diff --git a/providers/github/resources/github.lr b/providers/github/resources/github.lr index 75095a4fef..5959cb1097 100644 --- a/providers/github/resources/github.lr +++ b/providers/github/resources/github.lr @@ -422,7 +422,9 @@ private github.branch @defaults("name") { // Whether branch protection is enabled isProtected bool // Repository branch HEAD commit - headCommit github.commit + headCommit() github.commit + // Repository branch HEAD commit SHA sum + headCommitSha string // Repository branch protection rules protectionRules() github.branchprotection // Repository branch repository name diff --git a/providers/github/resources/github.lr.go b/providers/github/resources/github.lr.go index c13ea8d9d6..78274211b6 100644 --- a/providers/github/resources/github.lr.go +++ b/providers/github/resources/github.lr.go @@ -719,6 +719,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "github.branch.headCommit": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlGithubBranch).GetHeadCommit()).ToDataRes(types.Resource("github.commit")) }, + "github.branch.headCommitSha": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlGithubBranch).GetHeadCommitSha()).ToDataRes(types.String) + }, "github.branch.protectionRules": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlGithubBranch).GetProtectionRules()).ToDataRes(types.Resource("github.branchprotection")) }, @@ -1712,6 +1715,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlGithubBranch).HeadCommit, ok = plugin.RawToTValue[*mqlGithubCommit](v.Value, v.Error) return }, + "github.branch.headCommitSha": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlGithubBranch).HeadCommitSha, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "github.branch.protectionRules": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlGithubBranch).ProtectionRules, ok = plugin.RawToTValue[*mqlGithubBranchprotection](v.Value, v.Error) return @@ -3943,6 +3950,7 @@ type mqlGithubBranch struct { Name plugin.TValue[string] IsProtected plugin.TValue[bool] HeadCommit plugin.TValue[*mqlGithubCommit] + HeadCommitSha plugin.TValue[string] ProtectionRules plugin.TValue[*mqlGithubBranchprotection] RepoName plugin.TValue[string] Owner plugin.TValue[*mqlGithubUser] @@ -3995,7 +4003,23 @@ func (c *mqlGithubBranch) GetIsProtected() *plugin.TValue[bool] { } func (c *mqlGithubBranch) GetHeadCommit() *plugin.TValue[*mqlGithubCommit] { - return &c.HeadCommit + return plugin.GetOrCompute[*mqlGithubCommit](&c.HeadCommit, func() (*mqlGithubCommit, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("github.branch", c.__id, "headCommit") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.(*mqlGithubCommit), nil + } + } + + return c.headCommit() + }) +} + +func (c *mqlGithubBranch) GetHeadCommitSha() *plugin.TValue[string] { + return &c.HeadCommitSha } func (c *mqlGithubBranch) GetProtectionRules() *plugin.TValue[*mqlGithubBranchprotection] { diff --git a/providers/github/resources/github.lr.manifest.yaml b/providers/github/resources/github.lr.manifest.yaml index 6c5b223e90..3f0d7dba99 100755 --- a/providers/github/resources/github.lr.manifest.yaml +++ b/providers/github/resources/github.lr.manifest.yaml @@ -37,6 +37,8 @@ resources: github.branch: fields: headCommit: {} + headCommitSha: + min_mondoo_version: 9.0.0 isDefault: min_mondoo_version: 6.8.0 isProtected: diff --git a/providers/github/resources/github_repo.go b/providers/github/resources/github_repo.go index 20b1a0ca0e..bd7a9f32ed 100644 --- a/providers/github/resources/github_repo.go +++ b/providers/github/resources/github_repo.go @@ -406,11 +406,6 @@ func (g *mqlGithubRepository) branches() ([]interface{}, error) { res := []interface{}{} for i := range allBranches { branch := allBranches[i] - rc := branch.Commit - mqlCommit, err := newMqlGithubCommit(g.MqlRuntime, rc, ownerLogin, repoName) - if err != nil { - return nil, err - } defaultBranch := false if repoDefaultBranchName == *branch.Name { @@ -418,12 +413,12 @@ func (g *mqlGithubRepository) branches() ([]interface{}, error) { } mqlBranch, err := CreateResource(g.MqlRuntime, "github.branch", map[string]*llx.RawData{ - "name": llx.StringData(branch.GetName()), - "isProtected": llx.BoolData(branch.GetProtected()), - "headCommit": llx.AnyData(mqlCommit), - "repoName": llx.StringData(repoName), - "owner": llx.ResourceData(owner, owner.MqlName()), - "isDefault": llx.BoolData(defaultBranch), + "name": llx.StringData(branch.GetName()), + "isProtected": llx.BoolData(branch.GetProtected()), + "headCommitSha": llx.StringData(branch.GetCommit().GetSHA()), + "repoName": llx.StringData(repoName), + "owner": llx.ResourceData(owner, owner.MqlName()), + "isDefault": llx.BoolData(defaultBranch), }) if err != nil { return nil, err @@ -577,6 +572,22 @@ func (g *mqlGithubBranch) protectionRules() (*mqlGithubBranchprotection, error) return res.(*mqlGithubBranchprotection), nil } +func (g *mqlGithubBranch) headCommit() (*mqlGithubCommit, error) { + ownerName := g.Owner.Data + if ownerName.Login.Error != nil { + return nil, ownerName.Login.Error + } + ownerLogin := ownerName.Login.Data + + commit, err := newMqlGithubCommit(g.MqlRuntime, &github.RepositoryCommit{ + SHA: &g.HeadCommitSha.Data, + }, ownerLogin, g.RepoName.Data) + if err != nil { + return nil, err + } + return commit.(*mqlGithubCommit), nil +} + func newMqlGithubCommit(runtime *plugin.Runtime, rc *github.RepositoryCommit, owner string, repo string) (interface{}, error) { var githubAuthor interface{} var err error