From cfab22f69939bf74599938bd77e77c4d80b9f59f Mon Sep 17 00:00:00 2001 From: Nish Sinha Date: Thu, 8 Jun 2023 13:48:27 -0400 Subject: [PATCH 1/6] Add dependency group metadata --- README.md | 2 ++ src/dependabot/output.ts | 3 +++ src/dependabot/update_metadata.ts | 6 +++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b253dc7d..46e25b85 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,8 @@ Subsequent actions will have access to the following outputs: - If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0). - `steps.dependabot-metadata.outputs.maintainer-changes` - Whether or not the the body of this PR contains the phrase "Maintainer changes" which is an indicator of whether or not any maintainers have changed. +- `steps.dependabot-metadata.outputs.dependency-group` + - The dependency group that the PR is associated with (otherwise it is an empty string). **Note:** By default, these outputs will only be populated if the target Pull Request was opened by Dependabot and contains **only** Dependabot-created commits. To override, see `skip-commit-verification` / `skip-verification`. diff --git a/src/dependabot/output.ts b/src/dependabot/output.ts index 3748c9ff..dda815e2 100644 --- a/src/dependabot/output.ts +++ b/src/dependabot/output.ts @@ -28,6 +28,7 @@ export function set (updatedDependencies: Array): void { const newVersion = firstDependency?.newVersion const compatScore = firstDependency?.compatScore const maintainerChanges = firstDependency?.maintainerChanges + const dependencyGroup = firstDependency?.dependencyGroup const alertState = firstDependency?.alertState const ghsaId = firstDependency?.ghsaId const cvss = firstDependency?.cvss @@ -43,6 +44,7 @@ export function set (updatedDependencies: Array): void { core.info(`outputs.new-version: ${newVersion}`) core.info(`outputs.compatibility-score: ${compatScore}`) core.info(`outputs.maintainer-changes: ${maintainerChanges}`) + core.info(`outputs.dependency-group: ${dependencyGroup}`) core.info(`outputs.alert-state: ${alertState}`) core.info(`outputs.ghsa-id: ${ghsaId}`) core.info(`outputs.cvss: ${cvss}`) @@ -59,6 +61,7 @@ export function set (updatedDependencies: Array): void { core.setOutput('new-version', newVersion) core.setOutput('compatibility-score', compatScore) core.setOutput('maintainer-changes', maintainerChanges) + core.setOutput('dependency-group', dependencyGroup) core.setOutput('alert-state', alertState) core.setOutput('ghsa-id', ghsaId) core.setOutput('cvss', cvss) diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts index 244f2ac6..5ba3667a 100644 --- a/src/dependabot/update_metadata.ts +++ b/src/dependabot/update_metadata.ts @@ -16,7 +16,8 @@ export interface updatedDependency extends dependencyAlert { prevVersion: string, newVersion: string, compatScore: number, - maintainerChanges: boolean + maintainerChanges: boolean, + dependencyGroup: string } export interface alertLookup { @@ -31,6 +32,7 @@ export async function parse (commitMessage: string, body: string, branchName: st const bumpFragment = commitMessage.match(/^Bumps .* from (?v?\d[^ ]*) to (?v?\d[^ ]*)\.$/m) const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?v?\d\S*) to \S*? ?(?v?\d\S*)$/m) const yamlFragment = commitMessage.match(/^-{3}\n(?[\S|\s]*?)\n^\.{3}\n/m) + const groupName = body.match(/^Bumps the (?\S*) group with/m) const newMaintainer = !!body.match(/Maintainer changes/m) const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })) const scoreFn = getScore ?? (() => Promise.resolve(0)) @@ -43,6 +45,7 @@ export async function parse (commitMessage: string, body: string, branchName: st const chunks = branchName.split(delim) const prev = bumpFragment?.groups?.from ?? (updateFragment?.groups?.from ?? '') const next = bumpFragment?.groups?.to ?? (updateFragment?.groups?.to ?? '') + const dependencyGroup = groupName?.groups?.name ?? '' if (data['updated-dependencies']) { return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => { @@ -61,6 +64,7 @@ export async function parse (commitMessage: string, body: string, branchName: st newVersion: nextVersion, compatScore: await scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]), maintainerChanges: newMaintainer, + dependencyGroup: dependencyGroup, ...await lookupFn(dependency['dependency-name'], lastVersion, dirname) } })) From b3648a31bdf3be13e26ccd15deac77954f1dd3b1 Mon Sep 17 00:00:00 2001 From: Nish Sinha Date: Thu, 8 Jun 2023 13:52:48 -0400 Subject: [PATCH 2/6] Use commit data to infer dependency groups instead of the PR body --- src/dependabot/update_metadata.