README ¶
GitHub Analyzer
Analyze GitHub repositories and produce reports.
Build and Install
Note Make sure
go 1.21.0
or above is installed beforemake
.
To build and install gha
to ~/bin
on Linux, simply run
make install
Tutorial
Analyzing a GitHub repository requires two steps:
gha snapshot
to fetch raw information from GitHub API- Personal Access Token (PAT) is required to be set to the environment variable
GITHUB_TOKEN
if throttled
- Personal Access Token (PAT) is required to be set to the environment variable
gha report
orgha pr-review
to generate a markdown report from raw information fetched above.
Examples
Take Snapshot
$ gha snapshot --pr-reviews --pr-reviews-ago 365 notaryproject/notation
........
Fetched 714 issues and pull requests
Saved snapshot to notaryproject_notation_20230719_234453_snapshot.json
Fetching reviews of 291 pull requests since 2022-07-19...
.................................................. 17.18%
.................................................. 34.36%
.................................................. 51.54%
.................................................. 68.72%
.................................................. 85.91%
......................................... 100.00%
Saved pull request reviews to notaryproject_notation_20230719_234809_reviews.json
Analyze Snapshot
$ gha report --ago 90 notaryproject_notation_20230719_234453_snapshot.json
GitHub Analysis Report
======================
- Start Date: `2023-04-20 16:06:32`
## notaryproject_notation_20230719_234453_snapshot.json
Issues
- Total: 43
- Open: 24
- Closed: 19
- Time to close:
- Min: 43s
- Max: 1mo 12d
- Mean: 6d 8h
- Median: 3d 6h
- 90th percentile: 10d 10h
- 95th percentile: 12d 19h
- 99th percentile: 12d 19h
Pull Requests
- Total: 64
- Open: 12
- Closed: 13
- Merged: 39
- Time to merge:
- Min: 16m 50s
- Max: 25d 21h
- Mean: 3d 22h
- Median: 2d 18h
- 90th percentile: 8d 4h
- 95th percentile: 9d 17h
- 99th percentile: 15d 15h
$ gha pr-review --ago 90 notaryproject_notation_20230719_234809_reviews.json
Pull Request Review Count
==========================
- Start Date: `2023-04-20 16:06:57`
## notaryproject_notation_20230719_234809_reviews.json
| Reviewer | Count | |
|-----------------|-------|------------------------------------------------------|
| priteshbandi | 50 | ` ` |
| shizhMSFT | 46 | ` ` |
| JeyJeyGao | 30 | ` ` |
| Two-Hearts | 29 | ` ` |
| FeynmanZhou | 9 | ` ` |
| yizha1 | 8 | ` ` |
| patrickzheng200 | 6 | ` ` |
| rgnote | 5 | ` ` |
| gokarnm | 4 | ` ` |
| Wwwsylvia | 3 | ` ` |
| sajayantony | 3 | ` ` |
| zr-msft | 2 | ` ` |
| wangxiaoxuan273 | 1 | ` ` |
| toddysm | 1 | ` ` |
| vaninrao10 | 1 | ` ` |
| tungbq | 1 | ` ` |
| duffney | 1 | ` ` |
| ningziwen | 1 | ` ` |
| qweeah | 1 | ` ` |
| byronchien | 1 | ` ` |
Analyze Issue Comments
$ gha snapshot --issue-comments --issue-comments-since 2023-01-01 notaryproject/notation
........
Fetched 734 issues and pull requests
Saved snapshot to notaryproject_notation_20230828_093829_snapshot.json
Fetching comments of 264 issues since 2023-01-01...
.................................................. 18.93%
.................................................. 37.87%
.................................................. 56.81%
.................................................. 75.75%
.................................................. 94.69%
.............. 100.00%
Saved issue comments to notaryproject_notation_20230828_094020_comments.json
$ # Download CODEOWNERS or MAINTAINERS. Both work.
