in src/lambdas/custodian_rule_meta_updater/handler.py [0:0]
def pull_rules(self, ids: list[str]):
for (
rule_source,
secret,
) in self._rule_source_service.iter_by_ids_with_secrets(ids):
self._rule_source_service.update_latest_sync(
rule_source, RuleSourceSyncingStatus.SYNCING
)
client = self._rule_source_service.derive_git_client(
rule_source, secret
)
if not client:
_LOG.warning(
f'Cannot derive git client from '
f'rule source: {rule_source}'
)
self._rule_source_service.update_latest_sync(
rule_source, RuleSourceSyncingStatus.FAILED
)
continue
with tempfile.TemporaryDirectory() as folder:
root = self._download_rule_source(
item=rule_source, client=client, buffer=folder
)
if not root:
_LOG.warning('Could not clone repo')
self._rule_source_service.update_latest_sync(
rule_source, RuleSourceSyncingStatus.FAILED
)
continue
rules = list(self._load_rules(rule_source, root))
# because otherwise we cannot detect whether some rules were
# removed from GitHub
_LOG.debug('Removing old versions of rules')
cursor = self._rule_service.get_by_rule_source(rule_source)
self._rule_service.batch_delete(cursor)
try:
_LOG.info('Going to query git blame for rules')
self.expand_with_commit_hash(rules, client)
_LOG.info(
f'Saving: {len(rules)} for rule-souce: {rule_source.id}'
)
self._rule_service.batch_save(rules)
except Exception as e:
_LOG.error(
f'Unexpected error occurred trying ' f'to save rules: {e}'
)
self._rule_source_service.update_latest_sync(
rule_source, RuleSourceSyncingStatus.FAILED
)
else:
self._rule_source_service.update_latest_sync(
rule_source, RuleSourceSyncingStatus.SYNCED, utc_iso()
)