Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor snyk integrator for maximum reusability #811

Merged
merged 20 commits into from
Feb 26, 2024
Merged

Refactor snyk integrator for maximum reusability #811

merged 20 commits into from
Feb 26, 2024

Conversation

NovemberTang
Copy link
Contributor

@NovemberTang NovemberTang commented Feb 23, 2024
edited
Loading

What does this change?

  • Move a lot of PR generation code to common, so that it can be reused when we generate PRs to integrate scala projects with dependabot
  • Refactor the code so that it's more flexible, and can be used to generate an arbitrary PR that changes 1 file in 1 commit, and adds it to an arbitrary project board

The diff here is mostly changes to the lockfile, the code changes represent about 200 lines

Why?

We will be rolling out a workflow file across all scala repos that submits scala dependencies to GitHub, so dependabot can keep an eye on its vulnerabilities. We'll be doing this in much the same way as the Snyk integrator, so want to make this code a little more reusable.

How has it been verified?

  • I've created a dependency-graph-integrator project in this repo, and verified that its PR generation works. PR generation for snyk integrator also still works. I've removed dependency-graph-integrator from this PR for now to keep it a reasonable size, and will put it back in a follow-up PR.
  • Unit tests and CI still pass.
  • Ran snyk integrator PROD from this commit, and you can see it is still generating the correct PR Integrate Scala projects with Snyk #813

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 23, 2024
edited
Loading

Deploy build 3707 of deploy::service-catalogue to CODE

All deployment options

From guardian/actions-riff-raff.

@NovemberTang NovemberTang marked this pull request as ready for review February 23, 2024 10:43
@NovemberTang NovemberTang requested review from a team as code owners February 23, 2024 10:43
NovemberTang
NovemberTang commented Feb 23, 2024
View reviewed changes
packages/common/src/pull-requests.ts
@@ -0,0 +1,138 @@
import { randomBytes } from 'crypto';
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file has just been moved from packages/snyk-integrator/src/pull-requests.ts. I'm not sure why GitHub hasn't picked that up

NovemberTang
NovemberTang commented Feb 23, 2024
View reviewed changes
packages/common/src/types.ts
export interface SnykIntegratorEvent {
name: string;
languages: string[];
}

//GraphQL types for adding PRs to GitHub Projects
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These types have moved here from the deleted file packages/snyk-integrator/src/types.ts

chrislomaxjones
chrislomaxjones approved these changes Feb 23, 2024
View reviewed changes
Copy link
Contributor

@chrislomaxjones chrislomaxjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much neater! had two non-blocking comments.

@NovemberTang
copy contents of snyk integrator with a couple of changes
761aa5a
@NovemberTang
move some PR creation logic to common
bb38b5d
@NovemberTang
add moved code and modified tests
e932fe7
@NovemberTang
rename function correctly
484a5b0
@NovemberTang
move GitHub projects logic to common
d33857f
@NovemberTang
parameterise board number, create new event type, cleanup
14584a1
@NovemberTang
parameterise some more stuff
444fc88
@NovemberTang
more cleanup. Fix imports, delete duplicated file
d2d805d
@NovemberTang
big refactor for maximum resuability
506d478
@NovemberTang
fix tests
d73fd4c
@NovemberTang
clean up imports
e426205
@NovemberTang
refactor dependabot integrator to use new function
0e19004
@NovemberTang
simplify PR generation in dependabot integrator
6b45061
@NovemberTang
only instantiate octokit on PROD or the lambda will break
8266e0b
@NovemberTang
fix readme
8fbbf26
@NovemberTang
remove dependency graph integrator for now and put in a different PR
4fcadd5
@NovemberTang
add unit test for checklist generation
a3dbb38
@NovemberTang
regenerate package lock
fc2b397
@NovemberTang
grab file name correctly
f27ff50
@NovemberTang
address PR comments
171325b
@NovemberTang NovemberTang force-pushed the nt/dependency-graph-integrator branch from 9b8efd1 to 171325b Compare February 23, 2024 16:39
@NovemberTang NovemberTang merged commit 433dc24 into main Feb 26, 2024
2 checks passed
@NovemberTang NovemberTang deleted the nt/dependency-graph-integrator branch February 26, 2024 08:51
@NovemberTang NovemberTang mentioned this pull request Feb 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrislomaxjones chrislomaxjones chrislomaxjones approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NovemberTang @chrislomaxjones