This mod is older and we don't really support Sherlock type mods anymore (this is the only one actually). Non-compliance checks we add into Insights mods in general, so we should look to consolidate GitHub mods and make GitHub Insights mod more complete.

After GitHub Insights supports all checks from this mod, we should:

• Add a header in the README, e.g., https://github.com/turbot/steampipe-plugin-turbot#warning-deprecated
• Add a note in docs/index.md, e.g., https://github.com/turbot/steampipe-plugin-turbot/blob/main/docs/index.md#turbot--steampipe-deprecated
• Archive this repo

Is your feature request related to a problem? Please describe.
PR #292 on the plugin removes a column (which causes permission issues for users preventing being able to obtain repos), so we need to update the control.private_repo_no_outside_collaborators to take this into consideration.

Describe the solution you'd like
Update query.

Describe alternatives you've considered
n/a

Additional context
Plugin Issue - Plugin PR

Describe the bug

If you have way too many repos, eventually something will time out
with "ERROR: context deadline exceeded" after about 12 minutes.

Steampipe version (steampipe -v)

v0.8.4

Plugin version (steampipe plugin list)

turbot/github@latest: v0.6.1

To reproduce

Get lots of repos that have lots of issues in them.

Run steampipe check all from this repo.

Expected behavior

All checks complete.

Additional context

Command took 12 minutes 36 seconds to complete.

Per @johnsmyth I made this change to docs/index.md a local branch:

-git clone [email protected]:turbot/steampipe-mod-github-sherlock
+git clone https://github.com/turbot/steampipe-mod-github-sherlock.git

I think I'd need to be authorized to push the branch in order to create a PR.

Is your feature request related to a problem? Please describe.
The ad-hoc fix can be reverted back to use in operator

from
(b.name = 'main' or b.name = 'master') to in ('main', 'master')

Depends on SDK Update

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
Error when running this check: No outside collaborators should have access in each private repository

| + No outside collaborators should have access in each private repository ......................   1 /   1 [=         ]
| | |
| | ERROR: pq: missing FROM-clause entry for table "r"

Steampipe version (steampipe -v)
Example: v0.5.1

Plugin version (steampipe plugin list)
Github plugin:
hub.steampipe.io/plugins/turbot/github@latest | 0.5.0 | github
I'm at commit 911402c of this particular repo

To reproduce
I just ran all checks:
steampipe check all

Expected behavior
No error message.

Additional context
Here is the code of the control that's failing:

Describe the bug
On running steampipe query command we get the following error -

Error: failed to load workspace: Failed to decode all mod hcl files
mod defines more that one resource named local.include_forks

Steampipe version (steampipe -v)
Example: v0.8.0-rc.1

Mod version (steampipe plugin list)
Example: v0.3

To reproduce
Steps to reproduce the behaviour (please include relevant code and/or commands).

Expected behaviour
A clear and concise description of what you expected to happen.

Additional context
Add any other context about the problem here.

This mod can wind up checking a lot of repos that you might not care about, and can hit rate limits doing so.

Would be nice to be able to check this way:

steampipe check benchmark.public_repo_best_practices --var repo_pattern=turbot/steampipe-mod

E.g. by doing something like this.

variable "repo_pattern" {
  type = string
  default = ""
}

benchmark "public_repo_best_practices" {
  title = "Public Repository Best Practices"
  description = "Best practices for your public repositories."
  children = [
    control.public_repo_issues_enabled
  ]
}

control "public_repo_issues_enabled" {
  title = "Issues should be enabled in each public repository"
  description = "Issues are essential to keep track of tasks, enhancements, and bugs."
  sql = <<-EOT
    select
      html_url as resource,
      case
        when has_issues then 'ok'
        else 'alarm'
      end as status,
      full_name || ' issues are ' || case when(has_issues)::bool then 'enabled' else 'disabled' end || '.' as reason,
      full_name
    from
      github_my_repository
    where
      full_name ~ $1
      and visibility = 'public' 
      and fork = ${local.include_forks}
  EOT
  param "repo_pattern" {
    default = var.repo_pattern
  }  
}

@cbruno10 we talked about this way back when I first started, was reminded of it today when building an example of using this mod. Would this be the right approach?

