Feature/rulesets: End to End assignment creation (KHO-172, KHO-173)

.gitignore

@@ -24,7 +24,7 @@ go.work.sum
 
 # env file
 .env
-
+*.env_other*
 # Logs
 logs
 *.log
@@ -57,4 +57,4 @@ terraform/.terraform/
 *.tfstate
 *.tfstate.backup
 */terraform.tfstate*
-*/terraform.tfvars
+*/terraform.tfvars

backend/internal/errs/api_err.go

@@ -106,6 +106,11 @@ func AssignmentNotAcceptedError() APIError {
 	return NewAPIError(http.StatusBadRequest, fmt.Errorf("student has not accepted this assignment yet"))
 }
 
+
+func CriticalGithubError() APIError {
+	return NewAPIError(http.StatusInternalServerError, fmt.Errorf("critical Out of State Error: Github Integration"))
+}
+
 /* Post Requests Only */
 func InvalidRequestBody(expected interface{}) APIError {
 	fieldAcc := make([]string, 0, 10)

backend/internal/github/github.go

@@ -2,7 +2,7 @@ package github
 
 import (
 	"context"
-
+	"time"
 	"github.com/CamPlume1/khoury-classroom/internal/models"
 	"github.com/google/go-github/github"
 )
@@ -30,6 +30,8 @@ type GitHubAppClient interface { // All methods in the APP client
 	// Add a repository permission to a user
 	AssignPermissionToUser(ctx context.Context, ownerName string, repoName string, userName string, permission string) error
 
+	CreateDeadlineEnforcement(ctx context.Context, deadline *time.Time, orgName, repoName string) error
+
 	// Create instance of template repository
 	CreateRepoFromTemplate(ctx context.Context, orgName, templateRepoName, newRepoName string) (*models.AssignmentBaseRepo, error)
 }
@@ -116,4 +118,13 @@ type GitHubBaseClient interface { //All methods in the SHARED client
 
 	// Remove repository from team
 	RemoveRepoFromTeam(ctx context.Context, org, teamSlug, owner, repo string) error
+
+	//Create push ruleset to protect .github folders
+	CreatePushRuleset(ctx context.Context, orgName, repoName string) error
+
+	//Create rulesets to protect corresponding branches
+	CreateBranchRuleset(ctx context.Context,  orgName, repoName string) error
+
+	//Creates PR enforcements
+	CreatePREnforcement(ctx context.Context, orgName, repoName string) error
 }

backend/internal/github/sharedclient/sharedclient.go

@@ -2,10 +2,12 @@ package sharedclient
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
-
+	"time"
 	"github.com/CamPlume1/khoury-classroom/internal/errs"
 	"github.com/CamPlume1/khoury-classroom/internal/models"
+	"github.com/CamPlume1/khoury-classroom/internal/utils"
 	"github.com/google/go-github/github"
 )
 
@@ -183,6 +185,147 @@ func (api *CommonAPI) GetUser(ctx context.Context, userName string) (*github.Use
 	return user, err
 }
 
