Initial commit

Author: github-classroom[bot]

.github/tests/Gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# gem "rails"

.github/tests/Gemfile.lock

@@ -0,0 +1,12 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+
+PLATFORMS
+  arm64-darwin-21
+  x86_64-linux
+
+DEPENDENCIES
+
+BUNDLED WITH
+   2.3.11

.github/tests/src/script.rb

@@ -0,0 +1,83 @@
+require 'net/http'
+require 'uri'
+require 'json'
+class GithubApi
+  @@prefix = 'https://api.github.com/repos'
+
+  def initialize(repo_uri, token)
+    @repo_uri =  repo_uri
+    @token = token
+  end
+  def get(url)
+    uri = URI.parse("#{@@prefix}/#{@repo_uri}#{"/#{url}" if url != ''}")
+    request = Net::HTTP::Get.new(uri)
+    request["Accept"] = "application/vnd.github+json"
+    request["Authorization"] = "Bearer #{@token}"
+    request["X-Github-Api-Version"] = "2022-11-28"
+
+    req_options = {
+      use_ssl: uri.scheme == "https",
+    }
+
+    response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
+      http.request(request)
+    end
+  end
+
+  def branch_protected?(branch_name)
+    branches = JSON.parse(get('branches').body).select{|element| element["name"] == branch_name}
+    return "Branch with #{branch_name} doesn't exist" if branches.empty?
+    branches[0]["protected"]
+  end
+
+  def branch_exist?(branch_name)
+    !JSON.parse(get('branches').body).select{|element| element["name"] == branch_name}.empty?
+  end
+
+  def branches
+    JSON.parse(get('branches').body)
+  end
+
+  def branch(json_obj, branch_name)
+    JSON.parse(get('branches').body).select{|element| element["name"] == branch_name}
+  end
+
+  def default_branch
+    JSON.parse(get('').body)["default_branch"]
+  end
+
+  def file_branch(file_name, branch_name)
+    return nil if get("contents/#{file_name}?ref=#{branch_name}").code != '200'
+    old_uri = @@prefix
+    @@prefix =  'https://raw.githubusercontent.com'
+    result = get("#{branch_name}/#{file_name}").body
+    @@prefix = old_uri
+    result
+  end
+
+  def rules_required_pull_request_reviews(branch_name)
+    response = get("branches/#{branch_name}/protection")
+    return nil  if response.code != '200'
+    JSON.parse(response.body)["required_pull_request_reviews"]
+  end
+
+  def get_branch_ruleset(branch_name)
+    branch_ruleset = nil
+    response = get("rulesets")
+    JSON.parse(response.body).each do |ruleset|
+      id = ruleset['id']
+      details = get("rulesets/#{id}")
+      if JSON.parse(details.body)['conditions']['ref_name']['include'].any? {|elem| elem.include?(branch_name)}
+        branch_ruleset = JSON.parse(details.body)['rules']
+      end
+    end
+      branch_ruleset
+  end
+
+  def deploy_keys
+    response = get("keys")
+    return nil if response.code != '200'
+    JSON.parse(response.body)
+  end
+
+end

