From c4570d0335291de3c587f088857d51b10f79f0a4 Mon Sep 17 00:00:00 2001 From: Octokit Bot Date: Thu, 2 May 2024 09:00:48 +0000 Subject: [PATCH 1/3] WIP: schema.graphql changed - please review --- schema.graphql | 84 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 83 insertions(+), 1 deletion(-) diff --git a/schema.graphql b/schema.graphql index 723153c53..915b156b6 100644 --- a/schema.graphql +++ b/schema.graphql @@ -4279,6 +4279,76 @@ type CodeOfConduct implements Node { url: URI } +""" +Choose which tools must provide code scanning results before the reference is +updated. When configured, code scanning must be enabled and have results for +both the commit and the reference being updated. +""" +type CodeScanningParameters { + """ + Tools that must provide code scanning results for this rule to pass. + """ + codeScanningTools: [CodeScanningTool!]! +} + +""" +Choose which tools must provide code scanning results before the reference is +updated. When configured, code scanning must be enabled and have results for +both the commit and the reference being updated. +""" +input CodeScanningParametersInput { + """ + Tools that must provide code scanning results for this rule to pass. + """ + codeScanningTools: [CodeScanningToolInput!]! +} + +""" +A tool that must provide code scanning results for this rule to pass. +""" +type CodeScanningTool { + """ + The severity level at which code scanning results that raise alerts block a + reference update. For more information on alert severity levels, see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." + """ + alertsThreshold: String! + + """ + The severity level at which code scanning results that raise security alerts + block a reference update. For more information on security severity levels, + see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." + """ + securityAlertsThreshold: String! + + """ + The name of a code scanning tool + """ + tool: String! +} + +""" +A tool that must provide code scanning results for this rule to pass. +""" +input CodeScanningToolInput { + """ + The severity level at which code scanning results that raise alerts block a + reference update. For more information on alert severity levels, see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." + """ + alertsThreshold: String! + + """ + The severity level at which code scanning results that raise security alerts + block a reference update. For more information on security severity levels, + see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." + """ + securityAlertsThreshold: String! + + """ + The name of a code scanning tool + """ + tool: String! +} + """ Collaborators affiliation level with a subject. """ @@ -46040,6 +46110,13 @@ enum RepositoryRuleType { """ BRANCH_NAME_PATTERN + """ + Choose which tools must provide code scanning results before the reference is + updated. When configured, code scanning must be enabled and have results for + both the commit and the reference being updated. + """ + CODE_SCANNING + """ Committer email pattern """ @@ -47796,7 +47873,7 @@ enum RuleEnforcement { """ Types which can be parameters for `RepositoryRule` objects. """ -union RuleParameters = BranchNamePatternParameters | CommitAuthorEmailPatternParameters | CommitMessagePatternParameters | CommitterEmailPatternParameters | FileExtensionRestrictionParameters | FilePathRestrictionParameters | MaxFilePathLengthParameters | MaxFileSizeParameters | PullRequestParameters | RequiredDeploymentsParameters | RequiredStatusChecksParameters | TagNamePatternParameters | UpdateParameters | WorkflowsParameters +union RuleParameters = BranchNamePatternParameters | CodeScanningParameters | CommitAuthorEmailPatternParameters | CommitMessagePatternParameters | CommitterEmailPatternParameters | FileExtensionRestrictionParameters | FilePathRestrictionParameters | MaxFilePathLengthParameters | MaxFileSizeParameters | PullRequestParameters | RequiredDeploymentsParameters | RequiredStatusChecksParameters | TagNamePatternParameters | UpdateParameters | WorkflowsParameters """ Specifies the parameters for a `RepositoryRule` object. Only one of the fields should be specified. @@ -47807,6 +47884,11 @@ input RuleParametersInput { """ branchNamePattern: BranchNamePatternParametersInput + """ + Parameters used for the `code_scanning` rule type + """ + codeScanning: CodeScanningParametersInput + """ Parameters used for the `commit_author_email_pattern` rule type """ From 79ec7396dab444fed404128723a1cd488f769cea Mon Sep 17 00:00:00 2001 From: Octokit Bot Date: Thu, 2 May 2024 09:00:51 +0000 Subject: [PATCH 2/3] build: schema.json and schema.d.ts updated --- schema.d.ts | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/schema.d.ts b/schema.d.ts index f5d64a156..43d38b54e 100644 --- a/schema.d.ts +++ b/schema.d.ts @@ -2238,6 +2238,62 @@ export type CodeOfConduct = Node & { url?: Maybe; }; +/** + * Choose which tools must provide code scanning results before the reference is + * updated. When configured, code scanning must be enabled and have results for + * both the commit and the reference being updated. + */ +export type CodeScanningParameters = { + __typename?: 'CodeScanningParameters'; + /** Tools that must provide code scanning results for this rule to pass. */ + codeScanningTools: Array; +}; + +/** + * Choose which tools must provide code scanning results before the reference is + * updated. When configured, code scanning must be enabled and have results for + * both the commit and the reference being updated. + */ +export type CodeScanningParametersInput = { + /** Tools that must provide code scanning results for this rule to pass. */ + codeScanningTools: Array; +}; + +/** A tool that must provide code scanning results for this rule to pass. */ +export type CodeScanningTool = { + __typename?: 'CodeScanningTool'; + /** + * The severity level at which code scanning results that raise alerts block a + * reference update. For more information on alert severity levels, see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." + */ + alertsThreshold: Scalars['String']['output']; + /** + * The severity level at which code scanning results that raise security alerts + * block a reference update. For more information on security severity levels, + * see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." + */ + securityAlertsThreshold: Scalars['String']['output']; + /** The name of a code scanning tool */ + tool: Scalars['String']['output']; +}; + +/** A tool that must provide code scanning results for this rule to pass. */ +export type CodeScanningToolInput = { + /** + * The severity level at which code scanning results that raise alerts block a + * reference update. For more information on alert severity levels, see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." + */ + alertsThreshold: Scalars['String']['input']; + /** + * The severity level at which code scanning results that raise security alerts + * block a reference update. For more information on security severity levels, + * see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." + */ + securityAlertsThreshold: Scalars['String']['input']; + /** The name of a code scanning tool */ + tool: Scalars['String']['input']; +}; + /** Collaborators affiliation level with a subject. */ export type CollaboratorAffiliation = /** All collaborators the authenticated user can see. */ @@ -22976,6 +23032,12 @@ export type RepositoryRuleType = | 'AUTHORIZATION' /** Branch name pattern */ | 'BRANCH_NAME_PATTERN' + /** + * Choose which tools must provide code scanning results before the reference is + * updated. When configured, code scanning must be enabled and have results for + * both the commit and the reference being updated. + */ + | 'CODE_SCANNING' /** Committer email pattern */ | 'COMMITTER_EMAIL_PATTERN' /** Commit author email pattern */ @@ -23874,12 +23936,14 @@ export type RuleEnforcement = | 'EVALUATE'; /** Types which can be parameters for `RepositoryRule` objects. */ -export type RuleParameters = BranchNamePatternParameters | CommitAuthorEmailPatternParameters | CommitMessagePatternParameters | CommitterEmailPatternParameters | FileExtensionRestrictionParameters | FilePathRestrictionParameters | MaxFilePathLengthParameters | MaxFileSizeParameters | PullRequestParameters | RequiredDeploymentsParameters | RequiredStatusChecksParameters | TagNamePatternParameters | UpdateParameters | WorkflowsParameters; +export type RuleParameters = BranchNamePatternParameters | CodeScanningParameters | CommitAuthorEmailPatternParameters | CommitMessagePatternParameters | CommitterEmailPatternParameters | FileExtensionRestrictionParameters | FilePathRestrictionParameters | MaxFilePathLengthParameters | MaxFileSizeParameters | PullRequestParameters | RequiredDeploymentsParameters | RequiredStatusChecksParameters | TagNamePatternParameters | UpdateParameters | WorkflowsParameters; /** Specifies the parameters for a `RepositoryRule` object. Only one of the fields should be specified. */ export type RuleParametersInput = { /** Parameters used for the `branch_name_pattern` rule type */ branchNamePattern?: InputMaybe; + /** Parameters