']}") + + response_status_code = response.status_code if response.status_code == 200: response_message = "Match" @@ -109,19 +115,23 @@ def get_gh_repo_status(snyk_gh_repo): response_message = f"Moved to {repo_name}" - repo_status = { - "response_code": response.status_code, - "response_message": response_message, - "repo_name": repo_name, - "snyk_org_id": snyk_gh_repo["org_id"], - "repo_owner": repo_owner, - "repo_full_name": f"{repo_owner}/{repo_name}", - "repo_default_branch": repo_default_branch - } - except requests.exceptions.RequestException as err: - repo_status = err.response - + # make sure it gets logged in log file when in debug mode + logging.debug(f"{err}") + + response_status_code = "ERROR" + response_message = f"{err}" + + finally: + repo_status = GithubRepoStatus( + response_status_code, + response_message, + repo_name, + snyk_gh_repo["org_id"], + repo_owner, + f"{repo_owner}/{repo_name}", + repo_default_branch + ) return repo_status def is_default_branch_renamed(snyk_gh_repo, new_branch, github_token, github_enterprise=False): diff --git a/app/models.py b/app/models.py index f6ecabb..5daaa6e 100644 --- a/app/models.py +++ b/app/models.py @@ -4,12 +4,12 @@ @dataclass class ImportFile: - """type definition for files being imported""" + """File being imported""" path: str @dataclass class PendingDelete: - """type definition for projects needing deletion""" + """Projects needing deletion""" project_id: str project_name: str org_id: str @@ -18,7 +18,7 @@ class PendingDelete: @dataclass class ImportStatus: - """type definition for import job response""" + """Import job response""" # pylint: disable=too-many-instance-attributes import_job_id: str import_status_url: str @@ -28,3 +28,15 @@ class ImportStatus: repo_name: str files: List[ImportFile] pending_project_deletes: List[PendingDelete] + +@dataclass +class GithubRepoStatus: + """Status of a Github repository""" + response_code: str + response_message: str + repo_name: str + org_id: str + repo_owner: str + repo_full_name: str + repo_default_branch: str + \ No newline at end of file diff --git a/app/tests/test_snyk_scm_refresh.py b/app/tests/test_snyk_scm_refresh.py index e76c7b2..71e8a5e 100644 --- a/app/tests/test_snyk_scm_refresh.py +++ b/app/tests/test_snyk_scm_refresh.py @@ -4,6 +4,7 @@ from snyk.models import Project import common from app.snyk_repo import SnykRepo +from app.models import GithubRepoStatus from app.gh_repo import ( get_gh_repo_status, @@ -47,15 +48,15 @@ def test_get_gh_repo_status_github(mocker, status_code, response_message, repo, [] ) - repo_status = { - "response_code": status_code, - "response_message": response_message, - "repo_name": snyk_repo_github["full_name"].split("/")[1], - "snyk_org_id": snyk_repo_github["org_id"], - "repo_owner": snyk_repo_github["full_name"].split("/")[0], - "repo_full_name": snyk_repo_github["full_name"], - "repo_default_branch": default_branch - } + repo_status = GithubRepoStatus( + status_code, + response_message, + snyk_repo_github["full_name"].split("/")[1], + snyk_repo_github["org_id"], + snyk_repo_github["full_name"].split("/")[0], + snyk_repo_github["full_name"], + default_branch + ) assert get_gh_repo_status(snyk_repo_github) == repo_status @@ -85,15 +86,15 @@ def test_get_gh_repo_status_github_enterprise_cloud(mocker, status_code, respons [] ) - repo_status = { - "response_code": status_code, - "response_message": response_message, - "repo_name": snyk_repo_github_enterprise["full_name"].split("/")[1], - "snyk_org_id": snyk_repo_github_enterprise["org_id"], - "repo_owner": snyk_repo_github_enterprise["full_name"].split("/")[0], - "repo_full_name": snyk_repo_github_enterprise["full_name"], - "repo_default_branch": default_branch - } + repo_status = GithubRepoStatus( + status_code, + response_message, + snyk_repo_github_enterprise["full_name"].split("/")[1], + snyk_repo_github_enterprise["org_id"], + snyk_repo_github_enterprise["full_name"].split("/")[0], + snyk_repo_github_enterprise["full_name"], + default_branch + ) assert get_gh_repo_status(snyk_repo_github_enterprise) == repo_status