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts index 5ba3667a..af937a00 100644 --- a/src/dependabot/update_metadata.ts +++ b/src/dependabot/update_metadata.ts @@ -32,7 +32,7 @@ export async function parse (commitMessage: string, body: string, branchName: st const bumpFragment = commitMessage.match(/^Bumps .* from (?v?\d[^ ]*) to (?v?\d[^ ]*)\.$/m) const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?v?\d\S*) to \S*? ?(?v?\d\S*)$/m) const yamlFragment = commitMessage.match(/^-{3}\n(?[\S|\s]*?)\n^\.{3}\n/m) - const groupName = body.match(/^Bumps the (?\S*) group with/m) + const groupName = commitMessage.match(/^Bumps the (?\S*) group with/m) const newMaintainer = !!body.match(/Maintainer changes/m) const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })) const scoreFn = getScore ?? (() => Promise.resolve(0)) From 9e8fb5b31bffc46285ed71aef2a5e7d878ad4f10 Mon Sep 17 00:00:00 2001 From: Nish Sinha Date: Thu, 8 Jun 2023 14:57:21 -0400 Subject: [PATCH 3/6] Add tests for grouped updates --- src/dependabot/output.test.ts | 2 + src/dependabot/update_metadata.test.ts | 47 ++++++++++ src/dependabot/update_metadata.ts | 2 +- src/main.test.ts | 115 +++++++++++++++++++++++++ 4 files changed, 165 insertions(+), 1 deletion(-) diff --git a/src/dependabot/output.test.ts b/src/dependabot/output.test.ts index 80d46ee9..59e1e5f6 100644 --- a/src/dependabot/output.test.ts +++ b/src/dependabot/output.test.ts @@ -20,6 +20,7 @@ const baseDependency = { newVersion: '', compatScore: 0, maintainerChanges: false, + dependencyGroup: '', alertState: '', ghsaId: '', cvss: 0 @@ -38,6 +39,7 @@ test('when given a single dependency it sets its values', async () => { newVersion: '1.1.3-beta', compatScore: 43, maintainerChanges: true, + dependencyGroup: '', alertState: 'FIXED', ghsaId: 'VERY_LONG_ID', cvss: 4.6 diff --git a/src/dependabot/update_metadata.test.ts b/src/dependabot/update_metadata.test.ts index 83592f61..3569473d 100644 --- a/src/dependabot/update_metadata.test.ts +++ b/src/dependabot/update_metadata.test.ts @@ -61,6 +61,7 @@ test('it returns the updated dependency information when there is a yaml fragmen expect(updatedDependencies[0].alertState).toEqual('DISMISSED') expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB') expect(updatedDependencies[0].cvss).toEqual(4.6) + expect(updatedDependencies[0].dependencyGroup).toEqual('') }) test('it supports multiple dependencies within a single fragment', async () => { @@ -122,6 +123,8 @@ test('it supports multiple dependencies within a single fragment', async () => { expect(updatedDependencies[0].alertState).toEqual('DISMISSED') expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB') expect(updatedDependencies[0].cvss).toEqual(4.6) + expect(updatedDependencies[0].dependencyGroup).toEqual('') + expect(updatedDependencies[0].dependencyGroup).toEqual('') expect(updatedDependencies[1].dependencyName).toEqual('coffeescript') expect(updatedDependencies[1].dependencyType).toEqual('indirect') @@ -135,6 +138,7 @@ test('it supports multiple dependencies within a single fragment', async () => { expect(updatedDependencies[1].alertState).toEqual('') expect(updatedDependencies[1].ghsaId).toEqual('') expect(updatedDependencies[1].cvss).toEqual(0) + expect(updatedDependencies[1].dependencyGroup).toEqual('') }) test('it returns the updated dependency information when there is a leading v in the commit message versions', async () => { @@ -170,6 +174,47 @@ test('it returns the updated dependency information when there is a leading v in expect(updatedDependencies[0].alertState).toEqual('DISMISSED') expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB') expect(updatedDependencies[0].cvss).toEqual(4.6) + expect(updatedDependencies[0].dependencyGroup).toEqual('') +}) + +test('it supports returning information about grouped updates', async () => { + const commitMessage = + 'Bumps the docker group with 3 updates: [github.com/docker/cli](https://github.com/docker/cli), [github.com/docker/docker](https://github.com/docker/docker) and [github.com/moby/moby](https://github.com/moby/moby).