Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gagliardetto/lgtm-cli
*Unofficial* lgtm.com CLI — Use at your own risk. Also don't add more than 3K projects to "My projects" list.
https://github.com/gagliardetto/lgtm-cli
Last synced: about 2 months ago
JSON representation
*Unofficial* lgtm.com CLI — Use at your own risk. Also don't add more than 3K projects to "My projects" list.
- Host: GitHub
- URL: https://github.com/gagliardetto/lgtm-cli
- Owner: gagliardetto
- License: mit
- Created: 2020-03-27T17:25:35.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2022-02-21T14:07:39.000Z (almost 3 years ago)
- Last Synced: 2024-10-12T01:30:54.767Z (3 months ago)
- Language: Go
- Homepage:
- Size: 497 KB
- Stars: 13
- Watchers: 3
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## Install
```bash
(cd && GO111MODULE=on go get github.com/gagliardetto/lgtm-cli)
cd $GOPATH/src/github.com/gagliardetto/lgtm-cli
make install
export LGTM_CLI_CONFIG=/path/to/lgtm.com_credentials.json # see example below
```
or
```bash
cd $(mktemp -d)
git clone https://github.com/gagliardetto/lgtm-cli.git
cd lgtm-cli
make install
export LGTM_CLI_CONFIG=/path/to/lgtm.com_credentials.json # see example below
```
## Example `lgtm.com_credentials.json`
```json
{
"api_version": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"session": {
"nonce": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"long_session": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"short_session": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
},
"github": {
"token": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
}
}
```
You can intercept the lgtm.com session values from Chrome WebDev tools (and similar) after you've logged into lgtm.com (see below for tutorial).
As for the GitHub token, one with **zero** permissions is advised (i.e. all scope checkboxes **non-selected**). You can create a new token here: https://github.com/settings/tokens/new
## [Chrome] Where to find the lgtm.com API credentials
1. Got to https://lgtm.com/ and signup/login.
2. After you're logged in, open the Chrome DevTools > `Network` tab:
3. Reload lgtm.com.
4. Set filter to `XHR`:
5. Click on an API request:
6. Go to the `Headers` tab and scroll to the `Request Headers` section:
7. Copy the values into your `lgtm.com_credentials.json` file:
- You can find the `api_version` in highlighted point `2` in the above image.
- You can find the `session.nonce` in highlighted point `5` in the above image.
- You can find the `session.long_session` in highlighted point `4` in the above image.
- You can find the `session.short_session` in highlighted point `3` in the above image.
**NOTES**
- The `api_version` is a value that changes from time to time.
- If you get a `... resp.error="bad request"; resp.message="api_mismatch"`, it means it's time to go look for the new `api_version` value from lgtm.com.
---
## LGTM-CLI usage
For the complete docs about all the commands: `lgtm help`; or for a specific command: `lgtm help `
### Unfollow all followed projects
```bash
lgtm unfollow-all
```
### List all followed projects
```bash
lgtm followed
```
### Follow one or more projects
```bash
lgtm follow github/codeql-go kubernetes/kubernetes
```
### Follow one or more projects from file
```bash
lgtm follow \
-f=projects.txt
```
### Follow all projects of a specific owner
```bash
lgtm follow github
```
### Follow all projects of a specific language (experimental)
```bash
lgtm follow-by-lang --limit=101 python
```
### Follow all projects from a specific search query on repository metadata
Results are limited (by the GitHub API) to the first 1K items.
Follow GitHub repositories that match your provided **repository search query**.
For query syntax, see : https://docs.github.com/en/free-pro-team@latest/github/searching-for-information-on-github/searching-for-repositories
**NOTE:** lgtm.com does not support fork scanning, so to get more relevant repositories, it's always advised to include `fork:false` in your search query.
```bash
lgtm follow-by-meta-search --limit=101 'jquery "hello world" in:name,description language:javascript fork:false'
```
### Follow all projects from a specific code search query
Results are limited (by the GitHub API) to the first 1K items.
Follow GitHub repositories that match your provided **code search query**.
For query syntax, see: https://docs.github.com/en/free-pro-team@latest/github/searching-for-information-on-github/searching-code
```bash
lgtm follow-by-code-search --limit=101 'from flask import Flask language:python filename:"__init__.py"'
```
### Follow Go projects that import a specific Go package
Example 1: follow repositories that import the `html/template` package.
```bash
lgtm follow-by-go-imported-by "html/template"
```
Example 2: follow repositories that import the `golang.org/x/oauth2` package.
```bash
lgtm follow-by-go-imported-by "golang.org/x/oauth2"
```
### Follow repositories that depend on a specific repository/package (GitHub Dependency Network)
Follow repositories that depend on a given repo; this info is obtained from the [GitHub Dependency Network](https://docs.github.com/en/github/visualizing-repository-data-with-graphs/about-the-dependency-graph).
See the [official docs](https://docs.github.com/en/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems) to find out what ecosystems are supported (js, python, ruby, php, etc.)
Example 1: get info about dependents of `eslint/eslint` (will only print a summary):
```bash
lgtm follow-by-depnet --info "eslint/eslint"
```
Example 2: follow all repositories that depend on `eslint/eslint`.
```bash
lgtm follow-by-depnet "eslint/eslint"
```
Example 3: follow the first 100 repositories that depend on `eslint/eslint`.
```bash
lgtm follow-by-depnet --limit=100 "eslint/eslint"
```
Example 4: follow the first 100 packages that depend on `eslint/eslint`.
```bash
lgtm follow-by-depnet --type=PACKAGE --limit=100 "eslint/eslint"
```
Example 5: follow the first 100 repositories that depend on `eslint/eslint`, more specifically on the `eslint-config-eslint` package.
```bash
lgtm follow-by-depnet --limit=100 --sub="eslint-config-eslint" "eslint/eslint"
```
### List all lists
```bash
lgtm lists
```
### Create a new list
```bash
lgtm create-list "name_of_list"
```
### List projects in a list
```bash
lgtm list "name_of_list"
```
### Add one or more projects to a list
```bash
lgtm add-to-list \
github/codeql-go kubernetes/kubernetes \
--name="name_of_list"
```
### Add projects to a list from a file
```bash
lgtm add-to-list \
--name="name_of_list" \
-f=projects.txt
```
### Delete a list
```bash
lgtm delete-list "name_of_list"
```
**NOTE**: projects will NOT be unfollowed if they are followed.
### Unfollow one or more projects
Supports glob matching.
```bash
lgtm unfollow github/codeql-go "kubernetes/*" "foo/b*" "*/hello"
```
### Unfollow a list of projects from file
```bash
lgtm unfollow \
-f=projects.txt
```
### Unfollow all projects from a certain owner
Example: unfollow all projects from kubernetes owner.
```bash
lgtm unfollow kubernetes
```
### Rebuild followed projects for a specific language
```bash
lgtm --wait=30s rebuild --lang=go
```
Default: rebuild ONLY projects that don't have a build for that language, yet.
### Trigger a build attempt for proto-projects
```bash
lgtm --wait=5s rebuild-proto
```
or to not be prompted for confirmation for each item:
```bash
lgtm --wait=5s rebuild-proto --force
```
### Run a query on a specific "project list"
By list **name** (can specify multiple):
```bash
lgtm query \
--list="foo" \
--list="bar" \
-lang=go \
-q=/path/to/query.ql
```
or by list **key** (can specify multiple):
```bash
lgtm query \
--list-key=0123456789 \
--list-key=0987654321 \
-lang=go \
-q=/path/to/query.ql
```
### Run a query on one or more projects
```bash
lgtm query \
github/codeql-go kubernetes/kubernetes \
-lang=go \
-q=/path/to/query.ql
```
### Run a query on projects from a file
```bash
lgtm query \
-lang=go \
-f=projects.txt \
-q=/path/to/query.ql
```
---
## Experimental commands
### Get results from a query ID
```bash
lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX
```
#### Examples
##### Get projects name
```bash
lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX | jq -r '.[].Project.displayName'
```
##### List project URLs of projects that have at least one result in the query run
```bash
lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX --min-results=1 | jq -r ".[].Project.externalURL.url"
```
##### List project URLs of projects that have at least one alert in the query run
```bash
lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX --min-alerts=1 | jq -r ".[].Project.externalURL.url"
```
---
## Known errors
### Cannot get list of followed projects
Multiple commands do some checks and optimizzations that rely on getting the list of followed projects.
When you follow many projects (a few thousands, probably about 5K or more), the lgtm.com API endpoint that lists followed projects does timeout.
To overcome that, you can use the `--ignore-followed-errors` flag to use alternative methods to complete the command.
Example:
```bash
lgtm --ignore-followed-errors unfollow kubernetes/kubernetes
```
This of course won't work for commands like `lgtm followed` or `lgtm unfollow-all`.
---
## Legal
The author and contributors of this script assume no liability for your use of this project, including, but not limited legal repercussions or being banned from LGTM.com. Please consult the LGTM.com terms of service for more information.
LGTM/LGTM.com is a trademark of Semmle / GitHub. The use of the LGTM trademark and name on this page shall not imply any affiliation with or endorsement by Semmle / GitHub.
## Credits
`Legal` section of this readme: https://github.com/JLLeitschuh/lgtm_hack_scripts#legal