Describe the bug

turbot-macpro-raj:steampipe-mod-github-sherlock raj$ steampipe check control.private_repo_default_branch_blocks_force_push
+ Default branch should block force push in each private repository ................................................................................................................. 1 / 1 [          ]
  ERROR: rpc error: code = Internal desc = 'List' call is missing required quals: column:'repository_full_name' operator: =

A similar issue persists for the below controls

steampipe check control.private_repo_default_branch_blocks_deletion
steampipe check control.private_repo_default_branch_protections_apply_to_admins
steampipe check control.private_repo_default_branch_requires_pull_request_reviews
steampipe check control.private_repo_default_branch_blocks_force_push

steampipe check control.public_repo_default_branch_blocks_deletion
steampipe check control.public_repo_default_branch_protections_apply_to_admins
steampipe check control.public_repo_default_branch_requires_pull_request_reviews
steampipe check control.public_repo_default_branch_blocks_force_push

Steampipe version (steampipe -v)
Example: v0.9.0

Plugin version (steampipe plugin list)
Example: v0.8.1

To reproduce

Execute entire sherlock mod steampipe check all or steampipe check control.private_repo_default_branch_blocks_force_push

Expected behavior
A clear and concise description of what you expected to happen.

Additional context

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
No outside collaborators should have access in each private repository control does evaluate outside collaborators resulting in reason while running the control.

Steampipe version (steampipe -v)
Example: v0.10.x

Plugin version (steampipe plugin list)
Example: v0.9.0

To reproduce
Steps to reproduce the behavior (please include relevant code and/or commands).

Expected behavior
A clear and concise description of what you expected to happen.

Additional context
Add any other context about the problem here.

Describe the bug
The current version of the mod returns a warning due to using the deprecated option version instead of min_version for the github plugin.

This issue can be trivially resolved by updating

  require {
    plugin "github" {
      version = "0.29.0"
    }
  }

to

  require {
    plugin "github" {
      min_version = "0.29.0"
    }
  }


**Steampipe version (`steampipe -v`)**
Example: v0.3.0

**Plugin version (`steampipe plugin list`)**
Example: v0.5.0

**To reproduce**
Steps to reproduce the behavior (please include relevant code and/or commands).

**Expected behavior**
A clear and concise description of what you expected to happen.

**Additional context**
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
We're currently looking to release a drastically different version of the GitHub plugin utilising GraphQL, this means that a lot of the queries will need to be adapted to facilitate the changes.

Describe the solution you'd like
All queries/checks/etc to be updated.

Describe alternatives you've considered
n/a

Additional context
GitHub plugin changes are currently on a graphql-dev branch or within PRs waiting to be merged into it.

Describe the bug
GitHub Organization with non-matching conditions of Organization Best Practices controls fails e.g.

Organization members should not be able to create public repositories

...................................................................................................     2 /     3 [==        ]
  | ALARM: <nil> .............................................................................................................................................................................. rajcloud
  | OK   : Turbot Development users cannot create public repositories. ........................................................................................................................ turbotio
  | OK   : Turbot HQ users cannot create public repositories. ................................................................................................................................. turbothq
  | 

Organization default repository permissions should be limited

  | OK   : <nil> .............................................................................................................................................................................. rajcloud
  | OK   : <nil> ................................................................................................................................................................................ turbot
  | OK   : Turbot Development default repository permissions are none. ........................................................................................................................ turbotio
  | OK   : <nil> .............................................................................................................................................................................. turbothq

Steampipe version (steampipe -v)
Example: v0.9.1

Plugin version (steampipe plugin list)
GitHub: v0.8.1

To reproduce
You can create sample organization without all required best practice parameters and run GitHub Sherlock mod as below
steampipe check github_sherlock.benchmark.org_best_practices

Expected behavior
A clear and concise description of what you expected to happen.

Additional context
Add any other context about the problem here.