From f523e4b9c85df771d9d3cd2b68664b7cc23b02b4 Mon Sep 17 00:00:00 2001 From: Lucy Bridges Date: Thu, 30 Nov 2023 12:20:15 +0000 Subject: [PATCH] Enable github.security to be run standalone This moves the entrypoint to the self-contained security.py module, which is then called directly from the dokku cron job. --- metrics/app.json | 8 ++++++++ metrics/github/cli.py | 13 ++----------- metrics/github/security.py | 27 +++++++++++++++++++++------ 3 files changed, 31 insertions(+), 17 deletions(-) create mode 100644 metrics/app.json diff --git a/metrics/app.json b/metrics/app.json new file mode 100644 index 00000000..62fcc065 --- /dev/null +++ b/metrics/app.json @@ -0,0 +1,8 @@ +{ + "cron": [ + { + "command": "python -m metrics.github.security", + "schedule": "@daily" + } + ] +} diff --git a/metrics/github/cli.py b/metrics/github/cli.py index 6f3a7e97..fb1660c9 100644 --- a/metrics/github/cli.py +++ b/metrics/github/cli.py @@ -5,10 +5,10 @@ from sqlalchemy import create_engine from ..timescaledb import TimescaleDBWriter, drop_tables -from ..timescaledb.tables import GitHubPullRequests, GitHubVulnerabilities +from ..timescaledb.tables import GitHubPullRequests from ..timescaledb.writer import TIMESCALEDB_URL from ..tools.dates import iter_days, previous_weekday -from . import api, security +from . import api from .prs import drop_archived_prs, process_prs @@ -89,14 +89,6 @@ def pr_throughput(prs, org): process_prs(writer, merged_prs, day, name="prs_merged") -def vulnerabilities(org): - vulns = security.parse_vulnerabilities(security.get_vulnerabilities(org), org) - with TimescaleDBWriter(GitHubVulnerabilities) as writer: - for v in vulns: - date = v.pop("date") - writer.write(date, value=0, **v) - - @click.command() @click.option("--token", required=True, envvar="GITHUB_TOKEN") @click.pass_context @@ -123,4 +115,3 @@ def github(ctx, token): open_prs(prs, org, days_threshold=7) pr_throughput(prs, org) - vulnerabilities(org) diff --git a/metrics/github/security.py b/metrics/github/security.py index 4ada68de..35c8e7d2 100644 --- a/metrics/github/security.py +++ b/metrics/github/security.py @@ -3,6 +3,11 @@ import requests import structlog +from sqlalchemy import create_engine + +from ..timescaledb import TimescaleDBWriter, drop_tables +from ..timescaledb.tables import GitHubVulnerabilities +from ..timescaledb.writer import TIMESCALEDB_URL log = structlog.get_logger() @@ -22,8 +27,8 @@ def make_request(query, variables): ) if not response.ok: - print(response.headers) - print(response.content) + log.info(response.headers) + log.info(response.content) response.raise_for_status() return response.json() @@ -106,10 +111,20 @@ def parse_vulnerabilities(vulnerabilities, org): return results -def print_vulnerabilities(vulns): # pragma: no cover - print(f"There are {len(vulns)} alerts") - print(parse_vulnerabilities(vulns, "opensafely-core")) +def vulnerabilities(org): + vulns = parse_vulnerabilities(get_vulnerabilities(org), org) + with TimescaleDBWriter(GitHubVulnerabilities) as writer: + for v in vulns: + date = v.pop("date") + writer.write(date, value=0, **v) if __name__ == "__main__": # pragma: no cover - print_vulnerabilities(get_vulnerabilities("opensafely-core")) + log.info("Dropping existing github_vulnerabilities table") + engine = create_engine(TIMESCALEDB_URL) + with engine.begin() as connection: + drop_tables(connection, prefix="github_vulnerabilities") + log.info("Dropped existing github_vulnerabilities table") + + vulnerabilities("ebmdatalab") + vulnerabilities("opensafely-core")