implemented control 1.1.13

logchange · Oct 12, 2024 · 103c420 · 103c420
1 parent 50157e2
commit 103c420
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 2 deletions.
diff --git a/cis_gitlab_benchmark_v1_0_1_implmentation.md b/cis_gitlab_benchmark_v1_0_1_implmentation.md
@@ -130,4 +130,25 @@ GitLab uses `Merge Request` instead of `Pull Request` (wrong expression used in
 Additionally, (besides `Reject unsigned commits`), GitLab allows to check:
 - `Reject unverified users`
 - `Reject inconsistent user name`
-- `Check whether the commit author is a GitLab user`
+- `Check whether the commit author is a GitLab user`
+
+Implemented at:
+
+```
+src/controls/code_changes/commit_user_verification.py
+```
+
+[see](src/controls/code_changes/commit_user_verification.py) 
+
+### 1.1.13 Ensure linear history is required (Manual)
+
+This rule should also check if `Squash commits when merging` is `Encourage` or `Require` to keep
+main branch clean.
+
+Implemented at:
+
+```
+src/controls/code_changes/linear_history.py
+```
+
+[see](src/controls/code_changes/linear_history.py)
diff --git a/src/controls/code_changes/linear_history.py b/src/controls/code_changes/linear_history.py
@@ -0,0 +1,26 @@
+from src.common.logger import info
+from src.controls.control import Control, ControlResult
+
+
+class LinearHistoryControl(Control):
+    ALLOWED_MERGE_METHOD = ['ff']
+    ALLOWED_SQUASH_OPTIONS = ['default_on', 'always']
+
+    def get_name(self):
+        return "1.1.13 Ensure linear history is required (Manual)"
+
+    def validate(self, gl_group_project, gl_project) -> ControlResult:
+        info(f"Project name: {gl_project.name} - Performing check {self.get_name()}")
+
+        merge_method = gl_project.merge_method
+        merge_method_passed = merge_method in self.ALLOWED_MERGE_METHOD  # only fast-forward
+
+        squash_option = gl_project.squash_option
+        squash_option_passed = squash_option in self.ALLOWED_SQUASH_OPTIONS
+
+        if merge_method_passed and squash_option_passed:
+            return ControlResult(self.get_name(), True, "")
+        else:
+            return ControlResult(self.get_name(), False,
+                                 f"Merge method: {merge_method} allowed {self.ALLOWED_MERGE_METHOD}\n" +
+                                 f"Squash options: {squash_option}\nallowed: {self.ALLOWED_SQUASH_OPTIONS}")
diff --git a/src/main.py b/src/main.py
@@ -10,6 +10,7 @@
 from src.controls.code_changes.codeowners_approval import CodeOwnersApprovalRequiredControl
 from src.controls.code_changes.codeowners_file_exists import CodeOwnersFileExistsControl
 from src.controls.code_changes.commit_user_verification import CommitUserVerificationControl
+from src.controls.code_changes.linear_history import LinearHistoryControl
 from src.controls.code_changes.open_comments_resolved_before_merge import AllOpenCommentsAreResolvedBeforeControl
 from src.controls.code_changes.stale_branches import StaleBranchesRemovedControl
 from src.export.xlsx_exporter import XlsxExporter
@@ -24,7 +25,8 @@
     AllChecksHavePassedBeforeMergingControl(),
     BranchesAreUpToDateControl(),
     AllOpenCommentsAreResolvedBeforeControl(),
-    CommitUserVerificationControl()
+    CommitUserVerificationControl(),
+    LinearHistoryControl()
 ]