From 8e70bb43988afd2b9468ce3517f80ea3fef90e7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Su=C3=B1=C3=A9?= <39730064+josunefon@users.noreply.github.com> Date: Fri, 5 May 2023 11:24:08 +0200 Subject: [PATCH 01/22] Update local.settings.json --- .../GitHubDashboard-Contributors/src/local.settings.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/local.settings.json b/dashboards/GitHubDashboard-Contributors/src/local.settings.json index 46ef1384..82f264f0 100644 --- a/dashboards/GitHubDashboard-Contributors/src/local.settings.json +++ b/dashboards/GitHubDashboard-Contributors/src/local.settings.json @@ -3,8 +3,8 @@ "Values": { "owner": "Azure", "repository": "CCOInsights", - "resourceGroup": "GithubccotestRG", - "storageAccount": "ccoghcontsta", + "resourceGroup": "CCOInsights-GH", + "storageAccount": "globalazureccoghstg", "pat": "<>" } -} \ No newline at end of file +} From 34b43ee2cfa144376330aa462441ba4713d6acf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Su=C3=B1=C3=A9?= <39730064+josunefon@users.noreply.github.com> Date: Fri, 5 May 2023 11:25:30 +0200 Subject: [PATCH 02/22] Update deploy.bicep --- .../GitHubDashboard-Contributors/infrastructure/deploy.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/infrastructure/deploy.bicep b/dashboards/GitHubDashboard-Contributors/infrastructure/deploy.bicep index 161366f6..3f95ffd3 100644 --- a/dashboards/GitHubDashboard-Contributors/infrastructure/deploy.bicep +++ b/dashboards/GitHubDashboard-Contributors/infrastructure/deploy.bicep @@ -1,8 +1,8 @@ @description('Base name to be used in all resources') -param name string = 'cco-github-contributions' +param name string = 'cco-github' @description('Name of the sotrage account') -param staname string = 'ccoghcontsta' +param staname string = 'globalazureccoghstg' @description('Location where resources should be deployed') param location string = resourceGroup().location From 88105158b07584034fdd7df0a6a5d1bcc536b8df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Su=C3=B1=C3=A9?= <39730064+josunefon@users.noreply.github.com> Date: Mon, 8 May 2023 15:28:28 +0200 Subject: [PATCH 03/22] Update gh-contributions.yml --- .github/workflows/gh-contributions.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index 02de7dab..63635894 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -19,10 +19,9 @@ jobs: with: fetch-depth: 0 - name: Azure Login - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true + run: | + az login --service-principal -u "${{ secrets.AZURE_AD_CLIENT_ID }}" -p "${{ secrets.AZURE_AD_CLIENT_SECRET }}" --tenant "${{ secrets.AZURE_AD_TENANT_ID }}" + az account set -s "${{ secrets.ARM_SUBSCRIPTION_ID }}" - name: "Deploy infrastructure" id: rg uses: azure/arm-deploy@v1 From 6a0fe7daaa23a072a40f7c450fba228a350255a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Su=C3=B1=C3=A9?= <39730064+josunefon@users.noreply.github.com> Date: Mon, 8 May 2023 15:53:59 +0200 Subject: [PATCH 04/22] Update gh-contributions.yml --- .github/workflows/gh-contributions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index 63635894..0bbaad6c 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -43,7 +43,7 @@ jobs: run: | # Initialize parameters Install-Module -Name Az.Functions -Force - $functionApp = Get-AzFunctionApp -ResourceGroupName '${{ github.event.inputs.resourceGroupName }}' + $functionApp = Get-AzFunctionApp -ResourceGroupName '${{ github.event.inputs.resourceGroupName }}' -SubscriptionId "${{ secrets.ARM_SUBSCRIPTION_ID }}" $functionAppName = $functionApp[0].Name $DeployFunctionInputs = @{ ResourceGroup = '${{ github.event.inputs.resourceGroupName }}' From 1b767a376c08176b1e1ac7ba4c34e3368c4a13ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Su=C3=B1=C3=A9?= <39730064+josunefon@users.noreply.github.com> Date: Mon, 8 May 2023 16:02:18 +0200 Subject: [PATCH 05/22] Update gh-contributions.yml --- .github/workflows/gh-contributions.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index 0bbaad6c..399c041d 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -43,8 +43,9 @@ jobs: run: | # Initialize parameters Install-Module -Name Az.Functions -Force - $functionApp = Get-AzFunctionApp -ResourceGroupName '${{ github.event.inputs.resourceGroupName }}' -SubscriptionId "${{ secrets.ARM_SUBSCRIPTION_ID }}" + $functionApp = Get-AzFunctionApp -ResourceGroupName '${{ github.event.inputs.resourceGroupName }}' $functionAppName = $functionApp[0].Name + az account set -s "${{ secrets.ARM_SUBSCRIPTION_ID }}" $DeployFunctionInputs = @{ ResourceGroup = '${{ github.event.inputs.resourceGroupName }}' FunctionAppName = $functionAppName From de4c8d5771f58bcde8cc03fcc60a00c00fb61574 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Mon, 8 May 2023 16:16:10 +0200 Subject: [PATCH 06/22] Update gh-contributions.yml --- .github/workflows/gh-contributions.