Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit application installations #27

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Audit application installations #27

wants to merge 5 commits into from

Conversation

tarkatronic
Copy link
Contributor

@tarkatronic tarkatronic commented Feb 23, 2021

Fixes #23

Not only is this the first venture into using the REST API for a loader... it's also my first venture into mocking/testing an http(s) call! Hooray!

Implemented so far:

  • Loader
  • Loader tests
  • Checker
  • Checker tests
  • (Optional?) Fixer
  • (Optional?) Fixer tests
  • Documentation
  • Updated example.toml
  • ChangeLog entry

@codecov
Copy link

codecov bot commented Feb 23, 2021

Codecov Report

Merging #27 (c684dd9) into main (693968c) will increase coverage by 10.49%.
The diff coverage is 100.00%.

Impacted file tree graph

@@             Coverage Diff             @@
##             main      #27       +/-   ##
===========================================
+ Coverage   26.04%   36.53%   +10.49%     
===========================================
  Files           4        4               
  Lines          96      104        +8     
  Branches       13       13               
===========================================
+ Hits           25       38       +13     
+ Misses         71       66        -5     
Impacted Files Coverage Δ
src/lib/typedefs.js 100.00% <ø> (ø)
src/lib/loaders.js 27.65% <100.00%> (+27.65%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 693968c...c684dd9. Read the comment docs.

```

Both of the above are wholly equivalent; it's simply a matter of preference
which way you would like to specify them.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for folks that might not be so intimately familiar with toml, I'd recommend giving an example of how you might define multiple applications

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm, that's a good call. I do have a link to the TOML documentation which does have examples, but it's likely people won't click through. I also want to avoid making this document into a TOML tutorial, or too long. I think I'll add a second application to the example.toml.

Comment on lines +140 to +142
appId = 42
appSlug = "infinite-improbability-drive"
repositorySelection = "selected"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as a consumer of this library, where do I find the values to use for these?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm yeah good question. The app id and slug I was only able to find after actually querying our org. I honestly don't know of a better way to find them, so that may have to be our recommendation for now: run the tool and plug the data into your config. Which gives me a great idea for a future feature: orglinter --generate-config It could query the org and produce a valid config file based on its current state.

Oh as for the repositorySelection I can document that "selected" and "all" are the only values. I think. I haven't been able to find solid documentation on that either. The REST API docs are terrible!

@@ -94,12 +95,39 @@ async function retrieveOrgInfo(orgName, token) {
// eslint-disable-next-line id-length
requiresTwoFactorAuthentication: organization.requiresTwoFactorAuthentication,
twitterUsername: organization.twitterUsername,
websiteUrl: organization.websiteUrl
websiteUrl: organization.websiteUrl,
applications: await retrieveOrgApplications(orgName, token)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO don't do inline awaits like this in object construction.

Also, given #26, you might start to think about how the different rulesets will need to define which information they'll need to function, how to make sure you're only running each data-fetch once, and how the data gets provided to the different rules.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not an inline await? Is that more of a preference/style thing, or for technical reasons?

As far as #26 though yeah I should probably make this line applications: [], and move this out to a separate later line of result.applications = await .... Then later there can be something like if (config.checkApplications) result.applications = await ....

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not an inline await

There's not a technical reason, it works, but it can be hard to debug and hard to reason about imagine code like:

const stuff = {
  foo: await foo(),
  bar: await bar(),
  fizzyLiftingDrinks: fizzyLiftingDrinks(),
  fizzbuzz: await fizzbuzz()
};

it can be hard to debug if there are issues. its hard to reason about the ordering of the promises and from looking at it it looks at first glance that it might be run in parallel, but that wouldn't be the case. Is the lack of await on the fizzyLiftingDrinks intentional or a bug?

Pulling the awaits out make it easier to reason about and the order more apparent and you could force it to be parallel if you wanted.

Comment on lines +13 to +19
before(function () {
sinon.stub(console, 'log');
});

after(function () {
sinon.restore();
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO make these be beforeEach and afterEach that way you're not leaking state between tests via sinon.

before/after - before/after the scope they exist in (in this case before & after everything within the describe, i.e. these will run once).
beforeEach/afterEach - before/after each test in the scope (i.e. these will run once per test within this describe)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm yeah probably a good call. My thought here was mostly to just stop console logs from happening and since I am not actually checking these logs I only wanted just a single call as opposed to many. But I could see wanting to check the log values later on.

describe('retrieveOrgApplications', function () {
let scope;

before(async function () {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same with these, make it beforeEach/afterEach

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add the ability to audit installed GitHub apps
2 participants