Merge 4afa7c4 into 8dc9621

cisagov · Oct 14, 2021 · 9eb6e9c · 9eb6e9c
2 parents 8dc9621 + 4afa7c4
commit 9eb6e9c
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ Lineage is configured using `.github/lineage.yml` in a repository.  Each
 upstream repository is listed in the `lineage` section.
 
 | Key | Description | Required |
-|-----|-------------|----------|
+|-----|-------------|:--------:|
 | local-branch | The branch that will receive new changes. | No |
 | remote-url   | The `https` URL of the upstream repository. | Yes |
 | remote-branch | The branch in the upstream repository. | No |
@@ -38,7 +38,27 @@ lineage:
     remote-url: https://github.com/felddy/extra-skel-sauce.git
 ```
 
-## Sample GitHub Actions workflow ##
+## Usage ##
+
+### Inputs ###
+
+| Name | Description | Interpreted Type | Default | Required |
+|------|-------------|------------------|---------|:--------:|
+| access_token | GitHub personal access token (see [GitHub's documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)). | `string` | n/a | yes |
+| mask_non_public_repos | Whether to mask the names of non-public (`private` and `internal`) repositories in the GitHub Actions logs. | [`boolean`](https://yaml.org/spec/1.2.2/#1032-tag-resolution) | `true` | no |
+| include_non_public_repos | Whether to process non-public (`private` and `internal`) repositories. | [`boolean`](https://yaml.org/spec/1.2.2/#1032-tag-resolution) | `false` | no |
+| repo_query | GitHub search query to use when finding repositories for which to create pull requests (e.g. \"org:cisagov archived:false\"). | `string` | n/a | yes |
+
+### Outputs ###
+
+None.
+<!--
+| Name | Description | Output Type |
+|------|-------------|-------------|
+| output_name | The output's description. | `output_type` |
+-->
+
+### Sample GitHub Actions workflow ###
 
 The Lineage action requires a personal access token so that it may open pull
 requests.  For public repositories this token must have the `public_repo`

diff --git a/action.yml b/action.yml
@@ -10,8 +10,19 @@ inputs:
   access_token:
     description: "GitHub personal access token."
     required: true
+  mask_non_public_repos:
+    default: true
+    description: "Whether to mask the names of non-public (`private` and
+      `internal`) repositories in the GitHub Actions logs."
+    required: false
+  include_non_public_repos:
+    default: false
+    description: "Whether to process non-public (`private` and `internal`)
+      repositories."
+    required: false
   repo_query:
-    description: "GitHub search query to find repositories for pull requests."
+    description: "GitHub search query to use when finding repositories for
+      which to create pull requests (e.g. \"org:cisagov archived:false\")."
     required: true
 runs:
   using: "docker"

diff --git a/src/lineage/entrypoint.py b/src/lineage/entrypoint.py
@@ -269,14 +269,19 @@ def get_code_owners(repo: Repository.Repository) -> Generator[str, None, None]:
 
 def main() -> None:
     """Parse environment and perform requested actions."""
-    # Set up logging
-    logging.basicConfig(format="%(levelname)s %(message)s", level="INFO")
+    # Set up logging. Force logging output to stdout to allow for GitHub Actions
+    # commands to interact with output.
+    logging.basicConfig(
+        format="%(levelname)s %(message)s", level=logging.INFO, stream=sys.stdout
+    )
 
     # Get inputs from the environment
     access_token: Optional[str] = core.get_input("access_token")
     github_actor: Optional[str] = os.environ.get("GITHUB_ACTOR")
     github_workspace_dir: Optional[str] = os.environ.get("GITHUB_WORKSPACE")
+    mask_non_public: bool = core.get_boolean_input("mask_non_public_repos")
     repo_query: Optional[str] = core.get_input("repo_query")
+    include_non_public: bool = core.get_boolean_input("include_non_public_repos")
 
     # sanity checks
     if access_token is None:
@@ -318,6 +323,13 @@ def main() -> None:
 
     repos = get_repo_list(g, repo_query)
     for repo in repos:
+        # Extra controls if the repo is private
+        if repo.private:
+            if not include_non_public:
+                continue
+            # Ensure that non-public repo names do not show up in the logs
+            if mask_non_public:
+                core.set_secret(repo.full_name)
         logging.info(f"Checking: {repo.full_name}")
         config = get_config(repo)
         if not config: