{"id":15048231,"url":"https://github.com/github/entitlements-gitrepo-auditor-plugin","last_synced_at":"2025-05-10T20:02:10.648Z","repository":{"id":37503359,"uuid":"500912674","full_name":"github/entitlements-gitrepo-auditor-plugin","owner":"github","description":"Entitlements plugin for a robust audit log","archived":false,"fork":false,"pushed_at":"2025-05-05T12:40:19.000Z","size":28291,"stargazers_count":21,"open_issues_count":1,"forks_count":2,"subscribers_count":43,"default_branch":"main","last_synced_at":"2025-05-10T20:02:06.524Z","etag":null,"topics":["audit","entitlements","iam","security"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/github.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-06-07T16:08:58.000Z","updated_at":"2025-04-28T15:04:54.000Z","dependencies_parsed_at":"2024-02-28T23:45:24.805Z","dependency_job_id":"ed4c37f7-1b87-4808-94c8-c8fe6d2d83ad","html_url":"https://github.com/github/entitlements-gitrepo-auditor-plugin","commit_stats":{"total_commits":55,"total_committers":7,"mean_commits":7.857142857142857,"dds":0.5454545454545454,"last_synced_commit":"6a5dc8c6ecc9244b81fe303d9afdc9736ba8d9e1"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fentitlements-gitrepo-auditor-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fentitlements-gitrepo-auditor-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fentitlements-gitrepo-auditor-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fentitlements-gitrepo-auditor-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github","download_url":"https://codeload.github.com/github/entitlements-gitrepo-auditor-plugin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253474187,"owners_count":21914227,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","entitlements","iam","security"],"created_at":"2024-09-24T21:09:37.361Z","updated_at":"2025-05-10T20:02:10.570Z","avatar_url":"https://github.com/github.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# entitlements-gitrepo-auditor-plugin\n\n[![acceptance](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/acceptance.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/acceptance.yml) [![test](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/test.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/test.yml) [![lint](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/lint.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/lint.yml) [![build](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/build.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/build.yml) [![release](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/gem.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/gem.yml) [![codeql](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/codeql-analysis.yml) [![coverage](https://img.shields.io/badge/coverage-100%25-success)](https://img.shields.io/badge/coverage-100%25-success) [![style](https://img.shields.io/badge/code%20style-rubocop--github-blue)](https://github.com/github/rubocop-github)\n\n`entitlements-gitrepo-auditor-plugin` is an [entitlements-app](https://github.com/github/entitlements-app) plugin allowing further auditing capabilities in entitlements by writing each deploy log to a separate GitHub repo.\n\n## Usage\n\nYour `entitlements-app` config `config/entitlements.yaml` runs through ERB interpretation automatically. You can extend your entitlements configuration to load plugins like so:\n\n```ruby\n\u003c%-\n unless ENV['CI_MODE']\n begin\n require_relative \"/data/entitlements/lib/entitlements-and-plugins\"\n rescue Exception\n begin\n require_relative \"lib/entitlements-and-plugins\"\n rescue Exception\n # We might not have the plugins installed and still want this file to be\n # loaded. Don't raise anything but silently fail.\n end\n end\n end\n-%\u003e\n```\n\nYou can then define `lib/entitlements-and-plugins` like so:\n\n```ruby\n#!/usr/bin/env ruby\n# frozen_string_literal: true\n\nENV[\"BUNDLE_GEMFILE\"] = File.expand_path(\"../../Gemfile\", File.dirname(__FILE__))\nrequire \"bundler/setup\"\nrequire \"entitlements\"\n\n# require entitlements plugins here\nrequire \"entitlements/auditor/gitrepo\"\nrequire \"entitlements/util/gitrepo\"\n```\n\nAny plugins defined in `lib/entitlements-and-plugins` will be loaded and used at `entitlements-app` runtime.\n\n## Features\n\n### Git Repo Auditing\n\nYou can add automatic auditing to a separate GitRepo by enabling the following `entitlements.yaml` config:\n\n```ruby\n\u003c%-\n # NOTE: GITREPO_SSH_KEY must be base64 encoded.\n sshkey = ENV.fetch(\"GITREPO_SSH_KEY\")\n shipper = ENV.fetch(\"GIT_SHIPPER\", \"\u003cunknown person\u003e\")\n what = [\"entitlements\", ENV.fetch(\"GIT_BRANCH\", \"\u003cunknown branch\u003e\")].join(\"/\")\n sha = ENV.fetch(\"GIT_SHA1\", \"\u003cunknown sha\u003e\")\n url = \"https://github.com/github/entitlements-config/commit/#{sha}\"\n commit_message = \"#{shipper} deployed #{what} (#{url})\"\n-%\u003e\nauditors:\n - auditor_class: GitRepo\n checkout_directory: \u003c%= ENV[\"GITREPO_CHECKOUT_DIRECTORY\"] %\u003e\n commit_message: \u003c%= commit_message %\u003e\n git_name: GitRepoUser\n git_email: gitrepousers@users.noreply\n person_dn_format: uid=%KEY%,ou=People,dc=github,dc=net\n repo: github/entitlements-config-auditlog\n sshkey: '\u003c%= sshkey %\u003e'\n\u003c%- end -%\u003e\n```\n\nAt the end of each `entitlements-app` run, the `entitlements-gitrepo-auditor-plugin` will write a commit to the repo defined above with the details of the deployment.\n\n## Release 🚀\n\nTo release a new version of this Gem, do the following:\n\n1. Update the version number in the [`lib/version.rb`](lib/version.rb) file\n2. Run `bundle install` to update the `Gemfile.lock` file with the new version\n3. Commit your changes, push them to GitHub, and open a PR\n\nOnce your PR is approved and the changes are merged, a new release will be created automatically by the [`release.yml`](.github/workflows/gem.yml) workflow. The latest version of the Gem will be published to the GitHub Package Registry and RubyGems.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Fentitlements-gitrepo-auditor-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithub%2Fentitlements-gitrepo-auditor-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Fentitlements-gitrepo-auditor-plugin/lists"}