add GH_TOKEN env for gh api calls (#139)

* add `GH_TOKEN` env for gh api calls * fix datahub values.yaml path * add function for parsing version string * remove spaces from last_run_datetime_str rename date -> datetime to reflect content * parsing logic for datetime input * update final print statement * alert emoji -> warning emoji Co-authored-by: Mat <[email protected]> --------- Co-authored-by: Mat <[email protected]>
ministryofjustice · Jun 4, 2024 · 56e62b2 · 56e62b2
1 parent 357454e
commit 56e62b2
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 11 deletions.
diff --git a/.github/workflows/security-alerts.yml b/.github/workflows/security-alerts.yml
@@ -13,11 +13,15 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Fetch security advisories
+        env: 
+          GH_TOKEN: ${{ github.token }}
         run: |
           gh api -H "Accept: application/vnd.github+json" /repos/datahub-project/datahub/security-advisories > advisories.json
-
+          
       - name: Get last run date for this Action
         id: get_last_run_date
+        env: 
+            GH_TOKEN: ${{ github.token }}
         run: |
           LAST_RUN_DATE=$(gh api \
           -H "Accept: application/vnd.github+json" \
@@ -32,7 +36,7 @@ jobs:
       - name: Read current version from values.yaml
         id: read_current_version
         run: |
-          CURRENT_VERSION=$(python -c "import yaml; print(yaml.safe_load(open('helm_deploy/values.yaml'))['global']['datahub']['version'])")
+          CURRENT_VERSION=$(python -c "import yaml; print(yaml.safe_load(open('helm_deploy/values-base.yaml'))['global']['datahub']['version'])")
           echo "current_version=${CURRENT_VERSION}" >> "${GITHUB_OUTPUT}"
 
       - name: Set up Python

diff --git a/scripts/filter_advisories.py b/scripts/filter_advisories.py
@@ -18,6 +18,14 @@ def read_advisories(filename: str) -> List[Dict[str, Any]]:
         return json.load(f)
 
 
+def parse_version_string(version_string: str) -> semantic_version.Version:
+    """Parse semanatic version from provided version string"""
+    version_str: str = re.sub(r".?v\s?(\d[.])", r"\1", version_string).strip()
+    version = semantic_version.Version(version_str)
+
+    return version
+
+
 class ValidationError(Exception):
     def __init__(self, msg):
         self.msg = msg
@@ -84,7 +92,7 @@ def advisory_to_slack_block(advisory) -> tuple[dict[str, Any], bool]:
     severity = advisory["severity"]
     high_severity = False
     if severity in ["high", "critical"]:
-        severity = f":alert: *{severity}* :alert:"
+        severity = f":warning: *{severity}* :warning:"
         high_severity = True
     return {
         "type": "section",
@@ -132,14 +140,16 @@ def main():
     advisories = read_advisories("advisories.json")
 
     # Define the current version to compare against
-    # Set default last run date to the year 2000 if not provided
-    if len(sys.argv) < 3:
-        last_run_date_str = "2000-01-01T00:00:00Z"
+    # Set default last run date to the year 2000 if not provided or is blank
+    if (len(sys.argv) < 3) or (not sys.argv[2].strip()):
+        last_run_datetime_str = "2000-01-01T00:00:00Z"
     else:
-        last_run_date_str: str = sys.argv[2]
-    current_version_str: str = re.sub(r"v(\d[.])", r"\1", sys.argv[1])
-    current_version = semantic_version.Version(current_version_str)
-    last_run_date: datetime = datetime.fromisoformat(last_run_date_str)
+        last_run_datetime_str: str = sys.argv[2].strip()
+
+    current_version_str: str = sys.argv[1]
+    current_version = parse_version_string(current_version_str)
+
+    last_run_date: datetime = datetime.fromisoformat(last_run_datetime_str)
 
     if not current_version:
         print(f"Invalid current version: {current_version_str}")
@@ -154,7 +164,7 @@ def main():
         json.dump(output, f, indent=2)
 
     # Output the number of found advisories for GitHub Actions
-    print(f"::set-output name=found_advisories::{len(filtered_advisories)}")
+    print(f"{len(filtered_advisories)} advisories found")
 
 
 if __name__ == "__main__":

diff --git a/tests/test_filter_advisories.py b/tests/test_filter_advisories.py
@@ -9,6 +9,7 @@
     advisory_to_slack_block,
     filter_advisories,
     format_slack_output,
+    parse_version_string,
     parse_vulnerabilities,
 )
 
@@ -238,3 +239,34 @@ def test_format_slack_output(
                 f"*ID:* {filtered_advisory_ids[0]}"
                 in result["blocks"][0]["text"]["text"]
             )
+
+
+@pytest.mark.parametrize(
+    "version_input,expected_version",
+    [
+        ("v0.10.1", semantic_version.Version("0.10.1")),
+        (" v0.10.1", semantic_version.Version("0.10.1")),
+        (" v0.10.1 ", semantic_version.Version("0.10.1")),
+        (" v 0.10.1 ", semantic_version.Version("0.10.1")),
+    ],
+)
+def test_parse_version_string(version_input, expected_version):
+    out_version = parse_version_string(version_input)
+
+    assert out_version == expected_version
+
+
+@pytest.mark.parametrize(
+    "version_input,expected_fail",
+    [
+        ("v0.10.1", False),
+        (" version0.10.1", True),
+        (" ver 0.10.1 ", True),
+    ],
+)
+def test_parse_version_fail(version_input, expected_fail):
+    if expected_fail:
+        with pytest.raises(ValueError):
+            parse_version_string(version_input)
+    else:
+        assert parse_version_string(version_input)