Merge pull request #11 from villagelabsco/feat/VD-4731-oauth-meltano

Feat/vd 4731 update tap oauth config
villagelabsco · Aug 22, 2024 · 47df5be · 47df5be
2 parents 7601305 + 04c1aee
commit 47df5be
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 7 deletions.
diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml
@@ -0,0 +1,66 @@
+name: dependabot
+on:
+  pull_request:
+    branches:
+      - "develop"
+      - "hotfix/**"
+      - "release/**"
+      - "main"
+      - "feat/**"
+      - "preprod/**"
+  push:
+    branches:
+      - "develop"
+      - "hotfix/**"
+      - "release/**"
+      - "main"
+      - "feat/**"
+      - "preprod/**"
+
+  workflow_dispatch:
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      - name: Install GitHub CLI
+        run: |
+          curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
+          sudo apt update
+          sudo apt install gh
+
+      - name: Log in to GitHub CLI
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
+
+      - name: Check for critical Dependabot alerts
+        run: |
+          alerts=$(gh api graphql -f query='
+            query($repository: String!, $owner: String!) {
+              repository(name: $repository, owner: $owner) {
+                vulnerabilityAlerts(first: 10, states: OPEN) {
+                  nodes {
+                    securityVulnerability {
+                      severity
+                    }
+                  }
+                }
+              }
+            }' -f repository="${{ github.event.repository.name }}" -f owner="${{ github.repository_owner }}" --jq '.data.repository.vulnerabilityAlerts.nodes[].securityVulnerability.severity')
+          echo "Alerts: $alerts"
+          if [[ "$alerts" == *"CRITICAL"* ]]; then
+            echo "Critical vulnerabilities found"
+            exit 1
+          else
+            echo "No critical vulnerabilities"
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/meltano.yml b/meltano.yml
@@ -14,13 +14,19 @@ plugins:
     - catalog
     - discover
     settings:
+    - name: client_id
+      kind: string
+    - name: client_secret
+      kind: password
     - name: access_token
       kind: password
     - name: flattening_enabled
       kind: boolean
     - name: flattening_max_depth
     - name: start_date
       value: '2010-01-01T00:00:00Z'
+    - name: refresh_token
+      kind: password
     config:
       start_date: '2010-01-01T00:00:00Z'
     select:

diff --git a/tap_hubspot/auth.py b/tap_hubspot/auth.py
@@ -1,7 +1,8 @@
+from functools import cached_property
 from singer_sdk.authenticators import OAuthAuthenticator, SingletonMeta
 from singer_sdk.streams import RESTStream
 from typing import Any, Mapping, TypedDict, TypeGuard
-
+import os
 
 class HubSpotOAuthAuthenticator(OAuthAuthenticator, metaclass=SingletonMeta):
     def __init__(self, stream: RESTStream) -> None:
@@ -10,13 +11,16 @@ def __init__(self, stream: RESTStream) -> None:
             stream=stream,
         )
 
-    @property
+    @cached_property
     def oauth_request_body(self) -> dict:
+        env_client_id = os.getenv("TAP_HUBSPOT_CLIENT_ID")
+        env_client_secret = os.getenv("TAP_HUBSPOT_CLIENT_SECRET")
+        env_refresh_token = os.getenv("TAP_HUBSPOT_REFRESH_TOKEN")
         return {
-            "client_id": self.config["client_id"],
-            "client_secret": self.config["client_secret"],
+            "client_id": self.config["client_id"] or env_client_id,
+            "client_secret": self.config["client_secret"] or env_client_secret,
             "grant_type": "refresh_token",
-            "refresh_token": self.config["refresh_token"],
+            "refresh_token": self.config["refresh_token"] or env_refresh_token,
         }
 
 

diff --git a/tap_hubspot/client.py b/tap_hubspot/client.py
@@ -1,7 +1,7 @@
 """REST client handling, including HubspotStream base class."""
 from pathlib import Path
 from typing import Any, Callable, Dict, Iterable, List, Optional
-
+import os
 import backoff
 import pytz
 import requests
@@ -52,7 +52,8 @@ def schema_filepath(self) -> Path:
     @property
     def authenticator(self) -> Union[BearerTokenAuthenticator, OAuthAuthenticator]:
         """Return a new authenticator object."""
-        if is_oauth_credentials(self.config):
+        env_refresh_token = os.getenv("TAP_HUBSPOT_REFRESH_TOKEN")
+        if is_oauth_credentials(self.config) or env_refresh_token:
             return HubSpotOAuthAuthenticator(self)
         return BearerTokenAuthenticator.create_for_stream(
             self,