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index 399c041d..ab08fae1 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -39,13 +39,14 @@ jobs: } ./tools/scripts/Convert-TokenInFile.ps1 @ConvertTokenListFunctionInput -Verbose - name: "Deploy code" - shell: pwsh - run: | + uses: azure/powershell@v1 + with: + azPSVersion: "latest" + inlineScript: | # Initialize parameters Install-Module -Name Az.Functions -Force $functionApp = Get-AzFunctionApp -ResourceGroupName '${{ github.event.inputs.resourceGroupName }}' $functionAppName = $functionApp[0].Name - az account set -s "${{ secrets.ARM_SUBSCRIPTION_ID }}" $DeployFunctionInputs = @{ ResourceGroup = '${{ github.event.inputs.resourceGroupName }}' FunctionAppName = $functionAppName From fc1ff7baaa11bbb8405f301606408e84efe52b76 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Mon, 8 May 2023 16:26:08 +0200 Subject: [PATCH 07/22] Update gh-contributions.yml --- .github/workflows/gh-contributions.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index ab08fae1..50ed2414 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -18,10 +18,15 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 - - name: Azure Login - run: | - az login --service-principal -u "${{ secrets.AZURE_AD_CLIENT_ID }}" -p "${{ secrets.AZURE_AD_CLIENT_SECRET }}" --tenant "${{ secrets.AZURE_AD_TENANT_ID }}" - az account set -s "${{ secrets.ARM_SUBSCRIPTION_ID }}" + - name: Login via Az module + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + enable-AzPSSession: true + #- name: Azure Login + # run: | + # az login --service-principal -u "${{ secrets.AZURE_AD_CLIENT_ID }}" -p "${{ secrets.AZURE_AD_CLIENT_SECRET }}" --tenant "${{ secrets.AZURE_AD_TENANT_ID }}" + # az account set -s "${{ secrets.ARM_SUBSCRIPTION_ID }}" - name: "Deploy infrastructure" id: rg uses: azure/arm-deploy@v1 @@ -44,7 +49,7 @@ jobs: azPSVersion: "latest" inlineScript: | # Initialize parameters - Install-Module -Name Az.Functions -Force + #Install-Module -Name Az.Functions -Force $functionApp = Get-AzFunctionApp -ResourceGroupName '${{ github.event.inputs.resourceGroupName }}' $functionAppName = $functionApp[0].Name $DeployFunctionInputs = @{ From fddb5a2894af3d170f7356aa7886430f498070a1 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Mon, 8 May 2023 16:42:35 +0200 Subject: [PATCH 08/22] Update gh-contributions.yml Ubuntu-latest --- .github/workflows/gh-contributions.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index 50ed2414..18e12955 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -11,7 +11,7 @@ on: jobs: deploy_dashboard: - runs-on: windows-2022 + runs-on: ubuntu-latest name: "Dashboard Backend" steps: - name: "Checkout" @@ -22,11 +22,7 @@ jobs: uses: azure/login@v1 with: creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true - #- name: Azure Login - # run: | - # az login --service-principal -u "${{ secrets.AZURE_AD_CLIENT_ID }}" -p "${{ secrets.AZURE_AD_CLIENT_SECRET }}" --tenant "${{ secrets.AZURE_AD_TENANT_ID }}" - # az account set -s "${{ secrets.ARM_SUBSCRIPTION_ID }}" + enable-AzPSSession: true - name: "Deploy infrastructure" id: rg uses: azure/arm-deploy@v1 From bde0173e04ae899e11919f9ca05a8ebdfcbff964 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Mon, 8 May 2023 16:48:30 +0200 Subject: [PATCH 09/22] Update gh-contributions.yml Using OIDC --- .github/workflows/gh-contributions.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index 18e12955..36166063 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -9,6 +9,10 @@ on: required: true default: "" +permissions: + id-token: write + contents: read + jobs: deploy_dashboard: runs-on: ubuntu-latest @@ -21,7 +25,9 @@ jobs: - name: Login via Az module uses: azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_AD_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_AD_TENANT_ID }} + subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }} enable-AzPSSession: true - name: "Deploy infrastructure" id: rg From 2a756b4daebf750a803a0d85c42adcc7748f9625 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Mon, 8 May 2023 17:13:24 +0200 Subject: [PATCH 10/22] Update gh-contributions.yml using github.workspace var --- .github/workflows/gh-contributions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index 36166063..c71aa010 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -60,4 +60,4 @@ jobs: Dashboard = 'GitHub' } # Invoke Function - ./tools/scripts/deploy-function.ps1 @DeployFunctionInputs -Verbose + ${{ github.workspace }}/tools/scripts/deploy-function.ps1 @DeployFunctionInputs -Verbose From c9a21bc1774a94213872f30244c70326a40624bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Su=C3=B1=C3=A9?