51 lines
1.7 KiB
JavaScript
51 lines
1.7 KiB
JavaScript
import fs from 'fs/promises'
|
|
import path from 'path'
|
|
import glob from 'glob'
|
|
|
|
/*
|
|
* Verify that a list of file paths are present and optionally have a CODEOWNERS entry
|
|
*
|
|
* name: Readable description of file(s)
|
|
* path: Path to secure files (must match entry in CODEOWNERS if code owner required)
|
|
* requiredCodeOwner: (optional) Name of code owner if a code owner is required
|
|
*/
|
|
const secureFiles = [
|
|
{
|
|
name: 'Security hardening your deployments',
|
|
path: 'content/actions/deployment/security-hardening-your-deployments/**',
|
|
requiredCodeOwner: 'github/oidc',
|
|
},
|
|
]
|
|
|
|
const codeOwnersFile = await fs.readFile(path.join(process.cwd(), '.github/CODEOWNERS'), 'utf8')
|
|
const codeOwners = codeOwnersFile.split(/\r?\n/)
|
|
|
|
describe('Secure file paths are present and have code owners if required', () => {
|
|
for (const file of secureFiles) {
|
|
test(`secure file(s) check for: ${file.name}`, async () => {
|
|
// Verify file(s) exist in provided path
|
|
const matchingFiles = await new Promise((resolve, reject) => {
|
|
glob(file.path, { strict: true }, (error, files) => {
|
|
if (error) {
|
|
return reject(error)
|
|
}
|
|
resolve(files)
|
|
})
|
|
})
|
|
expect(matchingFiles.length, `Expected to find content in "${file.path}"`).toBeGreaterThan(0)
|
|
|
|
// Verify there are code owners for file(s)
|
|
if (file.requiredCodeOwner) {
|
|
const matchingEntry = codeOwners.find((entry) => entry.includes(file.path))
|
|
expect(
|
|
matchingEntry?.toLowerCase().includes(file.requiredCodeOwner.toLowerCase()),
|
|
`Code owner for ${file.name} expected to be @${file.requiredCodeOwner.replaceAll(
|
|
'@',
|
|
''
|
|
)}`
|
|
).toBeTruthy()
|
|
}
|
|
})
|
|
}
|
|
})
|