INT-7018 - Upgrade integration

.github/workflows/build.yml

@@ -1,27 +1,26 @@
 name: Build
-on: [push, pull_request]
+on:
+  pull_request:
+  push:
+    branches:
+      - main
 
 jobs:
   test:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        node-version: [14.x]
-        os: [ubuntu-latest]
-
+    runs-on: ubuntu-latest
     steps:
+      - name: Check out code repository source code
+        uses: actions/checkout@v3
+
       - id: setup-node
         name: Setup Node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v3
         with:
-          node-version: ${{ matrix.node-version }}
-
-      - name: Check out code repository source code
-        uses: actions/checkout@v2
+          node-version: 14.x
+          cache: yarn
 
       - name: Install dependencies
-        run: yarn
+        run: yarn --frozen-lockfile
 
       - name: Run tests
         run: yarn test:ci
@@ -31,44 +30,24 @@ jobs:
 
   # Publishing is done in a separate job to allow
   # for all matrix builds to complete.
-  release:
+  BuildRelease:
     needs: test
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'
-    strategy:
-      fail-fast: false
-      matrix:
-        node: [14]
-
+    name: Checkout Code
     steps:
       - name: Setup Node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v3
         with:
           node-version: 14.x
-
+          cache: yarn
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 2
-
-      # Fetch tags and describe the commit before the merge commit
-      # to see if it's a version publish
-      - name: Fetch tags
-        run: |
-          git fetch --tags
-          if git describe --exact-match --match "v*.*.*" HEAD^2
-          then
-            echo "Found version commit tag. Publishing."
-            echo "publish=true" >> $GITHUB_ENV
-          else
-            echo "Version commit tag not found. Not publishing."
-          fi
-
-      - name: Publish
-        if: env.publish == 'true'
-        env:
-          NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
-        run: |
-          echo "//registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN}" > .npmrc
-          yarn
-          npm publish
+          token: ${{ secrets.AUTO_GITHUB_PAT_TOKEN }}
+      - name: Build and Release
+        uses: jupiterone/action-npm-build-release@v1
+        with:
+          npm_auth_token: ${{ secrets.NPM_AUTH_TOKEN }}
+          gh_token: ${{ secrets.AUTO_GITHUB_PAT_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -9,15 +9,15 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "CodeQL"
+name: 'CodeQL'
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ['main']
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "main" ]
-    
+    branches: ['main']
+
 jobs:
   analyze:
     name: Analyze
@@ -30,41 +30,40 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript' ]
+        language: ['javascript']
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        queries: security-extended,security-and-quality
+          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          queries: security-extended,security-and-quality
 
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
+      # - run: |
+      #   echo "Run, Build Application using script"
+      #   ./location_of_script_within_repo/buildscript.sh
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

CHANGELOG.md

@@ -8,6 +8,16 @@ and this project adheres to
 
 ## [Unreleased]
 
+## Changed
+
+- Upgraded SDK dependencies to v8
+- Updated build.yml
+- Updated package.json main, types, and files to work with updated build.yml
+- Updated project [README.md](http://README.md '‌')
+- Added jupiterone/questions/questions.yaml file
+- Upgraded package.json scripts to match an `integration-template`
+- Updated tests to use latest patterns
+
 ## 1.0.0-beta.0 2023-01-27
 
 ### Added

README.md

@@ -40,13 +40,58 @@ necessarily prevent the ingestion of other, unrelated data. That should be
 enough information to allow you to get started coding!
 
 See the
-[SDK development documentation](https://github.com/JupiterOne/sdk/blob/master/docs/integrations/development.md)
+[SDK development documentation](https://github.com/JupiterOne/sdk/blob/main/docs/integrations/development.md)
 for a deep dive into the mechanics of how integrations work.
 
 See [docs/development.md](docs/development.md) for any additional details about
 developing this integration.
 
+### Testing the integation
+
+Ideally, all major calls to the API and converter functions would be tested. You
+can run the tests with `yarn test`, and you can run the tests as they execute in
+the CI/CD environment with `yarn test:ci` (adds linting and type-checking to
+`yarn test`). If you have a valid runtime configuration, you can run the tests
+with your credentials using `yarn test:env`.
+
+For more details on setting up tests, and specifically on using recordings to
+simulate API responses, see `test/README.md`.
+
 ### Changelog
 
