LiuFan
/
PrivacyScanData


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
							def comp_commit_file_and_create_fixpr(self, comp, files_to_patch):
        if len(files_to_patch) == 0:
            print('BD-Scan-Action: WARN: Unable to apply fix patch - cannot determine containing package file')
            return False

        new_branch_seed = '%030x' % random.randrange(16 ** 30)
        new_branch_name = f"synopsys-enablement-{new_branch_seed}"

        globals.printdebug(f"DEBUG: Get commit for head of {self.azure_build_source_branch}'")

        commits = self.azure_git_client.get_commits(self.azure_repo_id, None)
        head_commit = commits[0]

        globals.printdebug(f"DEBUG: Head commit={head_commit.commit_id}")

        globals.printdebug(f"DEBUG: Creating new ref 'refs/heads/{new_branch_name}'")
        self.azure_create_branch(head_commit.commit_id, new_branch_name)

        gitRefUpdate = GitRefUpdate()
        gitRefUpdate.name = f"refs/heads/{new_branch_name}"
        gitRefUpdate.old_object_id = head_commit.commit_id

        gitPush = GitPush()
        gitPush.commits = []
        gitPush.ref_updates = [gitRefUpdate]

        # for file_to_patch in globals.files_to_patch:
        for pkgfile in files_to_patch:
            globals.printdebug(f"DEBUG: Upload file '{pkgfile}'")
            try:
                with open(files_to_patch[pkgfile], 'r') as fp:
                    new_contents = fp.read()
            except Exception as exc:
                print(f"BD-Scan-Action: ERROR: Unable to open package file '{files_to_patch[pkgfile]}'"
                      f" - {str(exc)}")
                return False

            gitCommitRef = GitCommitRef()
            gitCommitRef.comment = "Added Synopsys pipeline template"
            gitCommitRef.changes = [
                {
                    'changeType': 'edit',
                    'item': {
                        'path': pkgfile
                    },
                    'newContent': {
                        'content': new_contents,
                        'contentType': 'rawText'
                    }
                }
            ]

            gitPush.commits.append(gitCommitRef)

            # globals.printdebug(f"DEBUG: Update file '{pkgfile}' with commit message '{commit_message}'")
            # file = repo.update_file(pkgfile, commit_message, new_contents, orig_contents.sha, branch=new_branch_name)

        push = self.azure_git_client.create_push(gitPush, self.azure_repo_id)

        if not push:
            print(f"BD-Scan-Action: ERROR: Create push failed")
            sys.exit(1)

        pr_title = f"Black Duck: Upgrade {comp.name} to version {comp.goodupgrade} fix known security vulerabilities"
        pr_body = f"\n# Synopsys Black Duck Auto Pull Request\n" \
                  f"Upgrade {comp.name} from version {comp.version} to " \
                  f"{comp.goodupgrade} in order to fix security vulnerabilities:\n\n"

        gitPullRequest = GitPullRequest()
        gitPullRequest.source_ref_name = f"refs/heads/{new_branch_name}"
        gitPullRequest.target_ref_name = self.azure_build_source_branch
        gitPullRequest.title = pr_title
        gitPullRequest.description = pr_body

        pull = self.azure_git_client.create_pull_request(gitPullRequest, self.azure_repo_id)

        if not pull:
            print(f"BD-Scan-Action: ERROR: Create pull request failed")
            sys.exit(1)

        return True