Repo File Checks

After setting up a Git Repository integration, OpsLevel can continuously scan your code repositories and verify all of the operational best practices you’ve defined.

Along with the integration comes two new checks:  the Repo File Check, and the Repo Search Check.  This article describes the former, as well as some of the cool things you can do with it.

The Repo File Check

With the Repo File Check, you can verify the existence or contents of a file in your repo.

Why would you want to do that?  Well, let’s see some examples of different kinds of checks you can build:

Repo File Check Examples

Verify Ruby version

You can verify that a repo is using a given Ruby version using either .ruby-version or Gemfile.lock. For example:

Filename Predicate Contents
.ruby-version equals 2.6.0
Gemfile.lock contains    ruby 2.6.0

Verify Ruby library

Like verifying the Ruby version, you can look at Gemfile.lock to verify a particular library is installed.

Filename Predicate Contents
Gemfile.lock contains     rails (5.2.0)

Verify Rails is not logging passwords

Part of the Rails Security Guide talks about how to set up Rails to not log passwords. You can verify that your apps have this enabled:

Filename Predicate Contents
config/initializers/filter_parameter_logging.rb contains config.filter_parameters << :password

Verify Python version

Much like verifying the Ruby version, if you use Pyenv, you can verify the version of Python with .python-version.

Filename Predicate Contents
.python-version equals 3.7.0

Verify Python Library

If you use pip and requirements.txt, you can validate that a given Python library version is used. Be sure to freeze your requirements beforehand with pip freeze > requirements.txt.

Filename Predicate Contents
requirements.txt contains Django==2.1.7

Verify Java library

If you use Apache Ivy, you can easily validate the presence of a given Java library.

Filename Predicate Contents
ivy.xml contains <dependency org="apache" name="commons-lang" revision="2.0">

Verify README.md exists

It’s good practice that every repo should have a README.  Just create a check that validates that this file exists, without looking into its contents.

Verify CircleCI is setup properly

If you use CircleCI, you can verify any aspect of your continuous integration. For example, you may want to verify that linting is enabled with Danger or that you’re running tests with RSpec.

Filename Predicate Contents
.circleci/config.yml contains bundle exec rspec
.circleci/config.yml contains       - run: danger

Verify a recent version of Kubernetes

Older versions of Kubernetes had an apiVersion of apps/v1beta2. You can verify that your repos are all using the latest version of Kubernetes in their deployments.

Filename Predicate Contents
deployment.yaml contains apiVersion: apps/v1

And more!

Ok, those were just some examples to get the creative juices flowing.  But there’s tons more you can do with Repo file checks.  If you have any questions, or just come up with some interesting checks you want to share, hit us up at info@opslevel.com.