used for the `code_scanning` rule type */ + codeScanning?: InputMaybe; /** Parameters used for the `commit_author_email_pattern` rule type */ commitAuthorEmailPattern?: InputMaybe; /** Parameters used for the `commit_message_pattern` rule type */ From 026944224f2b83cb7453974689521b4473c306e3 Mon Sep 17 00:00:00 2001 From: Gregor Martynus <39992+gr2m@users.noreply.github.com> Date: Thu, 2 May 2024 17:33:41 +0000 Subject: [PATCH 3/3] build: schema.json --- schema.json | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) diff --git a/schema.json b/schema.json index f37febd2b..96ddf2e4d 100644 --- a/schema.json +++ b/schema.json @@ -11157,6 +11157,186 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "OBJECT", + "name": "CodeScanningParameters", + "description": "Choose which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated.", + "fields": [ + { + "name": "codeScanningTools", + "description": "Tools that must provide code scanning results for this rule to pass.", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "OBJECT", + "name": "CodeScanningTool", + "ofType": null + } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "CodeScanningParametersInput", + "description": "Choose which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated.", + "fields": null, + "inputFields": [ + { + "name": "codeScanningTools", + "description": "Tools that must provide code scanning results for this rule to pass.", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "INPUT_OBJECT", + "name": "CodeScanningToolInput", + "ofType": null + } + } + } + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CodeScanningTool", + "description": "A tool that must provide code scanning results for this rule to pass.", + "fields": [ + { + "name": "alertsThreshold", + "description": "The severity level at which code scanning results that raise alerts block a reference update. For more information on alert severity levels, see \"[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "String", + "ofType": null + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "securityAlertsThreshold", + "description": "The severity level at which code scanning results that raise security alerts block a reference update. For more information on security severity levels, see \"[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "String", + "ofType": null + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "tool", + "description": "The name of a code scanning tool", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "String", + "ofType": null + } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "CodeScanningToolInput", + "description": "A tool that must provide code scanning results for this rule to pass.", + "fields": null, + "inputFields": [ + { + "name": "alertsThreshold", + "description": "The severity level at which code scanning results that raise alerts block a reference update. For more information on alert severity levels, see \"[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "String", + "ofType": null + } + }, + "defaultValue": null + }, + { + "name": "securityAlertsThreshold", + "description": "The severity level at which code scanning results that raise security alerts block a reference update. For more information on security severity levels, see \"[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "String", + "ofType": null + } + }, + "defaultValue": null + }, + { + "name": "tool", + "description": "The name of a code scanning tool", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "String", + "ofType": null + } + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "ENUM", "name": "CollaboratorAffiliation", @@ -120095,6 +120275,12 @@ "description": "Workflow files cannot be modified.", "isDeprecated": false, "deprecationReason": null + }, + { + "name": "CODE_SCANNING", + "description": "Choose which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated.", + "isDeprecated": false, + "deprecationReason": null } ], "possibleTypes": null @@ -124279,6 +124465,11 @@ "name": "BranchNamePatternParameters", "ofType": null }, + { + "kind": "OBJECT", + "name": "CodeScanningParameters", + "ofType": null + }, { "kind": "OBJECT", "name": "CommitAuthorEmailPatternParameters", @@ -124491,6 +124682,16 @@ "ofType": null }, "defaultValue": null + }, + { + "name": "codeScanning", + "description": "Parameters used for the `code_scanning` rule type", + "type": { + "kind": "INPUT_OBJECT", + "name": "CodeScanningParametersInput", + "ofType": null + }, + "defaultValue": null } ], "interfaces": null,