redhat-openshift-ecosystem · Allda · Jan 2, 2025 · Jan 2, 2025 · Jan 2, 2025 · BorekZnovustvoritel
diff --git a/local-dev/pip-audit-parse.py b/local-dev/pip-audit-parse.py
@@ -0,0 +1,74 @@
+#!/usr/bin/env python3
+import json
+import argparse
+from typing import Dict, Any
+
+from rich.table import Table
+from rich.console import Console
+
+
+def parse_vulnerabilities_json(data: Dict[str, Any]) -> bool:
+    """
+    Parses pip-audit json output, extracts fixable vulnerabilities
+    and pretty prints them.
+    """
+
+    vulnerable_packages = []
+    for package in data.get("dependencies", {}):
+        name = package.get("name")
+        vulnerabilities = package.get("vulns", [])
+        version = package.get("version")
+        if not vulnerabilities:
+            print(f"✅ {name} {version}")
+        else:
+            has_fixable_vulnerabilities = False
+            for vulnerability in vulnerabilities:
+                # filter out vulnerabilities that cannot be fixed
+                if fix := vulnerability.get("fix_versions", []) or None:
+                    vulnerable_packages.append(
+                        {
+                            "name": name,
+                            "version": version,
+                            "vulnerability": vulnerability.get("id"),
+                            "fix": fix,
+                        }
+                    )
+                    has_fixable_vulnerabilities = True
+            if has_fixable_vulnerabilities:
+                print(f"❌ {name} {version}")
+            else:
+                print(f"❗ {name} {version}")
+
+    if vulnerable_packages:
+        print("Vulnerable packages found:")
+        table = Table("Package", "Version", "Vulnerability", "Fixed version")
+        to_update = []
+        for package in vulnerable_packages:
+            table.add_row(
+                package["name"],
+                package["version"],
+                package["vulnerability"],
+                ",".join(package["fix"]),
+            )
+            to_update.append(package["name"])
+        console = Console()
+        console.print(table)
+        print(f"To fix, run:\npdm update {' '.join(to_update)}  --update-reuse")
+        return False
+    return True
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser(description="Process a JSON file.")
+    parser.add_argument("filename", help="The JSON file to process")
+
+    args = parser.parse_args()
+    with open(args.filename, "r") as file:
+        data = json.load(file)
+
+    if not parse_vulnerabilities_json(data):
+        exit(1)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/local-dev/pip-audit.sh b/local-dev/pip-audit.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+# remove any previous runs to ensure isolated run
+rm -f /tmp/audit-output.json
+# run pip-audit on dependencies, output to json file, mask any failures
+pip-audit -r /tmp/requirements.txt --format=json -o /tmp/audit-output.json || true
diff --git a/operator-pipeline-images/operatorcert/entrypoints/build_scratch_catalog.py b/operator-pipeline-images/operatorcert/entrypoints/build_scratch_catalog.py
@@ -53,7 +53,7 @@ def setup_argparser() -> argparse.ArgumentParser:
     return parser
 
 
-def generate_and_save_basic_template(  # pylint: disable=too-many-arguments
+def generate_and_save_basic_template(  # pylint: disable=too-many-arguments,too-many-positional-arguments
     template_path: str,
     package: str,
     default_channel: str,

diff --git a/operator-pipeline-images/operatorcert/entrypoints/check_permissions.py b/operator-pipeline-images/operatorcert/entrypoints/check_permissions.py
@@ -67,7 +67,7 @@ class OperatorReview:
     A class represents a pull request review and permissions check
     """
 
-    def __init__(  # pylint: disable=too-many-arguments
+    def __init__(  # pylint: disable=too-many-arguments,too-many-positional-arguments
         self,
         operator: Operator,
         pr_owner: str,
@@ -143,9 +143,14 @@ def reviewers(self) -> list[str]:
         Operator reviewers from the operator config file
 