= <39730064+josunefon@users.noreply.github.com> Date: Mon, 8 May 2023 17:17:34 +0200 Subject: [PATCH 11/22] get secrets added --- .../GitHubDailySync/run.ps1 | 3 +- .../InitializeTables/run.ps1 | 1 + .../Modules/Common/Common.psm1 | 65 +++++++++++++++++-- 3 files changed, 61 insertions(+), 8 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/GitHubDailySync/run.ps1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/GitHubDailySync/run.ps1 index 4476918e..2e3afa10 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/GitHubDailySync/run.ps1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/GitHubDailySync/run.ps1 @@ -13,4 +13,5 @@ $pullRequestsNumbers = Get-ClosedPullRequests -DailyRefresh Get-Stargazers Get-Traffic Get-Issues -DailyRefresh -Get-Releases \ No newline at end of file +Get-Releases +Get-Secrets \ No newline at end of file diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 index 411d65cc..7c311ff9 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 @@ -14,3 +14,4 @@ Get-Contributors -users $users Get-Traffic Get-Issues Get-Releases +Get-Secrets \ No newline at end of file diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index 46e91e3e..9e0f789f 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -162,7 +162,7 @@ Function Get-OpenPullRequests { [Parameter(Mandatory = $false)] [Switch]$DailyRefresh ) - + $owner = $env:owner $repository = $env:repository $pat = $env:pat @@ -220,7 +220,7 @@ Function Get-ClosedPullRequests { [Parameter(Mandatory = $false)] [Switch]$DailyRefresh ) - + $owner = $env:owner $repository = $env:repository $pat = $env:pat @@ -330,7 +330,7 @@ Function Get-Contributors { $header = @{authorization = "token $pat" } $count = 0 $users | ForEach-Object { - + $count += 1 $usersUrl = "https://api.github.com/users/$_" $userData = Invoke-RestMethod -Uri $usersUrl -Method Get -ContentType "application/json" -Headers $header @@ -460,7 +460,7 @@ Function Get-Releases { Write-Host "Fetching Releases..." try { - + $releases = Invoke-RestMethod -Uri $tagsBaseUrl -Method Get -ContentType "application/json" -Headers $header $dashboardReleases = @() if ($releases.Count -gt 0) { @@ -468,12 +468,12 @@ Function Get-Releases { $release = @{ name = $_.tag_name date = $_.published_at - + } Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $release -UpdateExisting | Out-Null $dashboardReleases += $release } - + Write-Host "$($dashboardReleases.Count) github releases successfully loaded" } else { @@ -490,5 +490,56 @@ Function Get-Releases { Write-Host "$($_.Exception.Message)" Write-Host $_.ErrorDetails.Message } - } + } } + +Function Get-Secrets { + $owner = $env:owner + $repository = $env:repository + $pat = $env:pat + + #Create table + $storageAccount = Get-AzStorageAccount -Name $env:storageAccount -ResourceGroupName $env:resourceGroup + $ctx = $storageAccount.Context + $partitionKey = "secrets" + New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null + $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable + + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/dependabot/secrets" + $header = @{authorization = "token $pat" } + + Write-Host "Fetching secrets..." + + try { + + $secrets = Invoke-RestMethod -Uri $tagsBaseUrl -Method Get -ContentType "application/json" -Headers $header + $dashboardsecrets = @() + if ($secrets.Count -gt 0) { + $secrets | ForEach-Object { + $secret = @{ + name = $_.name + } + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $secret -UpdateExisting | Out-Null + $dashboardsecrets += $secret + } + + Write-Host "$($dashboardsecrets.Count) github secrets successfully loaded" + } + else { + Write-Host "There are no secrets in the repository: $repository" + } + } + catch { + $StatusCode = $_.Exception.Response.StatusCode.value__ + if ($StatusCode -eq "404") { + Write-Host "secrets not found in the Repository: $repository" + Write-Host $_.ErrorDetails.Message + } + else { + Write-Host "$($_.Exception.Message)" + Write-Host $_.ErrorDetails.Message + } + } +} + + From 6684460d43f62c0db725f8111908bacef9775e30 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Mon, 8 May 2023 17:19:45 +0200 Subject: [PATCH 12/22] Update gh-contributions.yml --- .github/workflows/gh-contributions.