\n' + + '\n' + + 'Updates `github.com/docker/cli` from 24.0.1+incompatible to 24.0.2+incompatible\n' + + '- [Commits](docker/cli@v24.0.1...v24.0.2)\n' + + '\n' + + 'Updates `github.com/docker/docker` from 24.0.1+incompatible to 24.0.2+incompatible\n' + + '- [Release notes](https://github.com/docker/docker/releases)\n' + + '- [Commits](moby/moby@v24.0.1...v24.0.2)\n' + + '\n' + + 'Updates `github.com/moby/moby` from 24.0.1+incompatible to 24.0.2+incompatible\n' + + '- [Release notes](https://github.com/moby/moby/releases)\n' + + '- [Commits](moby/moby@v24.0.1...v24.0.2)\n' + + '\n' + + '---\n' + + 'updated-dependencies:\n' + + '- dependency-name: github.com/docker/cli\n' + + ' dependency-type: direct:production\n' + + ' update-type: version-update:semver-patch\n' + + '- dependency-name: github.com/docker/docker\n' + + ' dependency-type: direct:production\n' + + ' update-type: version-update:semver-patch\n' + + '- dependency-name: github.com/moby/moby\n' + + ' dependency-type: direct:production\n' + + ' update-type: version-update:semver-patch\n' + + '...\n' + + '\n' + + 'Signed-off-by: dependabot[bot] \n' + + const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 }) + const getScore = async () => Promise.resolve(43) + const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot/docker/gh-base-image/docker-1234566789', 'main', getAlert, getScore) + + expect(updatedDependencies).toHaveLength(3) + + expect(updatedDependencies[0].dependencyName).toEqual('github.com/docker/cli') + expect(updatedDependencies[0].dependencyGroup).toEqual('docker') }) test('it only returns information within the first fragment if there are multiple yaml documents', async () => { @@ -211,6 +256,7 @@ test('it only returns information within the first fragment if there are multipl expect(updatedDependencies[0].alertState).toEqual('') expect(updatedDependencies[0].ghsaId).toEqual('') expect(updatedDependencies[0].cvss).toEqual(0) + expect(updatedDependencies[0].dependencyGroup).toEqual('') }) test('it properly handles dependencies which contain slashes', async () => { @@ -247,6 +293,7 @@ test('it properly handles dependencies which contain slashes', async () => { expect(updatedDependencies[0].alertState).toEqual('') expect(updatedDependencies[0].ghsaId).toEqual('') expect(updatedDependencies[0].cvss).toEqual(0) + expect(updatedDependencies[0].dependencyGroup).toEqual('') }) test('calculateUpdateType should handle all paths', () => { diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts index af937a00..edc67663 100644 --- a/src/dependabot/update_metadata.ts +++ b/src/dependabot/update_metadata.ts @@ -45,7 +45,7 @@ export async function parse (commitMessage: string, body: string, branchName: st const chunks = branchName.split(delim) const prev = bumpFragment?.groups?.from ?? (updateFragment?.groups?.from ?? '') const next = bumpFragment?.groups?.to ?? (updateFragment?.groups?.to ?? '') - const dependencyGroup = groupName?.groups?.name ?? '' + const dependencyGroup = groupName?.groups?.name ?? '' if (data['updated-dependencies']) { return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => { diff --git a/src/main.test.ts b/src/main.test.ts index f0fbeda1..f47b2586 100644 --- a/src/main.test.ts +++ b/src/main.test.ts @@ -112,6 +112,7 @@ test('it sets the updated dependency as an output for subsequent actions when gi newVersion: '4.2.2', compatScore: 0, maintainerChanges: false, + dependencyGroup: '', alertState: '', ghsaId: '', cvss: 0 @@ -129,6 +130,7 @@ test('it sets the updated dependency as an output for subsequent actions when gi expect(core.setOutput).toBeCalledWith('new-version', '4.2.2') expect(core.setOutput).toBeCalledWith('compatibility-score', 0) expect(core.setOutput).toBeCalledWith('maintainer-changes', false) + expect(core.setOutput).toBeCalledWith('dependency-group', '') expect(core.setOutput).toBeCalledWith('alert-state', '') expect(core.setOutput).toBeCalledWith('ghsa-id', '') expect(core.setOutput).toBeCalledWith('cvss', 0) @@ -179,6 +181,7 @@ test('it sets the updated dependency as an output for subsequent actions when th directory: '/', packageEcosystem: 'nuget', maintainerChanges: false, + dependencyGroup: '', targetBranch: 'main', prevVersion: 'v4.0.1', newVersion: 'v4.2.2', @@ -200,11 +203,118 @@ test('it sets the updated dependency as an output for subsequent actions when th expect(core.setOutput).toBeCalledWith('new-version', 'v4.2.2') expect(core.setOutput).toBeCalledWith('compatibility-score', 0) expect(core.setOutput).toBeCalledWith('maintainer-changes', false) + expect(core.setOutput).toBeCalledWith('dependency-group', '') expect(core.setOutput).toBeCalledWith('alert-state', '') expect(core.setOutput).toBeCalledWith('ghsa-id', '') expect(core.setOutput).toBeCalledWith('cvss', 0) }) +test('it supports returning information about grouped updates', async () => { + const mockCommitMessage = + 'Bumps the docker group with 3 updates: [github.com/docker/cli](https://github.com/docker/cli), [github.com/docker/docker](https://github.com/docker/docker) and [github.com/moby/moby](https://github.com/moby/moby).\n' + + '\n' + + 'Updates `github.com/docker/cli` from 24.0.1+incompatible to 24.0.2+incompatible\n' + + '- [Commits](docker/cli@v24.0.1...v24.0.2)\n' + + '\n' + + 'Updates `github.com/docker/docker` from 24.0.1+incompatible to 24.0.2+incompatible\n' + + '- [Release notes](https://github.com/docker/docker/releases)\n' + + '- [Commits](moby/moby@v24.0.1...v24.0.2)\n' + + '\n' + + 'Updates `github.com/moby/moby` from 24.0.1+incompatible to 24.0.2+incompatible\n' + + '- [Release notes](https://github.com/moby/moby/releases)\n' + + '- [Commits](moby/moby@v24.0.1...v24.0.2)\n' + + '\n' + + '---\n' + + 'updated-dependencies:\n' + + '- dependency-name: github.com/docker/cli\n' + + ' dependency-type: direct:production\n' + + ' update-type: version-update:semver-patch\n' + + '- dependency-name: github.com/docker/docker\n' + + ' dependency-type: direct:production\n' + + ' update-type: version-update:semver-patch\n' + + '- dependency-name: github.com/moby/moby\n' + + ' dependency-type: direct:production\n' + + ' update-type: version-update:semver-patch\n' + + '...\n' + + '\n' + + 'Signed-off-by: dependabot[bot] \n' + + const mockAlert = { alertState: '', ghsaId: '', cvss: 0 } + + jest.spyOn(core, 'getInput').mockReturnValue('mock-token') + jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot/docker/gh-base-image/docker-1234566789', baseName: 'trunk' }) + jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn( + () => Promise.resolve(mockCommitMessage) + )) + jest.spyOn(dependabotCommits, 'getAlert').mockImplementation(jest.fn( + () => Promise.resolve(mockAlert) + )) + jest.spyOn(dependabotCommits, 'getCompatibility').mockImplementation(jest.fn( + () => Promise.resolve(34) + )) + jest.spyOn(core, 'setOutput').mockImplementation(jest.fn()) + + await run() + + expect(core.startGroup).toHaveBeenCalledWith( + expect.stringContaining('Outputting metadata for 3 updated dependencies') + ) + + expect(core.setOutput).toHaveBeenCalledWith( + 'updated-dependencies-json', + [ + { + dependencyName: 'github.com/docker/cli', + dependencyType: 'direct:production', + updateType: 'version-update:semver-patch', + directory: '/', + packageEcosystem: 'docker', + targetBranch: 'trunk', + prevVersion: '24.0.1', + newVersion: '24.0.2', + compatScore: 34, + maintainerChanges: false, + dependencyGroup: 'docker', + alertState: '', + ghsaId: '', + cvss: 0 + }, + { + dependencyName: 'github.com/docker/docker', + dependencyType: 