         Returns:
-            list[str]: A list of github users who are reviewers for the operator
+            list[str]: A list of github users who are reviewers for the
+            operator in lowercase format
         """
-        return self.base_repo_operator_config.get("reviewers") or []
+        reviewers = self.base_repo_operator_config.get("reviewers") or []
+
+        # Github supports case-insensitive usernames - convert all usernames to lowercase
+        # to avoid issues with case sensitivity
+        return [user.lower() for user in reviewers]
 
     @property
     def maintainers(self) -> list[str]:
@@ -300,7 +305,7 @@ def check_permission_for_community(self) -> bool:
                 "or is brand new."
             )
 
-        if self.pr_owner in self.reviewers:
+        if self.pr_owner.lower() in self.reviewers:
             LOGGER.info(
                 "Pull request owner %s can submit PR for operator %s",
                 self.pr_owner,

diff --git a/operator-pipeline-images/operatorcert/entrypoints/github_pr.py b/operator-pipeline-images/operatorcert/entrypoints/github_pr.py
@@ -69,7 +69,7 @@ def setup_argparser() -> Any:  # pragma: no cover
     return parser
 
 
-def open_pr(  # pylint: disable=too-many-arguments
+def open_pr(  # pylint: disable=too-many-arguments,too-many-positional-arguments
     github_api_url: str,
     repo_name: str,
     head: str,

diff --git a/operator-pipeline-images/operatorcert/entrypoints/static_tests.py b/operator-pipeline-images/operatorcert/entrypoints/static_tests.py
@@ -54,7 +54,7 @@ def setup_argparser() -> argparse.ArgumentParser:
     return parser
 
 
-def execute_checks(  # pylint: disable=too-many-arguments
+def execute_checks(  # pylint: disable=too-many-arguments,too-many-positional-arguments
     repo_path: str,
     operator_name: str,
     bundle_version: str,

diff --git a/operator-pipeline-images/operatorcert/github.py b/operator-pipeline-images/operatorcert/github.py
@@ -274,7 +274,7 @@ def add_or_remove_labels(  # pylint: disable=too-many-locals
     remove_labels_from_pull_request(pull_request, labels_to_remove)
 
 
-def open_pull_request(  # pylint: disable=too-many-arguments
+def open_pull_request(  # pylint: disable=too-many-arguments,too-many-positional-arguments
     github_client: Github,
     repository_name: str,
     title: str,

diff --git a/operator-pipeline-images/operatorcert/parsed_file.py b/operator-pipeline-images/operatorcert/parsed_file.py
@@ -151,7 +151,7 @@ class ParserResults:
     Data class to store the results of the detect_changes function
     """
 
-    def __init__(  # pylint: disable=too-many-arguments
+    def __init__(  # pylint: disable=too-many-arguments,too-many-positional-arguments
         self,
         affected_operators: AffectedOperatorCollection,
         affected_bundles: AffectedBundleCollection,

diff --git a/operator-pipeline-images/operatorcert/umb.py b/operator-pipeline-images/operatorcert/umb.py
@@ -18,7 +18,7 @@ class UmbClient:
     A UMB client for sending and receiving messages from the UMB.
     """
 
-    def __init__(  # pylint: disable=too-many-arguments
+    def __init__(  # pylint: disable=too-many-arguments,too-many-positional-arguments
         self,
         hostnames: List[tuple[str, int]],
         cert_file: str,

diff --git a/operator-pipeline-images/tests/entrypoints/test_check_permissions.py b/operator-pipeline-images/tests/entrypoints/test_check_permissions.py
@@ -46,7 +46,7 @@ def review_community(tmp_path: Path) -> check_permissions.OperatorReview:
             "0.0.1",
             other_files={
                 "operators/test-operator/ci.yaml": {
-                    "reviewers": ["user1", "user2"],
+                    "reviewers": ["User1", "user2"],
                 },
                 "config.yaml": {"maintainers": ["maintainer1", "maintainer2"]},
             },