Merge pull request #30 from cisagov/improvement/handle_non-public_repos

Provide configuration to handle non-public repositories
cisagov · Feb 2, 2022 · f5c4906 · f5c4906
2 parents 2ca9e2f + 5ec55b1
commit f5c4906
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/action.yml b/action.yml
@@ -19,6 +19,16 @@ inputs:
     description: "repository_dispatch event type to send."
     required: false
     default: "apb"
+  include_non_public_repos:
+    default: false
+    description: "Whether to process non-public (`private` and `internal`)
+      repositories."
+    required: false
+  mask_non_public_repos:
+    default: true
+    description: "Whether to mask the names of non-public (`private` and
+      `internal`) repositories in the GitHub Actions logs."
+    required: false
   max_rebuilds:
     description: "Limit the number of rebuilds that will be triggered."
     required: false

diff --git a/src/apb/entrypoint.py b/src/apb/entrypoint.py
@@ -69,13 +69,17 @@ def get_last_run(workflow: Workflow.Workflow, target_branch: str) -> Optional[da
 def main() -> None:
     """Parse evironment and perform requested actions."""
     # Set up logging
-    logging.basicConfig(format="%(levelname)s %(message)s", level="INFO")
+    logging.basicConfig(
+        format="%(levelname)s %(message)s", level=logging.INFO, stream=sys.stdout
+    )
 
     # Get inputs from the environment
     access_token: Optional[str] = os.environ.get("INPUT_ACCESS_TOKEN")
     build_age: Optional[str] = os.environ.get("INPUT_BUILD_AGE")
     event_type: Optional[str] = os.environ.get("INPUT_EVENT_TYPE")
     github_workspace_dir: Optional[str] = os.environ.get("GITHUB_WORKSPACE")
+    include_non_public: bool = core.get_boolean_input("include_non_public_repos")
+    mask_non_public: bool = core.get_boolean_input("mask_non_public_repos")
     max_rebuilds: int = int(os.environ.get("INPUT_MAX_REBUILDS", 10))
     repo_query: Optional[str] = os.environ.get("INPUT_REPO_QUERY")
     workflow_id: Optional[str] = os.environ.get("INPUT_WORKFLOW_ID")
@@ -144,6 +148,13 @@ def main() -> None:
     }
     repos_sent_events = []
     for repo in repos:
+        # Extra controls if the repo is non-public
+        if repo.private:
+            if not include_non_public:
+                continue
+            # Ensure that non-public repo names do not show up in the logs
+            if mask_non_public:
+                core.set_secret(repo.full_name)
         core.start_group(repo.full_name)
         repo_status: dict = dict()
         all_repo_status["repositories"][repo.full_name] = repo_status