'direct:production', + updateType: 'version-update:semver-patch', + directory: '/', + packageEcosystem: 'docker', + targetBranch: 'trunk', + prevVersion: '24.0.1', + newVersion: '24.0.2', + compatScore: 34, + maintainerChanges: false, + dependencyGroup: 'docker', + alertState: '', + ghsaId: '', + cvss: 0 + }, + { + dependencyName: 'github.com/moby/moby', + dependencyType: 'direct:production', + updateType: 'version-update:semver-patch', + directory: '/', + packageEcosystem: 'docker', + targetBranch: 'trunk', + prevVersion: '24.0.1', + newVersion: '24.0.2', + compatScore: 34, + maintainerChanges: false, + dependencyGroup: 'docker', + alertState: '', + ghsaId: '', + cvss: 0 + } + ] + ) +}) + test('it sets the updated dependency as an output for subsequent actions when given a commit message for library', async () => { const mockCommitMessage = 'Update rubocop requirement from ~> 1.30.1 to ~> 1.31.0\n' + @@ -253,6 +363,7 @@ test('it sets the updated dependency as an output for subsequent actions when gi packageEcosystem: 'bundler', targetBranch: 'main', maintainerChanges: false, + dependencyGroup: '', prevVersion: '1.30.1', newVersion: '1.31.0', compatScore: 0, @@ -273,6 +384,7 @@ test('it sets the updated dependency as an output for subsequent actions when gi expect(core.setOutput).toBeCalledWith('new-version', '1.31.0') expect(core.setOutput).toBeCalledWith('compatibility-score', 0) expect(core.setOutput).toBeCalledWith('maintainer-changes', false) + expect(core.setOutput).toBeCalledWith('dependency-group', '') expect(core.setOutput).toBeCalledWith('alert-state', '') expect(core.setOutput).toBeCalledWith('ghsa-id', '') expect(core.setOutput).toBeCalledWith('cvss', 0) @@ -332,6 +444,7 @@ test('if there are multiple dependencies, it summarizes them', async () => { newVersion: '4.2.2', compatScore: 34, maintainerChanges: false, + dependencyGroup: '', alertState: '', ghsaId: '', cvss: 0 @@ -347,6 +460,7 @@ test('if there are multiple dependencies, it summarizes them', async () => { newVersion: '', compatScore: 34, maintainerChanges: false, + dependencyGroup: '', alertState: '', ghsaId: '', cvss: 0 @@ -364,6 +478,7 @@ test('if there are multiple dependencies, it summarizes them', async () => { expect(core.setOutput).toBeCalledWith('new-version', '4.2.2') expect(core.setOutput).toBeCalledWith('compatibility-score', 34) expect(core.setOutput).toBeCalledWith('maintainer-changes', false) + expect(core.setOutput).toBeCalledWith('dependency-group', '') expect(core.setOutput).toBeCalledWith('alert-state', '') expect(core.setOutput).toBeCalledWith('ghsa-id', '') expect(core.setOutput).toBeCalledWith('cvss', 0) From b534cb5e81bd66664f33772f7d740d370980104d Mon Sep 17 00:00:00 2001 From: Nish Sinha Date: Thu, 8 Jun 2023 15:00:44 -0400 Subject: [PATCH 4/6] FIXME: prevVersion and newVersion are blank for grouped updates --- src/main.test.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main.test.ts b/src/main.test.ts index f47b2586..cee29499 100644 --- a/src/main.test.ts +++ b/src/main.test.ts @@ -270,8 +270,8 @@ test('it supports returning information about grouped updates', async () => { directory: '/', packageEcosystem: 'docker', targetBranch: 'trunk', - prevVersion: '24.0.1', - newVersion: '24.0.2', + prevVersion: '', + newVersion: '', compatScore: 34, maintainerChanges: false, dependencyGroup: 'docker', @@ -286,8 +286,8 @@ test('it supports returning information about grouped updates', async () => { directory: '/', packageEcosystem: 'docker', targetBranch: 'trunk', - prevVersion: '24.0.1', - newVersion: '24.0.2', + prevVersion: '', + newVersion: '', compatScore: 34, maintainerChanges: false, dependencyGroup: 'docker', @@ -302,8 +302,8 @@ test('it supports returning information about grouped updates', async () => { directory: '/', packageEcosystem: 'docker', targetBranch: 'trunk', - prevVersion: '24.0.1', - newVersion: '24.0.2', + prevVersion: '', + newVersion: '', compatScore: 34, maintainerChanges: false, dependencyGroup: 'docker', From b8e8f8c79b53f5dff2baa6697bc5ff9a9cd133ae