+
+
+func (api *CommonAPI) createRuleSet(ctx context.Context, ruleset interface{}, orgName, repoName string) error {
+	endpoint := fmt.Sprintf("/repos/%s/%s/rulesets", orgName, repoName)
+	req, err := api.Client.NewRequest("POST", endpoint, ruleset)
+	if err != nil {
+		return err
+	}
+	_, err = api.Client.Do(ctx, req, nil)
+	return err
+}
+
+//Given a repo name and org name, create a push ruleset to protect the .github directory
+func (api *CommonAPI) CreatePushRuleset(ctx context.Context, orgName, repoName string) error {
+	body := map[string]interface{}{
+		"name":        "Restrict .github Directory Edits: Preserves Submission Deadline",
+		"target":      "push",
+		"enforcement": "active",
+		"rules": []interface{}{
+			map[string]interface{}{
+				"type": "file_path_restriction",
+				"parameters": map[string]interface{}{
+					"restricted_file_paths": []string{".github/**/*"},
+				},
+			},
+		},
+	}
+	return api.createRuleSet(ctx, body, orgName, repoName)
+}
+
+
+
+func (api *CommonAPI) CreateBranchRuleset(ctx context.Context,  orgName, repoName string) error {
+	body := map[string]interface{}{
+		"name": "Feedback and Main Branch Protedtion: PR Enforcement",
+		"target": "branch",
+		"enforcement": "active",
+		"conditions": map[string]interface{}{
+			"ref_name": map[string]interface{}{
+				"exclude": []interface{}{},
+				"include": []interface{}{"refs/heads/feedback", "~DEFAULT_BRANCH"},
+			},
+		},
+		"rules": []interface{}{
+			map[string]interface{}{
+				"type": "non_fast_forward",
+			},
+			map[string]interface{}{
+				"type": "deletion",
+			},
+			map[string]interface{}{
+				"type": "update",
+				"parameters": map[string]interface{}{
+				  "update_allows_fetch_and_merge": true,
+				},
+			  },
+
+			map[string]interface{}{
+				"type": "pull_request",
+				"parameters" : map[string]interface{}{
+								"required_approving_review_count": 0,
+        						"dismiss_stale_reviews_on_push": true,
+       							"require_code_owner_review": false,
+        						"require_last_push_approval": false,
+        						"required_review_thread_resolution": false,
+       							"automatic_copilot_code_review_enabled": false,
+				},
+			},
+			map[string]interface{}{
+				"type": "required_status_checks",
+				"parameters": map[string]interface{}{
+					"strict_required_status_checks_policy": false,
+					"do_not_enforce_on_create": false,
+					"required_status_checks": []map[string]string{
+						map[string]string{
+							"context": "check-date",
+						},
+						map[string]string{
+							"context": "check-target",
+						},
+
+					},
+
+				},
+			},
+		},
+	}
+	return api.createRuleSet(ctx, body, orgName, repoName)
+}
+
+
+
+
+
+func (api *CommonAPI) CreateDeadlineEnforcement(ctx context.Context, deadline *time.Time, orgName, repoName string) error {
+	addition := models.RepositoryAddition{
+		FilePath: ".github/workflows/deadline.yml",
+		RepoName: repoName,
+		OwnerName: orgName,
+		DestinationBranch: "main",
+		Content: utils.ActionWithDeadline(deadline),
+		CommitMessage: "Deadline enforcement GH action files",
+	}
+	return api.EditRepository(ctx, &addition)
+
+}
+
+
+func (api *CommonAPI) CreatePREnforcement(ctx context.Context, orgName, repoName string) error {
+
+	addition := models.RepositoryAddition{
+		FilePath: ".github/workflows/branchProtections.yml",
+		RepoName: repoName,
+		OwnerName: orgName,
+		DestinationBranch: "main",
+		Content: utils.TargetBranchProtectionAction(),
+		CommitMessage: "Deadline enforcement GH action files",
+	}
+	return api.EditRepository(ctx, &addition)
+
+}
+
+func (api *CommonAPI) EditRepository(ctx context.Context, addition *models.RepositoryAddition) error {
+	endpoint := fmt.Sprintf("/repos/%s/%s/contents/%s", addition.OwnerName, addition.RepoName, addition.FilePath)
+	encodedContent := base64.StdEncoding.EncodeToString([]byte(addition.Content))
+
+	body := map[string]interface{}{
+		"message": addition.CommitMessage,
+		"content": encodedContent,
+		"branch": addition.DestinationBranch,
+	}
+	req, err := api.Client.NewRequest("PUT", endpoint, body)
+	if err != nil {
+		return err
+	}
+	_, err = api.Client.Do(ctx, req, nil)
+	return err
+}
+
+
+
 func (api *CommonAPI) InviteUserToOrganization(ctx context.Context, orgName string, userID int64) error {
 	body := map[string]interface{}{
 		"invitee_id": userID,

backend/internal/handlers/classrooms/assignments/assignments.go

@@ -62,6 +62,7 @@ func (s *AssignmentService) createAssignment() fiber.Handler {
 			return errs.InvalidRequestBody(assignmentData)
 		}
 
