surface-security · bogdanoniga · May 15, 2023 · May 15, 2023 · May 15, 2023 · May 15, 2023
@@ -4,9 +4,9 @@
 
 name: publish
 
-on: workflow_dispatch
-  # release:
-  #   types: [created]
+on:
+  release:
+    types: [created]
 
 jobs:
   deploy:

@@ -1,14 +1,10 @@
-# This workflow will installs Python dependencies, run tests and lint with a variety of Python versions
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
-# This workflow should be changed according to the project's needs.
-
 name: tests
 
-on: workflow_dispatch
-  # pull_request:
-  #   branches:
-  #     - main
-  #     - develop
+on:
+  pull_request:
+    branches:
+      - main
+      - develop
 
 jobs:
   style:
@@ -24,6 +20,21 @@ jobs:
     - name: Style check
       run : tox -e style
 
+  migrations:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python 3.11
+      uses: actions/setup-python@v3
+      with:
+        python-version: 3.11
+    - name: dependencies
+      working-directory: testapp
+      run: pip install -r requirements.txt
+    - name: migration checks
+      working-directory: testapp
+      run : ./manage.py makemigrations --check
+
   test:
     runs-on: ubuntu-latest
     strategy:

@@ -143,4 +143,4 @@ cython_debug/
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-.idea/
+.idea/
@@ -0,0 +1,2 @@
+include README.md
+include LICENSE
@@ -0,0 +1,22 @@
+.PHONY: style
+style:
+	black --target-version=py311 \
+	      --line-length=120 \
+		  --skip-string-normalization \
+		  django_github testapp setup.py
+
+.PHONY: style_check
+style_check:
+	black --target-version=py311 \
+	      --line-length=120 \
+		  --skip-string-normalization \
+		  --check \
+		  django_github testapp setup.py
+
+test:
+	testapp/manage.py test $${TEST_ARGS:-tests}
+
+coverage:
+	PYTHONPATH="testapp" \
+		python -b -W always -m coverage run testapp/manage.py test $${TEST_ARGS:-tests}
+	coverage report
@@ -1,15 +1,34 @@
-# Django App
+# Django Github
 
-This template should be used for Django Applications open sourced under the Surface Security context and organization.
+Ingest Github organisation and repositories data.
 
-This template contains some sample workflows, as well as a typical structure of these type of repositories, following companion documentation to help you set it up and get started.
+## Integration
+The integration utilises Github App to authenticate against Github and extends the `inventory.Integration` model with Github specific fields such as `app_id`, `app_installation_id` and `organisation`. 
 
-# Usage
+## Actions
+The following Integration actions are available in this application:
+- `Users` - Ingests organisation users and teams;
+- `Repositories` - Ingests organisation repositories;
+- `Codeowners` - Extracts repository owners managed in [CODEOWNERS](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners) file;
+- `Findings` - Ingests Github Advance Security vulnerabilities.
 
-READMEs should have extensive and detailed descriptions of how the app should be used, ideally followed with screenshots and/or videos demonstrating the purpose of the app and or service offered.
+## Commands
+> ./manage.py github_organisation_resync
+> ./manage.py github_repositories_resync
 
-This section should cover everything related to **the end user**, from installing, to descriminate configuration variables users can tweak (if applicable).
+## Usage
+Add `django_github` to `INSTALLED_APPS` in your `settings.py`.
 
-# Contributing
+To adjust the django application dependencies add the following in settings and modify per project's needs:
+```
+DJANGO_GITHUB_MIGRATIONS_DEPENDENCIES = {
+    '0001_initial': [
+        ('inventory', '0001_initial'),
+    ]
+}
+```
 
-READMEs should also provide instructions on how to contribute. How to install a development environment, how to run tests, and so on.
+The default migration dependency is:
+```
+('inventory', '0001_initial'),
+```
@@ -0,0 +1 @@
+__version__ = '0.0.1'
@@ -0,0 +1,118 @@
+from django.contrib import admin
+from django_github import models
+
+
+@admin.register(models.GithubIntegration)
+class IntegrationAdmin(admin.ModelAdmin):
+    list_display = ('name', 'organisation', 'description', '_actions', 'enabled')
+    search_fields = ('name', 'description')
+    exclude = ('content_source',)
+
+    def _actions(self, obj):
+        return ', '.join(obj.actions)
+
+    _actions.short_description = 'Actions'
+
+
+@admin.register(models.GithubRepository)
+class GithubRepositoryAdmin(admin.ModelAdmin):
+    list_display = ('name', 'active', 'url', 'type', 'scan_required', 'sca', 'sast', 'sts', 'integration', 'last_seen')
+    search_fields = ('name', 'url')
+    list_filter = (
+        'active',
+        'type',
+        'scan_required',
+        'sca',
+        'sast',
+        'sts',
+        ('integration', admin.RelatedOnlyFieldListFilter),
+    )
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+
+@admin.register(models.GithubUser)
+class GithubUserAdmin(admin.ModelAdmin):
+    list_display = ('id', 'name', 'email')
+    search_fields = ('name', 'email')
+    readonly_fields = ('id', 'name', 'email')
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+
+@admin.register(models.GithubTeam)
+class GithubTeamAdmin(admin.ModelAdmin):
+    list_display = ('id', 'name')
+    search_fields = ('name',)
+    readonly_fields = ('id', 'name', 'members')
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+
+@admin.register(models.DependencyFinding)
+class DependencyFindingAdmin(admin.ModelAdmin):
+    list_display = ('number', 'repository', 'state', 'dismissed_reason', 'dismissed_comment', 'url')
+    search_fields = ('identifiers', 'repository', 'dismissed_reason', 'dismissed_comment')
+    list_filter = ('apps', 'integration', 'repository', 'severity', 'state', 'first_seen', 'last_seen_date')
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+
+@admin.register(models.CodeFinding)
+class CodeFindingAdmin(admin.ModelAdmin):
+    list_display = ('number', 'repository', 'state', 'dismissed_reason', 'dismissed_comment', 'url')
+    search_fields = ('repository', 'dismissed_reason', 'dismissed_comment')
+    list_filter = ('apps', 'integration', 'repository', 'severity', 'state', 'first_seen', 'last_seen_date')
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+
+@admin.register(models.SecretFinding)
+class SecretFindingAdmin(admin.ModelAdmin):
+    list_display = (
+        'number',
+        'repository',
+        'state',
+        'secret',
+        'resolution',
+        'push_protection_bypassed',
+        'push_protection_comment',
+        'url',
+    )
+    search_fields = ('repository', 'resolution', 'push_protection_bypassed', 'push_protection_comment')
+    list_filter = (
+        'apps',
+        'integration',
+        'repository',
+        'severity',
+        'state',
+        'push_protection_bypassed',
+        'first_seen',
+        'last_seen_date',
+    )
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class DjangoGithubConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'django_github'