Note
This repository is a Proof of Concept.
Since this tool executes commands locally, we should avoid trusting public comments as much as possible.
It will default to scanning only private comments (regardless of the visibility group). It is possible to read from public comments if you understand the potential risk, this might cause to your systems.
The output of verification steps is also not uploaded as attachments by default because it is impossible to limit attachments' visibility, refer to JRASERVER-3893. It is possible to attach the output if you understand the potential risk, this might expose sensitive information.
Jira Issues Auto Verification.
This tool aims to provide an auto-verification framework for Jira issues.
Users provide a YAML-formatted comment in Jira issues, and the tool will execute it.
On successful execution, the issue will move to the desired status.
Example of a manifest:
---
jiav:
verified_status: "Done" # Status has to be present in the project workflow
verification_steps:
- name: Check line exists in file
backend: line
path: /path/to/file
line: hello_world
jiav
allows developers to build custom backends; refer to the documentation guide.
An example of a backends shipped externally:
- jiav-backend-ansible this is a risky backend since it allows users to run arbitrary code. Be cautious when enabling it.
- jiav-backend-command This is a risky backend since it allows users to run arbitrary code. Be cautious when enabling it.
jiav
requires Python >= 3.8
.
Personal Access Tokens (PATs) are supported >=8.14
Visit https://jiav.readthedocs.io.
If you do not have access to a Jira instance or wish to attempt this tool in an isolated environment, refer to demo.
Install from remote using pip3
:
pip3 install jiav
Install from remote using pipx
:
pipx install jiav
Clone the local repository:
git clone https://github.com/vkhitrin/jiav.git
cd jiav
Install using pip3
:
pip3 install .
Install using pipx
:
pipx install .
After installing this tool jiav
command is available.
There are several sub-commands available, to view them execute jiav
:
usage: jiav [-v | --version] [-d | --debug] <command> [<args>]
Global flags
-v --version prints version
-d --debug show debug
Available commands
verify Verifies issues
list-backends List available backends
validate-manifest Validate jiav manifest
Attempt to verify issues from a list of issues:
jiav --debug verify --jira='<JIRA_URL>' --access-token='<ACCESS_TOKEN>' --issue='<KEY-1>' --issue='<KEY-2>'
Attempt to verify issues from a JQL and output the result in JSON format:
jiav --debug verify --jira='<JIRA_URL>' --access-token='<ACCESS_TOKEN>' --query='issue = "KEY-1"' --format='json'
List installed backends:
jiav list-backends
Validate jiav
manifest from a file:
jiav —debug validate-manifest —from-file=/path/to/file
All contributions are welcome!
To install in development mode, use poetry
:
poetry install --with=main,dev
If proposing new pull requests, please ensure that new/existing tests are passing:
pytest