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index c71aa010..fb97d6d3 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -15,7 +15,7 @@ permissions: jobs: deploy_dashboard: - runs-on: ubuntu-latest + runs-on: windows-2022 name: "Dashboard Backend" steps: - name: "Checkout" @@ -60,4 +60,4 @@ jobs: Dashboard = 'GitHub' } # Invoke Function - ${{ github.workspace }}/tools/scripts/deploy-function.ps1 @DeployFunctionInputs -Verbose + ./tools/scripts/deploy-function.ps1 @DeployFunctionInputs -Verbose From 1945f94b5474e32c515028df32d4ad890d3ef55b Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 01:28:51 +0200 Subject: [PATCH 13/22] New security functions --- .../InitializeTables/run.ps1 | 5 +- .../Modules/Common/Common.psm1 | 162 +++++++++++++++++- .../src/local.settings.json | 16 +- 3 files changed, 171 insertions(+), 12 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 index 7c311ff9..a014e252 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 @@ -14,4 +14,7 @@ Get-Contributors -users $users Get-Traffic Get-Issues Get-Releases -Get-Secrets \ No newline at end of file +Get-Secrets +Get-CodeScanningAlerts +Get-CodeScanningAnalysis +Get-SecretScanningAlerts \ No newline at end of file diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index 9e0f789f..37a87983 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -501,11 +501,11 @@ Function Get-Secrets { #Create table $storageAccount = Get-AzStorageAccount -Name $env:storageAccount -ResourceGroupName $env:resourceGroup $ctx = $storageAccount.Context - $partitionKey = "secrets" + $partitionKey = "Secrets" New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable - $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/dependabot/secrets" + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/actions/secrets" $header = @{authorization = "token $pat" } Write-Host "Fetching secrets..." @@ -532,7 +532,7 @@ Function Get-Secrets { catch { $StatusCode = $_.Exception.Response.StatusCode.value__ if ($StatusCode -eq "404") { - Write-Host "secrets not found in the Repository: $repository" + Write-Host "Secrets not found in the Repository: $repository" Write-Host $_.ErrorDetails.Message } else { @@ -542,4 +542,160 @@ Function Get-Secrets { } } +Function Get-CodeScanningAlerts { + $owner = $env:owner + $repository = $env:repository + $pat = $env:pat + + #Create table + $storageAccount = Get-AzStorageAccount -Name $env:storageAccount -ResourceGroupName $env:resourceGroup + $ctx = $storageAccount.Context + $partitionKey = "CodeScanningAlerts" + New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null + $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable + + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/alerts" + $header = @{authorization = "token $pat" } + + Write-Host "Fetching alerts..." + + try { + + $alerts = Invoke-RestMethod -Uri $tagsBaseUrl -Method Get -ContentType "application/json" -Headers $header + $dashboardalerts = @() + if ($alerts.Count -gt 0) { + $alerts | ForEach-Object { + $alert = @{ + state = $_.state + name = $_.rule.name + security_level = $_.rule.security_severity_level + tool = $_.tool.name + version_tool = $_.tool.version + } + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $alert -UpdateExisting | Out-Null + $dashboardalerts += $alert + } + + Write-Host "$($dashboardalerts.Count) github code scanning alerts successfully loaded" + } + else { + Write-Host "There are no code scanning alerts in the repository: $repository" + } + } + catch { + $StatusCode = $_.Exception.Response.StatusCode.value__ + if ($StatusCode -eq "404") { + Write-Host "Code Scanning alerts not found in the Repository: $repository" + Write-Host $_.ErrorDetails.Message + } + else { + Write-Host "$($_.Exception.Message)" + Write-Host $_.ErrorDetails.Message + } + } +} + +Function Get-SecretScanningAlerts { + $owner = $env:owner + $repository = $env:repository + $pat = $env:pat + #Create table + $storageAccount = Get-AzStorageAccount -Name $env:storageAccount -ResourceGroupName $env:resourceGroup + $ctx = $storageAccount.Context + $partitionKey = "SecretScanningAlerts" + New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null + $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable + + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/secret-scanning/alerts" + $header = @{authorization = "token $pat" } + + Write-Host "Fetching alerts..." + + try { + + $alerts = Invoke-RestMethod -Uri $tagsBaseUrl -Method Get -ContentType "application/json" -Headers $header + $dashboardalerts = @() + if ($alerts.Count -gt 0) { + $alerts | ForEach-Object { + $alert = @{ + created_at = $_.created_at + updated_at = $_.updated_at + state = $_.state + type = $_.secret_type_display_name + push_protection_bypassed = $_.push_protection_bypassed + } + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $alert -UpdateExisting | Out-Null + $dashboardalerts += $alert + } + + Write-Host "$($dashboardalerts.Count) github secret scanning alerts successfully loaded" + } + else { + Write-Host "There are no secret scanning alerts in the repository: $repository" + } + } + catch { + $StatusCode = $_.Exception.Response.StatusCode.value__ + if ($StatusCode -eq "404") { + Write-Host "Secret Scanning alerts not found in the Repository: $repository" + Write-Host $_.ErrorDetails.Message + } + else { + Write-Host "$($_.Exception.Message)" + Write-Host $_.ErrorDetails.Message + } + } +} + +Function Get-CodeScanningAnalysis { + $owner = $env:owner + $repository = $env:repository + $pat = $env:pat + + #Create table + $storageAccount = Get-AzStorageAccount -Name $env:storageAccount -ResourceGroupName $env:resourceGroup + $ctx = $storageAccount.Context + $partitionKey = "CodeScanningAnalysis" + New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null + $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable + + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/analysis" + $header = @{authorization = "token $pat" } + + Write-Host "Fetching analysis..." + + try { + + $analysis = Invoke-RestMethod -Uri $tagsBaseUrl -Method Get -ContentType "application/json" -Headers $header + $dashboardanalysis = @() + if ($analysis.Count -gt 0) { + $analysis | ForEach-Object { + $a = @{ + category = $_.category + created_at = $_.created_at + results_count = $_.results_count + rules_count = $_.rules_count + } + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $a -UpdateExisting | Out-Null + $dashboardanalysis += $a + } + + Write-Host "$($dashboardanalysis.Count) github code scanning analysis successfully loaded" + } + else { + Write-Host "There are no code scanning analysis in the repository: $repository" + } + } + catch { + $StatusCode = $_.Exception.Response.StatusCode.value__ + if ($StatusCode -eq "404") { + Write-Host "Code Scanning analysis not found in the Repository: $repository" + Write-Host $_.ErrorDetails.Message + } + else { + Write-Host "$($_.Exception.Message)" + Write-Host $_.ErrorDetails.Message + } + } +} \ No newline at end of file diff --git a/dashboards/GitHubDashboard-Contributors/src/local.settings.json b/dashboards/GitHubDashboard-Contributors/src/local.settings.json index 82f264f0..608bf332 100644 --- a/dashboards/GitHubDashboard-Contributors/src/local.settings.json +++ b/dashboards/GitHubDashboard-Contributors/src/local.settings.json @@ -1,10 +1,10 @@ { - "IsEncrypted": false, - "Values": { - "owner": "Azure", - "repository": "CCOInsights", - "resourceGroup": "CCOInsights-GH", - "storageAccount": "globalazureccoghstg", - "pat": "<>" - } + "IsEncrypted": false, + "Values": { + "owner": "joselcaguilar", + "repository": "code-scanning-javascript-demo", + "resourceGroup": "CCOInsights-GH", + "storageAccount": "globalazureccoghstg", + "pat": "<>" + } } From 786617522360294d1c49b1d5a5fffb9d987a8f0c Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 01:43:37 +0200 Subject: [PATCH 14/22] Adding dependabot alerts --- .../InitializeTables/run.ps1 | 1 + .../Modules/Common/Common.psm1 | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 index a014e252..50349c0b 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/InitializeTables/run.ps1 @@ -17,4 +17,5 @@ Get-Releases Get-Secrets Get-CodeScanningAlerts Get-CodeScanningAnalysis +Get-DependabotAlerts Get-SecretScanningAlerts \ No newline at end of file diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index 37a87983..f39aebe1 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -595,6 +595,59 @@ Function Get-CodeScanningAlerts { } } +Function Get-DependabotAlerts { + $owner = $env:owner + $repository = $env:repository + $pat = $env:pat + + #Create table + $storageAccount = Get-AzStorageAccount -Name $env:storageAccount -ResourceGroupName $env:resourceGroup + $ctx = $storageAccount.Context + $partitionKey = "DependabotAlerts" + New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null + $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable + + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/dependabot/alerts" + $header = @{authorization = "token $pat" } + + Write-Host "Fetching alerts..." + + try { + + $alerts = Invoke-RestMethod -Uri $tagsBaseUrl -Method Get -ContentType "application/json" -Headers $header + $dashboardalerts = @() + if ($alerts.Count -gt 0) { + $alerts | ForEach-Object { + $alert = @{ + created_at = $_.created_at + updated_at = $_.updated_at + state = $_.state + type = $_.secret_type_display_name + push_protection_bypassed = $_.push_protection_bypassed + } + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $alert -UpdateExisting | Out-Null + $dashboardalerts += $alert + } + + Write-Host "$($dashboardalerts.Count) github dependabot alerts successfully loaded" + } + else { + Write-Host "There are no dependabot alerts in the repository: $repository" + } + } + catch { + $StatusCode = $_.Exception.Response.StatusCode.value__ + if ($StatusCode -eq "404") { + Write-Host "Dependabot alerts not found in the Repository: $repository" + Write-Host $_.ErrorDetails.Message + } + else { + Write-Host "$($_.Exception.Message)" + Write-Host $_.ErrorDetails.Message + } + } +} + Function Get-SecretScanningAlerts { $owner = $env:owner $repository = $env:repository From 006234ae0eeb47ba6ca8cabff3b1aa753912af0e Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 02:27:15 +0200 Subject: [PATCH 15/22] Minor fixes --- .../Modules/Common/Common.psm1 | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index f39aebe1..34fda204 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -512,7 +512,7 @@ Function Get-Secrets { try { - $secrets = Invoke-RestMethod -Uri $tagsBaseUrl -Method Get -ContentType "application/json" -Headers $header + $secrets = (Invoke-RestMethod -Uri $tagsBaseUrl -Method Get -ContentType "application/json" -Headers $header).secrets $dashboardsecrets = @() if ($secrets.Count -gt 0) { $secrets | ForEach-Object { @@ -619,11 +619,14 @@ Function Get-DependabotAlerts { if ($alerts.Count -gt 0) { $alerts | ForEach-Object { $alert = @{ - created_at = $_.created_at - updated_at = $_.updated_at - state = $_.state - type = $_.secret_type_display_name - push_protection_bypassed = $_.push_protection_bypassed + published_at = $_.published_at + state = $_.state + dependency = $_.vulnerabilities[0].package.name + vulnerable_version = $_.vulnerabilities[0].vulnerable_version_range + first_patched_version = $_.vulnerabilities[0].first_patched_version.identifier + cve = $_.security_advisory.cve_id + severity = $_.security_advisory.severity + cvss_score = $_.cvss.score } Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $alert -UpdateExisting | Out-Null $dashboardalerts += $alert @@ -713,7 +716,7 @@ Function Get-CodeScanningAnalysis { New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable - $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/analysis" + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/analyses" $header = @{authorization = "token $pat" } Write-Host "Fetching analysis..." From c9d77db167947fd0de3b6b8d159db52e3f9a2b8c Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 02:31:00 +0200 Subject: [PATCH 16/22] Adding created_at and updated_at to secrets endpoint call --- .../src/GitHubContributions/Modules/Common/Common.psm1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index 34fda204..99ed834a 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -517,7 +517,9 @@ Function Get-Secrets { if ($secrets.Count -gt 0) { $secrets | ForEach-Object { $secret = @{ - name = $_.name + name = $_.name + created_at = $_.created_at + updated_at = $_.updated_at } Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $secret -UpdateExisting | Out-Null $dashboardsecrets += $secret From b025e2dd88feccace4933343579515053d587551 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 03:00:55 +0200 Subject: [PATCH 17/22] Minor fixes to dependabot --- .../src/GitHubContributions/Modules/Common/Common.psm1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index 99ed834a..f69f4843 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -623,12 +623,12 @@ Function Get-DependabotAlerts { $alert = @{ published_at = $_.published_at state = $_.state - dependency = $_.vulnerabilities[0].package.name - vulnerable_version = $_.vulnerabilities[0].vulnerable_version_range - first_patched_version = $_.vulnerabilities[0].first_patched_version.identifier + dependency = $_.dependency.package.name + vulnerable_version = $_.security_vulnerability.vulnerable_version_range + first_patched_version = $_.security_vulnerability.first_patched_version.identifier cve = $_.security_advisory.cve_id - severity = $_.security_advisory.severity - cvss_score = $_.cvss.score + severity = $_.security_vulnerability.severity + cvss_score = $_.security_advisory.cvss.score } Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $alert -UpdateExisting | Out-Null $dashboardalerts += $alert From 9a2cd10c72dd075c3e8b41d6bde7fc9638dd8d1b Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 03:18:11 +0200 Subject: [PATCH 18/22] Debugging --- .../src/GitHubContributions/Modules/Common/Common.psm1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index f69f4843..42f87bbd 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -559,7 +559,7 @@ Function Get-CodeScanningAlerts { $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/alerts" $header = @{authorization = "token $pat" } - Write-Host "Fetching alerts..." + Write-Host "Fetching code scanning alerts..." try { @@ -612,7 +612,7 @@ Function Get-DependabotAlerts { $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/dependabot/alerts" $header = @{authorization = "token $pat" } - Write-Host "Fetching alerts..." + Write-Host "Fetching dependabot alerts..." try { @@ -621,7 +621,7 @@ Function Get-DependabotAlerts { if ($alerts.Count -gt 0) { $alerts | ForEach-Object { $alert = @{ - published_at = $_.published_at + created_at = $_.created_at state = $_.state dependency = $_.dependency.package.name vulnerable_version = $_.security_vulnerability.vulnerable_version_range @@ -668,7 +668,7 @@ Function Get-SecretScanningAlerts { $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/secret-scanning/alerts" $header = @{authorization = "token $pat" } - Write-Host "Fetching alerts..." + Write-Host "Fetching secret scanning alerts..." try { @@ -721,7 +721,7 @@ Function Get-CodeScanningAnalysis { $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/analyses" $header = @{authorization = "token $pat" } - Write-Host "Fetching analysis..." + Write-Host "Fetching code scanning analysis..." try { From 5d8d749c473545dfc45968192e9508ee804e14de Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 09:24:25 +0200 Subject: [PATCH 19/22] RowKeys fixed --- .../src/GitHubContributions/Modules/Common/Common.psm1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index 42f87bbd..422c8b0f 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -574,7 +574,7 @@ Function Get-CodeScanningAlerts { tool = $_.tool.name version_tool = $_.tool.version } - Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $alert -UpdateExisting | Out-Null + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.rule.id -property $alert -UpdateExisting | Out-Null $dashboardalerts += $alert } @@ -630,7 +630,7 @@ Function Get-DependabotAlerts { severity = $_.security_vulnerability.severity cvss_score = $_.security_advisory.cvss.score } - Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $alert -UpdateExisting | Out-Null + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.security_advisory.cve_id -property $alert -UpdateExisting | Out-Null $dashboardalerts += $alert } @@ -683,7 +683,7 @@ Function Get-SecretScanningAlerts { type = $_.secret_type_display_name push_protection_bypassed = $_.push_protection_bypassed } - Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $alert -UpdateExisting | Out-Null + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.secret -property $alert -UpdateExisting | Out-Null $dashboardalerts += $alert } @@ -735,7 +735,7 @@ Function Get-CodeScanningAnalysis { results_count = $_.results_count rules_count = $_.rules_count } - Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.name -property $a -UpdateExisting | Out-Null + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.id -property $a -UpdateExisting | Out-Null $dashboardanalysis += $a } From a96282cf0f714dc0b261526bd60e34d460491173 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 10:03:25 +0200 Subject: [PATCH 20/22] Minor fix for code scanning alert rowkey --- .../src/GitHubContributions/Modules/Common/Common.psm1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index 422c8b0f..a9b05a5b 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -574,7 +574,8 @@ Function Get-CodeScanningAlerts { tool = $_.tool.name version_tool = $_.tool.version } - Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $_.rule.id -property $alert -UpdateExisting | Out-Null + $rowKey = ($_.rule.id).Replace("/", "-") + Add-AzTableRow -table $table -partitionKey $partitionKey -rowKey $rowKey -property $alert -UpdateExisting | Out-Null $dashboardalerts += $alert } From 925f14edbbb23e680ce854c5e2874ef96d907986 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Tue, 9 May 2023 10:35:35 +0200 Subject: [PATCH 21/22] Adding per_page query param to GHAS queries --- .../src/GitHubContributions/Modules/Common/Common.psm1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 index a9b05a5b..95c23666 100644 --- a/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 +++ b/dashboards/GitHubDashboard-Contributors/src/GitHubContributions/Modules/Common/Common.psm1 @@ -505,7 +505,7 @@ Function Get-Secrets { New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable - $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/actions/secrets" + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/actions/secrets?per_page=100" $header = @{authorization = "token $pat" } Write-Host "Fetching secrets..." @@ -556,7 +556,7 @@ Function Get-CodeScanningAlerts { New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable - $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/alerts" + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/alerts?per_page=100" $header = @{authorization = "token $pat" } Write-Host "Fetching code scanning alerts..." @@ -610,7 +610,7 @@ Function Get-DependabotAlerts { New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable - $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/dependabot/alerts" + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/dependabot/alerts?per_page=100" $header = @{authorization = "token $pat" } Write-Host "Fetching dependabot alerts..." @@ -666,7 +666,7 @@ Function Get-SecretScanningAlerts { New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable - $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/secret-scanning/alerts" + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/secret-scanning/alerts?per_page=100" $header = @{authorization = "token $pat" } Write-Host "Fetching secret scanning alerts..." @@ -719,7 +719,7 @@ Function Get-CodeScanningAnalysis { New-AzStorageTable -Name $partitionKey -Context $ctx -ErrorAction SilentlyContinue | Out-Null $table = (Get-AzStorageTable –Name $partitionKey –Context $ctx).CloudTable - $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/analyses" + $tagsBaseUrl = "https://api.github.com/repos/$($owner)/$($repository)/code-scanning/analyses?per_page=100" $header = @{authorization = "token $pat" } Write-Host "Fetching code scanning analysis..." From 3f73267c6a5a334d75481f4ab6cf7d1dc9d7e284 Mon Sep 17 00:00:00 2001 From: Jose Luis Carrillo Aguilar Date: Wed, 10 May 2023 09:38:33 +0200 Subject: [PATCH 22/22] Ready for PR --- .github/workflows/gh-contributions.yml | 29 +++++++++---------- .../infrastructure/deploy.bicep | 2 +- .../src/local.settings.json | 8 ++--- 3 files changed, 19 insertions(+), 20 deletions(-) diff --git a/.github/workflows/gh-contributions.yml b/.github/workflows/gh-contributions.yml index fb97d6d3..af0f80d1 100644 --- a/.github/workflows/gh-contributions.yml +++ b/.github/workflows/gh-contributions.yml @@ -10,8 +10,8 @@ on: default: "" permissions: - id-token: write - contents: read + id-token: write + contents: read jobs: deploy_dashboard: @@ -48,16 +48,15 @@ jobs: - name: "Deploy code" uses: azure/powershell@v1 with: - azPSVersion: "latest" - inlineScript: | - # Initialize parameters - #Install-Module -Name Az.Functions -Force - $functionApp = Get-AzFunctionApp -ResourceGroupName '${{ github.event.inputs.resourceGroupName }}' - $functionAppName = $functionApp[0].Name - $DeployFunctionInputs = @{ - ResourceGroup = '${{ github.event.inputs.resourceGroupName }}' - FunctionAppName = $functionAppName - Dashboard = 'GitHub' - } - # Invoke Function - ./tools/scripts/deploy-function.ps1 @DeployFunctionInputs -Verbose + azPSVersion: "latest" + inlineScript: | + # Initialize parameters + $functionApp = Get-AzFunctionApp -ResourceGroupName '${{ github.event.inputs.resourceGroupName }}' + $functionAppName = $functionApp[0].Name + $DeployFunctionInputs = @{ + ResourceGroup = '${{ github.event.inputs.resourceGroupName }}' + FunctionAppName = $functionAppName + Dashboard = 'GitHub' + } + # Invoke Function + ./tools/scripts/deploy-function.ps1 @DeployFunctionInputs -Verbose diff --git a/dashboards/GitHubDashboard-Contributors/infrastructure/deploy.bicep b/dashboards/GitHubDashboard-Contributors/infrastructure/deploy.bicep index 3f95ffd3..a3420d30 100644 --- a/dashboards/GitHubDashboard-Contributors/infrastructure/deploy.bicep +++ b/dashboards/GitHubDashboard-Contributors/infrastructure/deploy.bicep @@ -2,7 +2,7 @@ param name string = 'cco-github' @description('Name of the sotrage account') -param staname string = 'globalazureccoghstg' +param staname string = 'ccogithubsta' @description('Location where resources should be deployed') param location string = resourceGroup().location diff --git a/dashboards/GitHubDashboard-Contributors/src/local.settings.json b/dashboards/GitHubDashboard-Contributors/src/local.settings.json index 608bf332..0942f3e0 100644 --- a/dashboards/GitHubDashboard-Contributors/src/local.settings.json +++ b/dashboards/GitHubDashboard-Contributors/src/local.settings.json @@ -1,10 +1,10 @@ { "IsEncrypted": false, "Values": { - "owner": "joselcaguilar", - "repository": "code-scanning-javascript-demo", - "resourceGroup": "CCOInsights-GH", - "storageAccount": "globalazureccoghstg", + "owner": "Azure", + "repository": "CCOInsights", + "resourceGroup": "GithubccotestRG", + "storageAccount": "ccogithubsta", "pat": "<>" } }