Metadata-Version: 2.1
Name: audit_repo_cloner
Version: 0.2.0
Home-page: https://github.com/ChainAccelOrg/audit-repo-cloner
Author: Cyfrin
License: MIT
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Requires-Python: >=3.7, <4
Description-Content-Type: text/markdown
License-File: LICENSE

# Audit Repository Cloner

This repository contains a Python package to clone a repo and automatically prepare it for [Cyfrin](https://www.cyfrin.io/) audit report generation. 

# What it does

It will take the following steps:
1. Take the `source` repository you want to setup for audit
2. Add an `issue_template` to the repo, so issues can be formatted as audit findings, like:

```
**Description:**
**Impact:**
**Proof of Concept:**
**Recommended Mitigation:**
**[Project]:** 
**Cyfrin:**
```

3. Update labels to label issues based on severity and status
4. Create an audit tag at the given commit hash (full SHA)
5. Create branches for each of the auditors participating
6. Create a branch for the final report
7. Add the [report-generator-template](https://github.com/Cyfrin/report-generator-template) to the repo to make it easier to compile the report, and add a button in GitHub actions to re-generate the report on-demand
8. Attempt to set up a GitHub project board

Note: Changes to `report-generator-template` can be pulled into the generated repo by running:
```bash
git subtree pull --prefix cyfrin-report/report-generator-template https://github.com/Cyfrin/report-generator-template main --squash
```

# Getting Started

## Requirements

- [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
  - You'll know you did it right if you can run `git --version` and you see a response like `git version x.x.x`
- [Python](https://www.python.org/downloads/)
  - You'll know you've installed python right if you can run:
    - `python --version` or `python3 --version` and get an ouput like: `Python x.x.x`
- [pip](https://pypi.org/project/pip/)
  - You'll know you did it right if you can run `pip --version` or `pip3 --version` and get an output like `pip x.x from /some/path/here (python x.x)`

## Installation

To install from source: 

```bash 
git clone https://github.com/Cyfrin/audit-repo-cloner
cd audit-repo-cloner
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```

To install from pipx:
```bash
pipx install audit_repo_cloner
```

And if installing from source with pipx package already installed, install in editable mode:
```bash
pip install -e .
```

You'll know you've installed it correctly if you can run:

```
audit_repo_cloner --version
```

And get an output like:

```
audit_repo_cloner, version 0.2.0
```

## Getting a GitHub token

To use this, you'll need a [github personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). Please view the docs to set one up. 

You can then set it as an environment variable or input it via the CLI:

```bash
export ACCESS_TOKEN=xxxxxx
```

Note: this access token is encypted and added to the generated repo as a GitHub secret. It is only used to create the repo initially and allow the GitHub Action to run the report generator (fetching issues) in CI. Be sure to update the GitHub secret if you change your access token or it expires.

# Usage

*Note: $ denotes a command to run in the terminal*


## Help

```
audit_repo_cloner --help
```

## As a single command

From source:
```bash
python ./create_audit_repo.py`
```

Otherwise (pipx):

```
audit_repo_cloner --source-url https://github.com/PatrickAlphaC/hardhat-smartcontract-lottery-fcc --commit-hash 5e4872358cd2bda1936c29f460ece2308af4def6 --auditors "81k-ltd blue-frog-man giiioooooooo" --organization cyfrin --github-token <YOUR_ACCESS_TOKEN>
```

```
$ audit_repo_cloner 
Hello! This script will clone target repository and prepare it for a Cyfrin audit. Please enter the following details:

1) Source repo url: 
```
Enter: `https://github.com/code-423n4/2023-04-eigenlayer`

```
2) Audit commit hash: 
```
Enter: `5e4872358cd2bda1936c29f460ece2308af4def6`

```
3) Enter the names of the auditors (separated by spaces):
```
Enter: `"81k-ltd blue-frog-man giiioooooooo"`

```
4) Enter the name of the organization to create the audit repository in:
```

Enter: <YOUR_ORG_NAME>

```

And you'll get a loooong output, but hopefully you'll have a repo ready for audit!
