Add a YQ modifier as a pull request action #4815
Assignees
Comments
jhrozek
changed the title
jhrozek
added a commit
to jhrozek/minder
that referenced
this issue
Oct 27, 2024
In order to be able to change YAML files such as github workflows safely and with minimal amount of changes, we need to add a new remediation function in addition to the put-a-content-somewhere and call-frizbee ones we have now. I chose to add one based on `libyq` which does a decent job at retaining comments and general YAML structure. Fixes: mindersec#4815
10 tasks
jhrozek
added a commit
to jhrozek/minder
that referenced
this issue
Oct 27, 2024
In order to be able to change YAML files such as github workflows safely and with minimal amount of changes, we need to add a new remediation function in addition to the put-a-content-somewhere and call-frizbee ones we have now. I chose to add one based on `libyq` which does a decent job at retaining comments and general YAML structure. Fixes: mindersec#4815
jhrozek
added a commit
to jhrozek/minder
that referenced
this issue
Oct 28, 2024
In order to be able to change YAML files such as github workflows safely and with minimal amount of changes, we need to add a new remediation function in addition to the put-a-content-somewhere and call-frizbee ones we have now. I chose to add one based on `libyq` which does a decent job at retaining comments and general YAML structure. Fixes: mindersec#4815
jhrozek
added a commit
that referenced
this issue
Oct 29, 2024
* Extend the PR evaluator with generic params The PR evaluator used to have typed params for every function we'd add - there's one for frizbee, one for the pull_request_content function etc. This is not great, as we tie the functions to our protobuf API and every new function requires a client release to be done or else the clients can't even add ruletypes with the new functions. Let's just use a generic `structpb.Struct` going forward. This time it is still a change that needs client support, but going forward we'll just have to change the server code to add a new function. * Add YQ-evaluating remediator In order to be able to change YAML files such as github workflows safely and with minimal amount of changes, we need to add a new remediation function in addition to the put-a-content-somewhere and call-frizbee ones we have now. I chose to add one based on `libyq` which does a decent job at retaining comments and general YAML structure. Fixes: #4815
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When remediating with a pull_request we currently support either pinning tags with the help of frizbee or adding a content from a template. This issue tracks adding another action that would run a YQ query on a configurable set of files.
The text was updated successfully, but these errors were encountered: