Merge pull request #772 from snyk/feat/add-accept-custom-pr-template-…

…flag

feat: add accept flag for custom pr templates

defaultFilters/customPrTemplates/azure-repos.json

@@ -0,0 +1,17 @@
+[
+  {
+    "//": "get file content. restrict by file types",
+    "method": "GET",
+    "path": "/:owner/_apis/git/repositories/:repo/items",
+    "origin": "https://${AZURE_REPOS_HOST}/${AZURE_REPOS_ORG}",
+    "valid": [
+      {
+        "queryParam": "path",
+        "values": [
+          "**/.azuredevops/snyk_pull_request_template.yaml",
+          "**%2F.azuredevops%2Fsnyk_pull_request_template.yaml"
+        ]
+      }
+    ]
+  }
+]

defaultFilters/customPrTemplates/bitbucket-server-bearer-auth.json

@@ -0,0 +1,22 @@
+[
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/projects/:project/repos/:repo/browse*/snyk_pull_request_template.yaml",
+    "origin": "https://${BITBUCKET_API}",
+    "auth": {
+        "scheme": "bearer",
+        "token": "${BITBUCKET_PAT}"
+      }
+  },
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/projects/:project/repos/:repo/browse*%2Fsnyk_pull_request_template.yaml",
+    "origin": "https://${BITBUCKET_API}",
+    "auth": {
+        "scheme": "bearer",
+        "token": "${BITBUCKET_PAT}"
+      }
+  }
+]

defaultFilters/customPrTemplates/bitbucket-server.json

@@ -0,0 +1,24 @@
+[
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/projects/:project/repos/:repo/browse*/snyk_pull_request_template.yaml",
+    "origin": "https://${BITBUCKET_API}",
+    "auth": {
+      "scheme": "basic",
+      "username": "${BITBUCKET_USERNAME}",
+      "password": "${BITBUCKET_PASSWORD}"
+    }
+  },
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/projects/:project/repos/:repo/browse*%2Fsnyk_pull_request_template.yaml",
+    "origin": "https://${BITBUCKET_API}",
+    "auth": {
+      "scheme": "basic",
+      "username": "${BITBUCKET_USERNAME}",
+      "password": "${BITBUCKET_PASSWORD}"
+    }
+  }
+]

defaultFilters/customPrTemplates/github-enterprise.json

@@ -0,0 +1,14 @@
+[
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/repos/:name/:repo/contents/.github/snyk_pull_request_template.yaml",
+    "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}"
+  },
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/repos/:name/:repo/contents/.github%2Fsnyk_pull_request_template.yaml",
+    "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}"
+  }
+]

defaultFilters/customPrTemplates/github.json

@@ -0,0 +1,14 @@
+[
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/repos/:name/:repo/contents/.github/snyk_pull_request_template.yaml",
+    "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}"
+  },
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/repos/:name/:repo/contents/.github%2Fsnyk_pull_request_template.yaml",
+    "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}"
+  }
+]

defaultFilters/customPrTemplates/gitlab.json

@@ -0,0 +1,29 @@
+[
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/api/v4/projects/:project/repository/files*/snyk_pull_request_template.yaml",
+    "origin": "https://${GITLAB}"
+  },
+  {
+    "//": "used to get custom pull request template",
+    "method": "GET",
+    "path": "/api/v4/projects/:project/repository/files*%2Fsnyk_pull_request_template.yaml",
+    "origin": "https://${GITLAB}"
+  },
+  {
+    "//": "used to determine the full dependency tree for v3 protocol",
+    "method": "GET",
+    "path": "/api/v3/projects/:project/repository/files",
+    "origin": "https://${GITLAB}",
+    "valid": [
+      {
+        "queryParam": "file_path",
+        "values": [
+          "**/.config/snyk_pull_request_template.yaml",
+          "**%2F.config%2Fsnyk_pull_request_template.yaml"
+        ]
+      }
+    ]
+  }
+]

lib/common/filter/filter-rules-loading.ts

@@ -249,6 +249,45 @@ function injectRulesAtRuntime(
       filters.private.push(...appRiskRules);
     }
   }
+
+  const ACCEPT_CUSTOM_PR_TEMPLATES =
+    process.env.ACCEPT_CUSTOM_PR_TEMPLATES || config.ACCEPT_CUSTOM_PR_TEMPLATES;
+  if (ACCEPT_CUSTOM_PR_TEMPLATES) {
+    logger.debug(
+      { accept: ACCEPT_CUSTOM_PR_TEMPLATES },
+      `Injecting Accept rules for Custom PR Templates`,
+    );
+    const type =
+      ruleType ??
+      config.supportedBrokerTypes.find(
+        (type) =>
+          config[
+            camelcase(`BROKER_DOWNSTREAM_TYPE_${type.toLocaleUpperCase()}`)
+          ] == 'true',
+      );
+    if (
+      type &&
+      fs.existsSync(`defaultFilters/customPrTemplates/${type}.json`)
+    ) {
+      logger.info(
+        { accept: ACCEPT_CUSTOM_PR_TEMPLATES },
+        `Injecting additional ${type} Accept rules for Custom PR Templates`,
+      );
+      const customPRTemplatesRules = require(path.join(
+        findProjectRoot(__dirname) ?? process.cwd(),
+        `defaultFilters/customPrTemplates/${type}.json`,
+      )) as Rule[];
+      // rm entry from filters.private if matching uri in appRiskRules which takes precedence
+      const customPRTemplatesRulesPathPattern = customPRTemplatesRules.map(
+        (x) => x.path,
+      );
+      filters.private = filters.private.filter(
+        (x) => !customPRTemplatesRulesPathPattern.includes(x.path),
+      );
+      filters.private.push(...customPRTemplatesRules);
+    }
+  }
+
   return filters;
 }