Mon Sep 17 00:00:00 2001 From: Nish Sinha Date: Thu, 22 Jun 2023 16:04:51 -0400 Subject: [PATCH 5/6] Pull the group name from commit metadata --- src/dependabot/update_metadata.test.ts | 3 +++ src/dependabot/update_metadata.ts | 2 +- src/main.test.ts | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/dependabot/update_metadata.test.ts b/src/dependabot/update_metadata.test.ts index 3569473d..63a8cb94 100644 --- a/src/dependabot/update_metadata.test.ts +++ b/src/dependabot/update_metadata.test.ts @@ -197,12 +197,15 @@ test('it supports returning information about grouped updates', async () => { '- dependency-name: github.com/docker/cli\n' + ' dependency-type: direct:production\n' + ' update-type: version-update:semver-patch\n' + + ' dependency-group: docker\n' + '- dependency-name: github.com/docker/docker\n' + ' dependency-type: direct:production\n' + ' update-type: version-update:semver-patch\n' + + ' dependency-group: docker\n' + '- dependency-name: github.com/moby/moby\n' + ' dependency-type: direct:production\n' + ' update-type: version-update:semver-patch\n' + + ' dependency-group: docker\n' + '...\n' + '\n' + 'Signed-off-by: dependabot[bot] \n' diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts index edc67663..64174ed2 100644 --- a/src/dependabot/update_metadata.ts +++ b/src/dependabot/update_metadata.ts @@ -32,7 +32,7 @@ export async function parse (commitMessage: string, body: string, branchName: st const bumpFragment = commitMessage.match(/^Bumps .* from (?v?\d[^ ]*) to (?v?\d[^ ]*)\.$/m) const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?v?\d\S*) to \S*? ?(?v?\d\S*)$/m) const yamlFragment = commitMessage.match(/^-{3}\n(?[\S|\s]*?)\n^\.{3}\n/m) - const groupName = commitMessage.match(/^Bumps the (?\S*) group with/m) + const groupName = commitMessage.match(/dependency-group:\s(?\S*)/m) const newMaintainer = !!body.match(/Maintainer changes/m) const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })) const scoreFn = getScore ?? (() => Promise.resolve(0)) diff --git a/src/main.test.ts b/src/main.test.ts index cee29499..fb73e7c4 100644 --- a/src/main.test.ts +++ b/src/main.test.ts @@ -229,12 +229,15 @@ test('it supports returning information about grouped updates', async () => { '- dependency-name: github.com/docker/cli\n' + ' dependency-type: direct:production\n' + ' update-type: version-update:semver-patch\n' + + ' dependency-group: docker\n' + '- dependency-name: github.com/docker/docker\n' + ' dependency-type: direct:production\n' + ' update-type: version-update:semver-patch\n' + + ' dependency-group: docker\n' + '- dependency-name: github.com/moby/moby\n' + ' dependency-type: direct:production\n' + ' update-type: version-update:semver-patch\n' + + ' dependency-group: docker\n' + '...\n' + '\n' + 'Signed-off-by: dependabot[bot] \n' From 11c0ea46b84ffe4f9b29d1e1742ba1604045b2a5 Mon Sep 17 00:00:00 2001 From: Nish Sinha Date: Mon, 26 Jun 2023 14:42:38 -0400 Subject: [PATCH 6/6] build --- dist/index.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index 4b204538..5f93d612 100644 --- a/dist/index.js +++ b/dist/index.js @@ -9994,6 +9994,7 @@ function set(updatedDependencies) { const newVersion = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.newVersion; const compatScore = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.compatScore; const maintainerChanges = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.maintainerChanges; + const dependencyGroup = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.dependencyGroup; const alertState = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.alertState; const ghsaId = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.ghsaId; const cvss = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.cvss; @@ -10008,6 +10009,7 @@ function set(updatedDependencies) { core.info(`outputs.new-version: ${newVersion}`); core.info(`outputs.compatibility-score: ${compatScore}`); core.info(`outputs.maintainer-changes: ${maintainerChanges}`); + core.info(`outputs.dependency-group: ${dependencyGroup}`); core.info(`outputs.alert-state: ${alertState}`); core.info(`outputs.ghsa-id: ${ghsaId}`); core.info(`outputs.cvss: ${cvss}`); @@ -10023,6 +10025,7 @@ function set(updatedDependencies) { core.setOutput('new-version', newVersion); core.setOutput('compatibility-score', compatScore); core.setOutput('maintainer-changes', maintainerChanges); + core.setOutput('dependency-group', dependencyGroup); core.setOutput('alert-state', alertState); core.setOutput('ghsa-id', ghsaId); core.setOutput('cvss', cvss); @@ -10087,11 +10090,12 @@ Object.defineProperty(exports, "__esModule", ({ value: true })); exports.calculateUpdateType = exports.parse = void 0; const YAML = __importStar(__nccwpck_require__(4083)); function parse(commitMessage, body, branchName, mainBranch, lookup, getScore) { - var _a, _b, _c, _d, _e, _f, _g, _h; + var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k; return __awaiter(this, void 0, void 0, function* () { const bumpFragment = commitMessage.match(/^Bumps .* from (?v?\d[^ ]*) to (?v?\d[^ ]*)\.$/m); const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?v?\d\S*) to \S*? ?(?v?\d\S*)$/m); const yamlFragment = commitMessage.match(/^-{3}\n(?[\S|\s]*?)\n^\.{3}\n/m); + const groupName = commitMessage.match(/dependency-group:\s(?\S*)/m); const newMaintainer = !!body.match(/Maintainer changes/m); const lookupFn = lookup !== null && lookup !== void 0 ? lookup : (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })); const scoreFn = getScore !== null && getScore !== void 0 ? getScore : (() => Promise.resolve(0)); @@ -10102,13 +10106,14 @@ function parse(commitMessage, body, branchName, mainBranch, lookup, getScore) { const chunks = branchName.split(delim); const prev = (_b = (_a = bumpFragment === null || bumpFragment === void 0 ? void 0 : bumpFragment.groups) === null || _a === void 0 ? void 0 : _a.from) !== null && _b !== void 0 ? _b : ((_d = (_c = updateFragment === null || updateFragment === void 0 ? void 0 : updateFragment.groups) === null || _c === void 0 ? void 0 : _c.from) !== null && _d !== void 0 ? _d : ''); const next = (_f = (_e = bumpFragment === null || bumpFragment === void 0 ? void 0 : bumpFragment.groups) === null || _e === void 0 ? void 0 : _e.to) !== null && _f !== void 0 ? _f : ((_h = (_g = updateFragment === null || updateFragment === void 0 ? void 0 : updateFragment.groups) === null || _g === void 0 ? void 0 : _g.to) !== null && _h !== void 0 ? _h : ''); + const dependencyGroup = (_k = (_j = groupName === null || groupName === void 0 ? void 0 : groupName.groups) === null || _j === void 0 ? void 0 : _j.name) !== null && _k !== void 0 ? _k : ''; if (data['updated-dependencies']) { return yield Promise.all(data['updated-dependencies'].map((dependency, index) => __awaiter(this, void 0, void 0, function* () { const dirname = `/${chunks.slice(2, -1 * (1 + (dependency['dependency-name'].match(/\//g) || []).length)).join(delim) || ''}`; const lastVersion = index === 0 ? prev : ''; const nextVersion = index === 0 ? next : ''; const updateType = dependency['update-type'] || calculateUpdateType(lastVersion, nextVersion); - return Object.assign({ dependencyName: dependency['dependency-name'], dependencyType: dependency['dependency-type'], updateType, directory: dirname, packageEcosystem: chunks[1], targetBranch: mainBranch, prevVersion: lastVersion, newVersion: nextVersion, compatScore: yield scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]), maintainerChanges: newMaintainer }, yield lookupFn(dependency['dependency-name'], lastVersion, dirname)); + return Object.assign({ dependencyName: dependency['dependency-name'], dependencyType: dependency['dependency-type'], updateType, directory: dirname, packageEcosystem: chunks[1], targetBranch: mainBranch, prevVersion: lastVersion, newVersion: nextVersion, compatScore: yield scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]), maintainerChanges: newMaintainer, dependencyGroup: dependencyGroup }, yield lookupFn(dependency['dependency-name'], lastVersion, dirname)); }))); } }