$ wget https://raw.githubusercontent.com/notaryproject/notation/main/MAINTAINERS
--2023-08-28 23:10:54-- https://raw.githubusercontent.com/notaryproject/notation/main/MAINTAINERS
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 682 [text/plain]
Saving to: ‘MAINTAINERS’
MAINTAINERS 100%[=================================================>] 682 --.-KB/s in 0s
2023-08-28 23:10:55 (15.4 MB/s) - ‘MAINTAINERS’ saved [682/682]
$ gha issue-comment --maintainers MAINTAINERS --start-date 2023-01-01 --sla 14 notaryproject_notation_20230828_093829_snapshot.json notaryproject_notation_20230828_094020_comments.json
Issue Comment Summary
=====================
- Start Date: `2023-01-01 00:00:00`
## Maintainers
- @justincormack
- @niazfk
- @stevelasker
- @JeyJeyGao
- @gokarnm
- @Two-Hearts
- @priteshbandi
- @rgnote
- @shizhMSFT
## First Response Time
- Non-maintainer issues: 79
- Responded: 26
- Min: 2m 8s
- Max: 5mo 26d
- Mean: 21d 20h
- Median: 8d 13h
- 90th percentile: 1mo 10d
- 95th percentile: 1mo 17d
- 99th percentile: 3mo 5d
- No Response: 53
### Out of SLA: 14 Days
| #Issue | Duration | Title |
|--------|----------|-------------------------------------------------------------------------------------------|
| #506 | 7mo 17d | doc: notation Inspect Command line Spec - Phase 2 |
| #508 | 7mo 16d | CLI switch to store signatures using OCI image manifest. |
| #513 | 7mo 5d | Notation Verify should warnings output to Stderr |
| #539 | 6mo 22d | Signing with local private keys |
| #545 | 6mo 19d | Add a helper function in ioutil to PrintObjectAsTree |
| #548 | 6mo 19d | CLI Cmds for trust policy management - phase 1 |
| #570 | 6mo 2d | Add Notation CLI to Winget package manager |
| #574 | 6mo 1d | Change the default signature manifest |
| #575 | 6mo | Verify referrers API when pushing image manifest |
| #578 | 5mo 28d | Documenting the security process for Notation |
| #571 | 5mo 26d | Create a Homebrew formula for Notation CLI |
| #584 | 5mo 24d | Add an example to CLI help info for notation signing |
| #586 | 5mo 24d | Update references from Notary v2 to Notation |
| #587 | 5mo 18d | Login without credential helper |
| #590 | 5mo 16d | Discussion of out of box experience for trust policy |
| #596 | 5mo 8d | add labels for features subject to changes with proper doc |
| #597 | 5mo 7d | Sign/verify OCI image layout |
| #599 | 5mo 7d | Print manifests as part of the `--debug` option |
| #600 | 5mo 6d | Simplify Docker Credential Helper configuration for Notation authentication |
| #604 | 5mo 1d | Notation delete returns confusing message |
| #605 | 5mo 1d | Fix the text for notation version |
| #609 | 4mo 28d | [Usability Issue] Cert list is not helpful and just lists the files |
| #610 | 4mo 27d | [Usability Issue] `notation inspect` help is missing |
| #614 | 4mo 26d | Support experimental feature |
| #618 | 4mo 25d | `notation sign` error messages are not helpful to understand what parameter is missing |
| #620 | 4mo 23d | Improve the messages for `notation verify` |
| #622 | 4mo 22d | `notation cert delete` confirms deletion without doing anything |
| #624 | 4mo 20d | Improve the output message of `notation inspect` images without signatures |
| #625 | 4mo 20d | Error message too general for `notation verify` command |
| #628 | 4mo 19d | Notation CLI guideline and CLI spec template |
| #630 | 4mo 17d | Introduce an experimental flag to enable backward compatibility with OCI registries |
| #631 | 4mo 16d | Support adding public key to trust store by specifying URL |
| #633 | 4mo 13d | Missing e2e test cases for flag `--plain-http` |
| #635 | 4mo 13d | Use SHA2 in output of notation inspect |
| #637 | 4mo 10d | [Usability issue] Notation login error message is confusing |
| #638 | 4mo 10d | Add E2E test cases for validating certificate revocation with OCSP |
| #640 | 4mo 9d | Release Notation CLI v1.0.0-rc.4 |
| #642 | 4mo 8d | Decide on main commit for a release: 6cd6555 and PR bump up versions |
| #644 | 4mo 7d | Improve the output for notation plugin |
| #645 | 4mo 5d | Examples were shown for experimental feature |
| #646 | 4mo 5d | Missing annotations in the output of `notation inspect` |
| #652 | 4mo 4d | Requesting UX improvement in signing and verifying with user metadata via Notation CLI |
| #655 | 4mo 1d | Image Verification for containerd |
| #662 | 3mo 20d | Trace the execution of executables |
| #667 | 3mo 15d | Low code coverage (33%) reported for notation main branch |
| #681 | 3mo 6d | docs: `notation login` error message improvement |
| #549 | 3mo 5d | Improved Plugin installation UX - phase 1 |
| #695 | 3mo | feat: Print out the signature digest when sign an artifact |
| #697 | 2mo 29d | `notation login` fails to detect existing credentials for `docker.io` |
| #704 | 2mo 23d | Improve error output for notation plugin |
| #705 | 2mo 23d | Use existing credentials to auth to remote registries |
| #706 | 2mo 23d | Check the license header for Notation and its dependencies |
| #715 | 2mo 12d | Update the README for the repository |
| #718 | 2mo 8d | Add Golang lint to GitHub Actions for static Go code formatting scanning |
| #728 | 2mo 1d | Add --force to notation key add |
| #621 | 1mo 17d | Improve the error for missing trust policy |
| #598 | 1mo 10d | Add ability to redirect --debug logs to file |
| #634 | 1mo 6d | Standardize symlink checking per trust store spec |
| #623 | 28d 22h | Flag `--plain-http` didn't explicitly remind users the insecure connection to registries |
| #647 | 21d 21h | Support clean up the source key and certificate generated by Notation |
| #653 | 21d 1h | `notation policy init` command is necessary for user experiences |
| #503 | 20d 21h | Improve Notation authentication experience |
| #759 | 18d 1h | Add support for multiple trust policies |
| #721 | 17d 19h | Read certificate from windows certificate store |
| #519 | 15d 6h | Update the branch policies for the repository |
Click to show internal directories.
Click to hide internal directories.