checks and manual

Author: xcorail

.github/actions/check/action.yml

@@ -0,0 +1,10 @@
+name: 'check-replication-action'
+description: 'Checks that all external bounties are replicated internally'
+author: 'xcorail'
+inputs:
+  internal_repo: 
+    description: 'The destination repo for the internal issue'
+    default: 'github/securitylab-bounties'
+runs:
+  using: 'node12'
+  main: './check-replication.js'

.github/actions/check/check-replication.js

@@ -0,0 +1,35 @@
+import * as core from '@actions/core'
+import * as github from '@actions/github'
+import { getIssueList, internalIssueAlreadyCreated } from '../replicate/issues'
+
+const run = async (): Promise<void> => {
+    const internalRepoAccessToken: string | undefined = process.env['INT_REPO_TOKEN']
+    const internalRepo = core.getInput('internal_repo') || '/'
+    const [owner, repo] = internalRepo.split('/')
+    const internalIssues = await getIssueList(owner, repo, internalRepoAccessToken, false, false)
+    if(!internalIssues) {
+        core.setFailed(`Internal error. Cannot access the internal repo ${internalRepo}. Aborting`)
+        return
+    } else {
+        const externalIssues = await getIssueList(github.context.repo.owner, github.context.repo.repo, process.env['GITHUB_TOKEN'], true, true)
+        if(!externalIssues) {
+            core.setFailed(`Internal error when retrieving all issues.`)
+            return
+        }
+        let failed = false
+        externalIssues.forEach( issue => {
+            const ref = internalIssueAlreadyCreated(issue?.html_url, internalIssues)
+            if(!ref) {
+                core.debug(`External issue ${issue?.number} is not replicated internally.`)
+                failed = true
+            }
+        })
+        if(failed) {
+            core.setFailed("Some submissions are not replicated internally, see execution logs.")
+        }
+    }
+    return
+}
+
+run()
+

.github/actions/check/check-replication.ts

@@ -1,5 +1,5 @@
-name: 'debug-action'
-description: 'Outputs debug information'
+name: 'replicate-action'
+description: 'Replicates bounty internal'
 author: 'xcorail'
 inputs:
   internal_repo: 
@@ -8,6 +8,9 @@ inputs:
   existing_issue:
     description: 'Launching on existing issues: we check duplicates, and we do not comment the original issue'
     default: false
+  specific_issue:
+    description: 'Specific issue to replicate, in case of manual trigger'
+    default: ''
 runs:
   using: 'node12'
   main: './replicate.js'

.github/actions/replicate/action.yml

@@ -2,7 +2,7 @@ import * as core from '@actions/core'
 import * as github from '@actions/github'
 import * as replicate from './replicate'
 
-export type Issue_info = {title: string, author: string, body: string, number: number}
+export type Issue_info = {title: string, author: string, body: string, number: number, html_url?: string}
 type Issue_state = 'open' | 'all' | 'closed' | undefined
 
 export const getIssueList = async (owner: string, repo: string, token: string | undefined, open: boolean, checkBountyLabels: boolean, per_page?: number) : Promise<Issue_info[] | undefined> => {
@@ -32,7 +32,8 @@ export const getIssueList = async (owner: string, repo: string, token: string |
                     title: issue.title,
                     author: issue.user?.login,
                     body: issue.body? issue.body : '',
-                    number: issue.number
+                    number: issue.number,
+                    html_url: issue.html_url
                 }
                 result.push(item)
             }

.github/actions/replicate/issues.js

@@ -7,6 +7,7 @@ export const BOUNTY_LABELS = ['All For One', 'The Bug Slayer'] as const
 export type BountyType = typeof BOUNTY_LABELS[number]
 type CommentMap = {[K in BountyType]: string}
 export type Issue = {title: string, body: string, labels: string[], bountyType: BountyType}
+type GitHubIssue = { [key: string]: any, number: number, html_url?: string | undefined, body?: string | undefined}
 
 const COMMENT_TASK_LIST_AFO = `## Task List
 - [ ] CodeQL Initial assessment - In case of rejection, please record your decision in the comment below:
@@ -55,8 +56,23 @@ const COMMENT_SCORING = `## Scoring
 
 const COMMENT_FIRST_SUBMISSION = `## :tada: First submission for this user :tada:`
 
-export const generateInternalIssueContentFromPayload = async (payload: WebhookPayload): Promise<Issue | undefined> => {
-    const issue = payload.issue
+const getIssueFromRef = async (issueRef: string | undefined): Promise<GitHubIssue | undefined> => {
+    if(!issueRef)
+        return undefined
+    const token: string | undefined = process.env['GITHUB_TOKEN']
+    if(token === undefined)
+        return undefined
+    const octokit: github.GitHub = new github.GitHub(token)
+    const issueResponse = await octokit.issues.get({
+        owner: github.context.repo.owner,
+        repo: github.context.repo.repo,
+        issue_number: Number(issueRef),
+      });
+    return issueResponse.data  
+}
+
+export const generateInternalIssueContentFromPayload = async (payload?: WebhookPayload, issueRef?: string): Promise<Issue | undefined> => {
+    const issue = await getIssueFromRef(issueRef) || payload?.issue
     let result: Issue = {title: 'none', body: 'none', labels: [], bountyType: 'All For One'}
     let bountyIssue: boolean = false
     let bountyType = ''
@@ -202,7 +218,7 @@ export const isFirstSubmission = async (payload: WebhookPayload, token : string
 }
 
 const run = async (): Promise<void> => {
-    const internalIssue = await generateInternalIssueContentFromPayload(github.context.payload)
+    const internalIssue = await generateInternalIssueContentFromPayload(github.context.payload, core.getInput('specific_issue'))
     if(!internalIssue)
         return
 

.github/actions/replicate/issues.ts

@@ -0,0 +1,19 @@
+name: 'Bounty issue replication workflow'
+on: workflow_dispatch
+
+jobs:
+  build:
+    name: check-replicate-manual
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+        with:
+          fetch-depth: 1
+      - run: npm install
+      - run: npm run build
+      - uses: ./.github/actions/check
+        with:
+          internal_repo: 'github/securitylab-bounties'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          INT_REPO_TOKEN: ${{ secrets.INT_REPO_TOKEN }}

.github/actions/replicate/replicate.js

@@ -0,0 +1,21 @@
+name: 'Bounty issue replication workflow'
+on: 
+  schedule: 
+    - cron: '0 17 * * *'
+
+jobs:
+  build:
+    name: check-replicate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+        with:
+          fetch-depth: 1
+      - run: npm install
+      - run: npm run build
+      - uses: ./.github/actions/check
+        with:
+          internal_repo: 'github/securitylab-bounties'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          INT_REPO_TOKEN: ${{ secrets.INT_REPO_TOKEN }}