Merge pull request #30 from zkoppert/configurable_delay

Get timedelta delay from config instead of hardcode 24hrs

Author: zkoppert

.env-example

@@ -1,4 +1,5 @@
 GH_ACTOR=' '
 GH_TOKEN=' '
 ORGANIZATION=' '
-PR_BODY=' '
+PR_BODY=' '
+HOURS_DELAY='24'

.github/dependabot.yml

@@ -3,6 +3,8 @@
 # Please see the documentation for all configuration options:
 # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 
+---
+
 version: 2
 updates:
   - package-ecosystem: "pip"

.github/linters/.hadolint.yaml

@@ -1,2 +1,3 @@
+---
 ignored:
-  - DL3008
+  - DL3008

.github/workflows/codeql-analysis.yml

@@ -1,22 +1,12 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
+---
 name: "CodeQL"
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ main ]
+    branches: [main]
   schedule:
     - cron: '39 14 * * 0'
 
@@ -32,40 +22,19 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'python' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+        language: ['python']
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
+      - name: Checkout repository
+        uses: actions/checkout@v2
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.github/workflows/docker-image.yml

@@ -1,10 +1,11 @@
+---
 name: Docker Image CI
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 jobs:
 
@@ -13,6 +14,6 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Build the Docker image
-      run: docker build . --file Dockerfile --tag enforcer:"$(date +%s)"
+      - uses: actions/checkout@v2
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile --tag enforcer:"$(date +%s)"

.github/workflows/linter.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches: [main]
   pull_request:
-    branches-ignore: []
+    branches-ignore: [ ]
 
 ###############
 # Set the Job #

.github/workflows/release-drafter.yml

@@ -1,3 +1,4 @@
+---
 name: Release Drafter
 
 on:

README.md

@@ -34,9 +34,14 @@ jobs:
         GH_TOKEN: ${{ secrets.GH_TOKEN }}
         ORGANIZATION: ${{ secrets.ORGANIZATION }}
         PR_BODY: your text goes here
+        HOURS_DELAY: 24
 ```
 - Be sure to fill out the `env` values above with your information. More info on creating secrets can be found [here](https://docs.github.com/en/actions/security-guides/encrypted-secrets).
-- Your GitHub token will need to have read/write access to all the repositories in the organization
+- Your GitHub token will need to have read/write access to all the repositories in the organization as well as the workflow permission
+- You must include the `HOURS_DELAY` value and set it to a valid `int` in order to set what date the action is looking for new repositories on.
+  This being configurable allows users to give more time for repositories to contain code by increasing the delay.
+  The default 24 will make the action check for repos created on the previous day to see if they have code scanning enabled.
+  Changing the value to 72, will make the action check for repositories created 3 days ago.
 
 ## How it does this
 - A CRON job on GitHub actions triggers a nightly run of this script
@@ -46,6 +51,16 @@ jobs:
 ## Contributions
 We would :heart: contributions to improve this action. Please see [CONTRIBUTING.md](./CONTRIBUTING.md) for how to get involved.
 
+## Debugging in GitHub Actions
+- Add the following lines to the workflow .yaml file
+  ```yaml
+    env:
+      ACTIONS_RUNNER_DEBUG: true
+      ACTIONS_STEP_DEBUG: true
+  ```
+- That will enable debug printing to the action log so that you can see detailed information if issues arise.
+- Setting the `HOURS_DELAY: 0` is helpful so that you can create a repository in an org and not wait to test the action against it
+
 ## Instructions to run locally
 - Clone the repository
 - Create a personal access token with repository permissions and workflow permissions

action.yml

@@ -1,7 +1,8 @@
 ---
 name: 'Advanced-Security-Enforcer'
 author: 'zkoppert'
-description: 'A GitHub Action to check for new repositories and open pull requests in the new repositories for code scanning.'
+description: 'A GitHub Action to check for new repositories and open pull
+  requests in the new repositories for code scanning.'
 runs:
   using: 'docker'
   image: 'docker://ghcr.io/zkoppert/advanced-security-enforcer:v1'

codeql.yml

@@ -1,11 +1,12 @@
+---
 name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [master]
   schedule:
     - cron: '27 2 * * 1'
 
@@ -15,32 +16,38 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      # If you wish to specify custom queries, you can do so here or in a config file.
-      # By default, queries listed here will override any specified in a config file.
-      # Prefix the list here with "+" to use these queries and those in the config file.
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+      # If you wish to specify custom queries,
+      # you can do so here or in a config file.
+      # By default, queries listed here will
+      # override any specified in a config file.
+      # Prefix the list here with "+" to use
+      # these queries and those in the config file.
       # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      # Autobuild attempts to build any compiled
+      # languages  (C/C++, C#, or Java).
+      # If this step fails,
+      # then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
 
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      # ✏️ If the Autobuild fails above,
+      # remove it and uncomment the following three lines
+      # and modify them (or add more) to build your code
+      # if your project uses a compiled language
 
-    #- run: |
-    #   make bootstrap
-    #   make release
+      #- run: |
+      #   make bootstrap
+      #   make release
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1