 The history of this integration's development can be viewed at
 [CHANGELOG.md](CHANGELOG.md).
+
+### Versioning this project
+
+This project is versioned using [auto](https://intuit.github.io/auto/).
+
+Versioning and publishing to NPM are now handled via adding GitHub labels to
+pull requests. The following labels should be used for this process:
+
+- patch
+- minor
+- major
+- release
+
+For each pull request, the degree of change should be registered by applying the
+appropriate label of patch, minor, or major. This allows the repository to keep
+track of the highest degree of change since the last release. When ready to
+publish to NPM, the PR should have both its appropriate patch, minor, or major
+label applied as well as a release label. The release label will denote to the
+system that we need to publish to NPM and will correctly version based on the
+highest degree of change since the last release, package the project, and
+publish it to NPM.
+
+In order to successfully version and publish to NPM we need access to two
+secrets: a valid NPM token for publishing and a GitHub token for querying the
+repo and pushing version changes. For JupiterOne projects please put in a ticket
+with security to have the repository correctly granted access. For external
+projects, please provide secrets with access to your own NPM and GitHub
+accounts. The secret names should be set to NPM_AUTH_TOKEN and
+AUTO_GITHUB_PAT_TOKEN respectively (or the action can be updated to accomodate
+different naming conventions).
+
+We are not currently using the functionality for auto to update the CHANGELOG.
+As such, please remember to update CHANGELOG.md with the appropriate version,
+date, and changes.

docs/spec/src/account/index.ts

@@ -0,0 +1,18 @@
+import { StepSpec } from '@jupiterone/integration-sdk-core';
+import { SonarqubeIntegrationConfig } from '../../../../src/types';
+
+export const accountSpec: StepSpec<SonarqubeIntegrationConfig>[] = [
+  {
+    id: 'fetch-account',
+    name: 'Fetch Account',
+    entities: [
+      {
+        resourceName: 'Account',
+        _type: 'sonarqube_account',
+        _class: ['Account'],
+      },
+    ],
+    relationships: [],
+    implemented: true,
+  },
+];

docs/spec/src/finding/index.ts

@@ -0,0 +1,26 @@
+import { RelationshipClass, StepSpec } from '@jupiterone/integration-sdk-core';
+import { SonarqubeIntegrationConfig } from '../../../../src/types';
+
+export const findingSpec: StepSpec<SonarqubeIntegrationConfig>[] = [
+  {
+    id: 'fetch-findings',
+    name: 'Fetch Project Findings',
+    entities: [
+      {
+        resourceName: 'Finding',
+        _type: 'sonarqube_finding',
+        _class: ['Finding'],
+      },
+    ],
+    relationships: [
+      {
+        _type: 'sonarqube_project_has_finding',
+        sourceType: 'sonarqube_project',
+        _class: RelationshipClass.HAS,
+        targetType: 'sonarqube_finding',
+      },
+    ],
+    dependsOn: ['fetch-projects'],
+    implemented: true,
+  },
+];

docs/spec/src/index.ts

@@ -0,0 +1,19 @@
+import { IntegrationSpecConfig } from '@jupiterone/integration-sdk-core';
+
+import { SonarqubeIntegrationConfig } from '../../../src/types';
+import { accountSpec } from './account';
+import { findingSpec } from './finding';
+import { projectSpec } from './project';
+import { userSpec } from './user';
+import { userGroupSpec } from './user-group';
+
+export const invocationConfig: IntegrationSpecConfig<SonarqubeIntegrationConfig> =
+  {
+    integrationSteps: [
+      ...accountSpec,
+      ...findingSpec,
+      ...projectSpec,
+      ...userSpec,
+      ...userGroupSpec,
+    ],
+  };

docs/spec/src/project/index.ts

@@ -0,0 +1,26 @@
+import { RelationshipClass, StepSpec } from '@jupiterone/integration-sdk-core';
+import { SonarqubeIntegrationConfig } from '../../../../src/types';
+
+export const projectSpec: StepSpec<SonarqubeIntegrationConfig>[] = [
+  {
+    id: 'fetch-projects',
+    name: 'Fetch Projects',
+    entities: [
+      {
+        resourceName: 'Project',
+        _type: 'sonarqube_project',
+        _class: ['Project'],
+      },
+    ],
+    relationships: [
+      {
+        _type: 'sonarqube_account_has_project',
+        sourceType: 'sonarqube_account',
+        _class: RelationshipClass.HAS,
+        targetType: 'sonarqube_project',
+      },
+    ],
+    dependsOn: ['fetch-account'],
+    implemented: true,
+  },
+];

docs/spec/src/user-group/index.ts

@@ -0,0 +1,26 @@
+import { RelationshipClass, StepSpec } from '@jupiterone/integration-sdk-core';
+import { SonarqubeIntegrationConfig } from '../../../../src/types';
+
+export const userGroupSpec: StepSpec<SonarqubeIntegrationConfig>[] = [
+  {
+    id: 'fetch-user-groups',
+    name: 'Fetch User Groups',
+    entities: [
+      {
+        resourceName: 'UserGroup',
+        _type: 'sonarqube_user_group',
+        _class: ['UserGroup'],
+      },
+    ],
+    relationships: [
+      {
+        _type: 'sonarqube_account_has_user_group',
+        sourceType: 'sonarqube_account',
+        _class: RelationshipClass.HAS,
+        targetType: 'sonarqube_user_group',
+      },
+    ],
+    dependsOn: ['fetch-account'],
+    implemented: true,
+  },
+];