.github/tests/test/script_test.rb

@@ -0,0 +1,113 @@
+require 'test/unit'
+require_relative '../src/script'
+
+class ScriptTest < Test::Unit::TestCase
+
+  def setup
+    url = ENV['URL'].nil? ? '' : ENV["URL"]
+    token = ENV['TOKEN'].nil? ? '' : ENV["TOKEN"]
+    @secrets_token = ENV['SECRETS_TOKEN']
+    @obj = GithubApi.new(url, token)
+  end
+
+  def test_health_check
+    assert_not_nil(@obj.instance_variable_get('@repo_uri'), 'Url alive')
+    assert_not_nil(@obj.instance_variable_get('@token'), 'Token alive')
+  end
+  
+  def test_token_present
+    actual = @secrets_token =~ /^ghp_\w{36}$/
+    assert_not_nil(actual, "Secret with name 'PAT' with valid personal access token doesn't exist")
+  end
+
+  def test_deploy_key_present
+    response = @obj.deploy_keys
+    assert_not_nil(response, "Access denied")
+    deploy_key = response.find {|element| element['title'] == 'DEPLOY_KEY'}
+    assert_not_nil(deploy_key, "The deploy key with name 'DEPLOY_KEY' doesn't exist")
+  end
+
+  def test_main_present
+    actual = @obj.branch_exist?('main')
+    assert(actual, 'Branch main is not present')
+  end
+
+  def test_main_protected
+    actual = @obj.branch_protected?('main')
+    assert(actual, 'Branch main is not protected')
+  end
+
+  def test_develop_present
+    actual = @obj.branch_exist?('develop')
+    assert(actual, 'Branch develop is not present')
+  end
+
+  def test_develop_protected
+    actual = @obj.branch_protected?('develop')
+    assert(actual, 'Branch develop is not protected')
+  end
+
+  def test_develop_default
+    actual = @obj.default_branch
+    expected = 'develop'
+    assert_equal(expected, actual, 'Default branch isn\'t  develop')
+  end
+
+  def test_codeowners_contains_user
+    user_name = 'softservedata'
+    content = @obj.file_branch('CODEOWNERS', 'main') || @obj.file_branch('.github/CODEOWNERS', 'main') || @obj.file_branch('docs/CODEOWNERS', 'main')
+    assert_not_nil(content, 'File CODEOWNERS doesn\'t exist on main branch')
+    assert(content.include?(user_name), "User #{user_name} doesn't present in CODEOWNERS")
+  end
+
+  def test_codeowners_not_present_develop
+    content = @obj.file_branch('CODEOWNERS', 'develop')
+    assert_nil(content, 'File CODEOWNERS exist on develop branch')
+  end
+
+  def test_deny_merge_main
+    classic_rules = @obj.rules_required_pull_request_reviews('main')
+    rulesets = @obj.get_branch_ruleset('main')
+    rulesets_rules = rulesets&.find { |rule| rule['type'] == 'pull_request' }
+    assert_not_nil(classic_rules || rulesets_rules, 'We should not allow merge to main branch without PR')
+  end
+
+  def test_deny_merge_develop
+    classic_rules = @obj.rules_required_pull_request_reviews('develop')
+    rulesets = @obj.get_branch_ruleset('develop')
+    rulesets_rules = rulesets&.find { |rule| rule['type'] == 'pull_request' }
+    assert_not_nil(classic_rules || rulesets_rules, 'We should not allow merge to develop branch without PR ')
+  end
+
+  def test_2_approvals_develop
+    classic_required_approving_review_count = @obj.rules_required_pull_request_reviews('develop').nil? || @obj.rules_required_pull_request_reviews('develop')["required_approving_review_count"]
+    pull_request_rulesets_rules = @obj.get_branch_ruleset('develop')
+    rulesets_required_approving_review_count = pull_request_rulesets_rules&.find { |rule| rule['type'] == 'pull_request' }&.[]('parameters')&.[]('required_approving_review_count')
+    expected = 2
+    required_approving_review_count = classic_required_approving_review_count == expected || rulesets_required_approving_review_count == expected
+    assert_true(required_approving_review_count, 'We should have 2 approvals before merge to develop branch')
+  end
+
+  def test_without_approval_main
+    classic_required_approving_review_count = @obj.rules_required_pull_request_reviews('main').nil? || @obj.rules_required_pull_request_reviews('main')["required_approving_review_count"]
+    pull_request_rulesets_rules = @obj.get_branch_ruleset('main')
+    rulesets_required_approving_review_count = pull_request_rulesets_rules&.find { |rule| rule['type'] == 'pull_request' }&.[]('parameters')&.[]('required_approving_review_count')
+    expected = 0
+    required_approving_review_count = classic_required_approving_review_count == expected || rulesets_required_approving_review_count == expected
+    assert_true(required_approving_review_count, 'We shouldn\'t have any approvals before merge to main branch')
+  end
+
+  def test_approve_from_user
+    user_name = 'softservedata'
+    classic_require_code_owner_review = @obj.rules_required_pull_request_reviews('main')["require_code_owner_reviews"]
+    pull_request_rulesets_rules = @obj.get_branch_ruleset('main')
+    rulesets_require_code_owner_review = pull_request_rulesets_rules&.find { |rule| rule['type'] == 'pull_request' }&.[]('parameters')&.[]('require_code_owner_review')
+    assert(classic_require_code_owner_review || rulesets_require_code_owner_review, "We should not allow merge to main branch without approve from #{user_name}")
+  end
+
+  def test_PR_template_present
+    actual = @obj.file_branch('.github/pull_request_template.md', 'main')
+    assert_not_nil(actual, 'Pull request template is absent')
+  end
+
+end

.github/workflows/ruby.yml

@@ -0,0 +1,64 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# GitHub recommends pinning actions to a commit SHA.
+# To get a newer version, you will need to update the SHA.
+# You can also reference a tag or branch, but the action may change without warning.
+
+name: Ruby
+
+env:
+    SECRETS_TOKEN: ${{ secrets.PAT }}
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Install my-app token
+        id: my-app
+        uses: getsentry/action-github-app-token@v3
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - uses: actions/checkout@v5
+      - name: Add outside users to organization
+        run: |
+          users=$(curl -L -s \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ steps.my-app.outputs.token }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/collaborators?affiliation=outside \
+            | jq '.[] .id')
+          for user in $users
+          do
+            curl -s -L -o /dev/null \
+              -X POST \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer ${{ steps.my-app.outputs.token }}" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              https://api.github.com/orgs/${{ github.repository_owner }}/invitations \
+              -d "{\"invitee_id\": $user}"
+          done
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.2'
+          working-directory: '.github/tests'
+          bundler-cache: true
+      - name: Run tests
+        env:
+          URL: ${{ github.repository }}
+          TOKEN: ${{ steps.my-app.outputs.token }}
+        working-directory: '.github/tests'
+        run: 
+          ruby test/script_test.rb

README.md

@@ -0,0 +1,32 @@
+# Task on GitHub Topic
+
+1. Add user `softservedata` to this repository.
+
+2. Create branch `develop` as default branch.
+
+3. Protect branches `main` and `develop` with these rules:
+- user can't merge to both branches without pull request
+- allowed to merge to `develop` branch only if we have 2 approvals
+- merge to `main` branch allowed if only owner approved PR
+- assign the user `softservedata` as the code owner for all the files in the `main` branch
+4. Add template (pull_request_template.md) to `.github` directory for creating issue in format:
+
+## Describe your changes
+
+## Issue ticket number and link
+
+## Checklist before requesting a review
+- [ ] I have performed a self-review of my code
+- [ ] If it is a core feature, I have added thorough tests
+- [ ] Do we need to implement analytics?
+- [ ] Will this be part of a product update? If yes, please write one phrase about this update
+
+5. Create project for this repository.
+
+6. Add deploy key with name `DEPLOY_KEY` to your repository.
+
+7. Create discord server and add notification when PR was created.
+
+8. For github actions: 
+- create PAT (Personal Access Token) with **Full control of private repositories** and **Full control of orgs and teams, read and write org projects**
+- add to repository actions secrets key with the name `PAT` and the value of the created PAT