Enable github.security to be run standalone

This moves the entrypoint to the self-contained security.py module, which is then called directly from the dokku cron job.
ebmdatalab · Nov 30, 2023 · f523e4b · f523e4b
1 parent 1bdadd8
commit f523e4b
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 17 deletions.
diff --git a/metrics/app.json b/metrics/app.json
@@ -0,0 +1,8 @@
+{
+    "cron": [
+      {
+        "command": "python -m metrics.github.security",
+        "schedule": "@daily"
+      }
+    ]
+}
diff --git a/metrics/github/cli.py b/metrics/github/cli.py
@@ -5,10 +5,10 @@
 from sqlalchemy import create_engine
 
 from ..timescaledb import TimescaleDBWriter, drop_tables
-from ..timescaledb.tables import GitHubPullRequests, GitHubVulnerabilities
+from ..timescaledb.tables import GitHubPullRequests
 from ..timescaledb.writer import TIMESCALEDB_URL
 from ..tools.dates import iter_days, previous_weekday
-from . import api, security
+from . import api
 from .prs import drop_archived_prs, process_prs
 
 
@@ -89,14 +89,6 @@ def pr_throughput(prs, org):
             process_prs(writer, merged_prs, day, name="prs_merged")
 
 
-def vulnerabilities(org):
-    vulns = security.parse_vulnerabilities(security.get_vulnerabilities(org), org)
-    with TimescaleDBWriter(GitHubVulnerabilities) as writer:
-        for v in vulns:
-            date = v.pop("date")
-            writer.write(date, value=0, **v)
-
-
 @click.command()
 @click.option("--token", required=True, envvar="GITHUB_TOKEN")
 @click.pass_context
@@ -123,4 +115,3 @@ def github(ctx, token):
 
         open_prs(prs, org, days_threshold=7)
         pr_throughput(prs, org)
-        vulnerabilities(org)
diff --git a/metrics/github/security.py b/metrics/github/security.py
@@ -3,6 +3,11 @@
 
 import requests
 import structlog
+from sqlalchemy import create_engine
+
+from ..timescaledb import TimescaleDBWriter, drop_tables
+from ..timescaledb.tables import GitHubVulnerabilities
+from ..timescaledb.writer import TIMESCALEDB_URL
 
 
 log = structlog.get_logger()
@@ -22,8 +27,8 @@ def make_request(query, variables):
     )
 
     if not response.ok:
-        print(response.headers)
-        print(response.content)
+        log.info(response.headers)
+        log.info(response.content)
 
     response.raise_for_status()
     return response.json()
@@ -106,10 +111,20 @@ def parse_vulnerabilities(vulnerabilities, org):
     return results
 
 
-def print_vulnerabilities(vulns):  # pragma: no cover
-    print(f"There are {len(vulns)} alerts")
-    print(parse_vulnerabilities(vulns, "opensafely-core"))
+def vulnerabilities(org):
+    vulns = parse_vulnerabilities(get_vulnerabilities(org), org)
+    with TimescaleDBWriter(GitHubVulnerabilities) as writer:
+        for v in vulns:
+            date = v.pop("date")
+            writer.write(date, value=0, **v)
 
 
 if __name__ == "__main__":  # pragma: no cover
-    print_vulnerabilities(get_vulnerabilities("opensafely-core"))
+    log.info("Dropping existing github_vulnerabilities table")
+    engine = create_engine(TIMESCALEDB_URL)
+    with engine.begin() as connection:
+        drop_tables(connection, prefix="github_vulnerabilities")
+    log.info("Dropped existing github_vulnerabilities table")
+
+    vulnerabilities("ebmdatalab")
+    vulnerabilities("opensafely-core")