From 119d3548384afad7b4de76c9c4792256e9af1879 Mon Sep 17 00:00:00 2001
From: Rafi <refaei.shikho@hotmail.com>
Date: Tue, 10 Dec 2024 11:19:46 +0100
Subject: [PATCH 1/2] add random branch name and default branch

Signed-off-by: Rafi <refaei.shikho@hotmail.com>
---
 internal/core/integrations/gitlab_integration.go | 15 ++++++++++++---
 .../core/integrations/integration_service.go     | 16 +++++++++++++---
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/internal/core/integrations/gitlab_integration.go b/internal/core/integrations/gitlab_integration.go
index 54acbb7..3f02d79 100644
--- a/internal/core/integrations/gitlab_integration.go
+++ b/internal/core/integrations/gitlab_integration.go
@@ -431,13 +431,22 @@ func (g *gitlabIntegration) AutoSetup(ctx core.Context) error {
 		return errors.Wrap(err, "could not extract project id from repo id")
 	}
 
+	project, _, err := client.GetProject(ctx.Request().Context(), projectId)
+	if err != nil {
+		return errors.Wrap(err, "could not get project")
+	}
+	defaultBranch := project.DefaultBranch
+
+	//generate a random branch name
+	branchName := fmt.Sprintf("devguard-autosetup-%s", strconv.Itoa(generateFourDigitNumber()))
+
 	projectName, err := g.getRepoNameFromProjectId(ctx, projectId)
 	if err != nil {
 		return errors.Wrap(err, "could not get project name")
 	}
 
 	templatePath := getTemplatePath(ctx.QueryParam("scanType"))
-	err = setupAndPushPipeline(accessToken, gitlabUrl, projectName, templatePath)
+	err = setupAndPushPipeline(accessToken, gitlabUrl, projectName, templatePath, branchName)
 	if err != nil {
 		return errors.Wrap(err, "could not setup and push pipeline")
 	}
@@ -448,8 +457,8 @@ func (g *gitlabIntegration) AutoSetup(ctx core.Context) error {
 
 	//create a merge request
 	mr, _, err := client.CreateMergeRequest(ctx.Request().Context(), projectName, &gitlab.CreateMergeRequestOptions{
-		SourceBranch:       gitlab.Ptr("devguard-autosetup"),
-		TargetBranch:       gitlab.Ptr("main"),
+		SourceBranch:       gitlab.Ptr(branchName),
+		TargetBranch:       gitlab.Ptr(defaultBranch),
 		Title:              gitlab.Ptr("Add devguard pipeline template"),
 		RemoveSourceBranch: gitlab.Ptr(true),
 	})
diff --git a/internal/core/integrations/integration_service.go b/internal/core/integrations/integration_service.go
index 5a3086f..45c74db 100644
--- a/internal/core/integrations/integration_service.go
+++ b/internal/core/integrations/integration_service.go
@@ -4,14 +4,18 @@ import (
 	"fmt"
 	"os"
 	"strings"
+	"time"
+
+	"math/rand"
 
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
+	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 )
 
-func setupAndPushPipeline(accessToken string, gitlabUrl string, projectName string, templatePath string) error {
+func setupAndPushPipeline(accessToken string, gitlabUrl string, projectName string, templatePath string, branchName string) error {
 	dir, err := os.MkdirTemp("", "repo-clone")
 	if err != nil {
 		return fmt.Errorf("could not create temporary directory: %v", err)
@@ -31,18 +35,19 @@ func setupAndPushPipeline(accessToken string, gitlabUrl string, projectName stri
 		return fmt.Errorf("could not clone repository: %v", err)
 	}
 	err = r.CreateBranch(&config.Branch{
-		Name: "devguard-autosetup",
+		Name: branchName,
 	})
 	if err != nil {
 		return fmt.Errorf("could not create branch: %v", err)
 	}
+
 	//go to the branch
 	w, err := r.Worktree()
 	if err != nil {
 		return fmt.Errorf("could not get worktree: %v", err)
 	}
 	err = w.Checkout(&git.CheckoutOptions{
-		Branch: "refs/heads/devguard-autosetup",
+		Branch: plumbing.NewBranchReferenceName(branchName),
 		Create: true,
 	})
 	if err != nil {
@@ -140,3 +145,8 @@ func addPipelineTemplate(content []byte, template string) string { //nolint:unus
 
 	return fileStr
 }
+
+func generateFourDigitNumber() int {
+	r := rand.New(rand.NewSource(time.Now().UnixNano()))
+	return 1000 + r.Intn(9000)
+}

From 62760e5ffdd2183bf62e348bead346f4bed3d0fe Mon Sep 17 00:00:00 2001
From: Rafi <refaei.shikho@hotmail.com>
Date: Tue, 10 Dec 2024 11:28:18 +0100
Subject: [PATCH 2/2] fix lint

Signed-off-by: Rafi <refaei.shikho@hotmail.com>
---
 internal/core/integrations/integration_service.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/core/integrations/integration_service.go b/internal/core/integrations/integration_service.go
index 45c74db..379da18 100644
--- a/internal/core/integrations/integration_service.go
+++ b/internal/core/integrations/integration_service.go
@@ -147,6 +147,6 @@ func addPipelineTemplate(content []byte, template string) string { //nolint:unus
 }
 
 func generateFourDigitNumber() int {
-	r := rand.New(rand.NewSource(time.Now().UnixNano()))
+	r := rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec // we don't need a secure random number here
 	return 1000 + r.Intn(9000)
 }