Description
When migrating repos, any secret/code scanning/dependabot alerts currently don't migrate. Sure you can run a new scan on the target repo, but if you have dismissed any alerts as false positive (for example), that information will be lost.
Our friends over in GitHub services have written some code that does exactly this, and this issue represents incorporating that capability into this CLI.
The existing code (in typescript) can be found here (note: not accessible by non-github staff): https://github.com/octodemo/daves-gei-playground
Tasks
- Add
migrate-code-scanning-alertscommand #535 - Add
migrate-secret-scanning-alertscommand #536 - Update
gh gei generate-scriptto callmigrate-code-scanning-alertsandmigrate-secret-scanning-alerts#537
Implementation Guidance
We have established patterns in the CLI codebase, that I'm going to try to briefly rehash the relevant bits here.
We have a GithubApi class that wraps GH api endpoints. Generally one function in that class for each API endpoint. There should be very little logic in those functions, they know what the endpoint URL is, and they know how to craft the proper payload, and parse any response (e.g. GetCodeScanningAnalysis(...) ListSecretScanningAlerts(...)).
We have Command classes for each CLI command. In general the Command classes should also be very "thin", and mostly contain the definition of the args/help text, validate the arguments, then call either the *Api classes if the command is mostly a wrapper over an api call or two, or if there is significant logic that needs to be implemented that should live in a service class which the command class will call (which in turn will call *Api classes). For this work I expect both of the new commands will need a Service class to implement the necessary logic. An example of an existing command that uses this service pattern is the ReclaimMannequinCommand.