+
 		// Error if assignment already exists
 		existingAssignment, err := s.store.GetAssignmentByNameAndClassroomID(c.Context(), assignmentData.Name, assignmentData.ClassroomID)
 		if err != nil && !errors.Is(err, pgx.ErrNoRows) {
@@ -148,6 +149,7 @@ func (s *AssignmentService) generateAssignmentToken() fiber.Handler {
 
 // Uses an assignment token to accept an assignment.
 func (s *AssignmentService) useAssignmentToken() fiber.Handler {
+	//@CamTODO-> Downgrade student access
 	return func(c *fiber.Ctx) error {
 		token := c.Params("token")
 		if token == "" {
@@ -225,6 +227,12 @@ func (s *AssignmentService) useAssignmentToken() fiber.Handler {
 			initialDelay *= 2
 		}
 
+		//@CamTODO: Get rid of happy path here with repo get fail
+		err = client.CreateBranchRuleset(c.Context(), classroom.OrgName, forkName)
+		if err != nil {
+			return errs.CriticalGithubError()
+		}
+
 		// Remove student team's access to forked repo
 		err = client.RemoveRepoFromTeam(c.Context(), classroom.OrgName, *classroom.StudentTeamName, classroom.OrgName, *studentWorkRepo.Name)
 		if err != nil {

backend/internal/handlers/classrooms/assignments/service.go

@@ -7,8 +7,8 @@ import (
 )
 
 type AssignmentService struct {
-	store     storage.Storage
-	userCfg   *config.GitHubUserClient
+	store storage.Storage
+	userCfg *config.GitHubUserClient
 	appClient github.GitHubAppClient
 }
 

backend/internal/handlers/hello/routes.go

@@ -8,7 +8,12 @@ import (
 	"github.com/gofiber/fiber/v2"
 )
 
-// Create HelloGroup fiber route group
+// Routes initializes the "hello" and "hello_protected" route groups in the Fiber application.
+// It sets up middleware for protected routes and registers endpoints.
+//
+// Parameters:
+//   - app: The Fiber application instance to which the routes will be added.
+//   - params: A Params struct containing configuration such as the data store and JWT secret.
 func Routes(app *fiber.App, params types.Params) {
 	service := newService(params.Store)
 
@@ -18,10 +23,10 @@ func Routes(app *fiber.App, params types.Params) {
 	// Register Middleware
 	protected.Use(middleware.Protected(params.UserCfg.JWTSecret))
 
-	//Unprotected Routes
+	// Unprotected Routes
 	unprotected := app.Group("/hello")
 
-	//Endpoints
+	// Endpoints
 	protected.Get("/world", service.HelloWorld)
 	unprotected.Get("/world", service.HelloWorld)
 }

backend/internal/handlers/organizations/organization.go

@@ -1,6 +1,7 @@
 package organizations
 
 import (
+	//"fmt"
 	"strconv"
 	"strings"
 
@@ -17,18 +18,19 @@ func (service *OrganizationService) GetOrgsAndClassrooms() fiber.Handler {
 	}
 }
 
+//Get all organizations a user is in
 func (service *OrganizationService) GetUserOrgs() fiber.Handler {
 	return func(c *fiber.Ctx) error {
 		client, err := middleware.GetClient(c, service.store, service.userCfg)
 		if err != nil {
 			return errs.GithubClientError(err)
 		}
 
+		// Retrieve orgs from user client
 		orgs, err := client.GetUserOrgs(c.Context())
 		if err != nil {
 			return errs.GithubAPIError(err)
 		}
-
 		return c.Status(fiber.StatusOK).JSON(fiber.Map{"orgs": orgs})
 	}
 }

backend/internal/handlers/organizations/service.go

@@ -6,12 +6,15 @@ import (
 	"github.com/CamPlume1/khoury-classroom/internal/storage"
 )
 
+
+//Service Declaration
 type OrganizationService struct {
 	store     storage.Storage
 	appClient github.GitHubAppClient
 	userCfg   *config.GitHubUserClient
 }
 
+//Service constructor
 func NewOrganizationService(
 	store storage.Storage,
 	appClient github.GitHubAppClient,