dependabot/fetch-metadata
2
0
Fork 0
mirror of https://github.com/dependabot/fetch-metadata.git synced 2026-03-13 18:17:13 -04:00
Code Issues Packages Projects Releases Wiki Activity

updating documentation and adding more checks to unit tests

Browse Source
This commit is contained in:
Michael Waddell
2022-02-17 21:15:55 -06:00
parent 1cb4b42b75
commit 317bd19a8e
4 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -43,6 +43,16 @@ Subsequent actions will have access to the following outputs:
- The `package-ecosystem` configuration that was used by dependabot for this updated Dependency.
- `steps.dependabot-metadata.outputs.target-branch`
- The `target-branch` configuration that was used by dependabot for this updated Dependency.
- `steps.dependabot-metadata.outputs.previous-version`
- The version that this PR updates the dependency from.
- `steps.dependabot-metadata.outputs.new-version`
- The version that this PR updates the dependency to.
- `steps.dependabot-metadata.outputs.alert-state`
- If this PR is associated with a security alert, this contains the current state of that alert (OPEN, FIXED or DISMISSED).
- `steps.dependabot-metadata.outputs.ghsa-id`
- If this PR is associated with a security alert, this contains the GHSA-ID of that alert.
- `steps.dependabot-metadata.outputs.cvss`
- If this PR is associated with a security alert, this contains the CVSS value of that alert (otherwise it contains 0).
**Note:** These outputs will only be populated if the target Pull Request was opened by Dependabot and contains
**only** Dependabot-created commits.

10
action.yml
View File

@@ -22,6 +22,16 @@ outputs:
description: 'The `package-ecosystem` configuration that was used by dependabot for this updated Dependency.'
target-branch:
description: 'The `target-branch` configuration that was used by dependabot for this updated Dependency.'
previous-version:
description: 'The version that this PR updates the dependency from.'
new-version:
description: 'The version that this PR updates the dependency to.'
alert-state:
description: 'If this PR is associated with a security alert, this contains the current state of that alert (OPEN, FIXED or DISMISSED).'
ghsa-id:
description: 'If this PR is associated with a security alert, this contains the GHSA-ID of that alert.'
cvss:
description: 'If this PR is associated with a security alert, this contains the CVSS value of that alert (otherwise it contains 0).'
runs:
using: 'node12'
main: 'dist/index.js'

20
src/dependabot/output.test.ts
View File

@@ -54,6 +54,11 @@ test('when given a single dependency it sets its values', async () => {
expect(core.setOutput).toBeCalledWith('directory', 'wwwroot')
expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget')
expect(core.setOutput).toBeCalledWith('target-branch', 'main')
expect(core.setOutput).toBeCalledWith('previous-version', '1.0.2')
expect(core.setOutput).toBeCalledWith('new-version', '1.1.3-beta')
expect(core.setOutput).toBeCalledWith('alert-state', 'FIXED')
expect(core.setOutput).toBeCalledWith('ghsa-id', 'VERY_LONG_ID')
expect(core.setOutput).toBeCalledWith('cvss', 4.6)
})
test('when given a multiple dependencies, it uses the highest values for types', async () => {
@@ -94,6 +99,11 @@ test('when given a multiple dependencies, it uses the highest values for types',
expect(core.setOutput).toBeCalledWith('directory', '')
expect(core.setOutput).toBeCalledWith('package-ecosystem', '')
expect(core.setOutput).toBeCalledWith('target-branch', '')
expect(core.setOutput).toBeCalledWith('previous-version', '')
expect(core.setOutput).toBeCalledWith('new-version', '')
expect(core.setOutput).toBeCalledWith('alert-state', '')
expect(core.setOutput).toBeCalledWith('ghsa-id', '')
expect(core.setOutput).toBeCalledWith('cvss', 0)
})
test('when the dependency has no update type', async () => {
@@ -119,6 +129,11 @@ test('when the dependency has no update type', async () => {
expect(core.setOutput).toBeCalledWith('directory', '')
expect(core.setOutput).toBeCalledWith('package-ecosystem', '')
expect(core.setOutput).toBeCalledWith('target-branch', '')
expect(core.setOutput).toBeCalledWith('previous-version', '')
expect(core.setOutput).toBeCalledWith('new-version', '')
expect(core.setOutput).toBeCalledWith('alert-state', '')
expect(core.setOutput).toBeCalledWith('ghsa-id', '')
expect(core.setOutput).toBeCalledWith('cvss', 0)
})
test('when given a multiple dependencies, and some do not have update types', async () => {
@@ -157,4 +172,9 @@ test('when given a multiple dependencies, and some do not have update types', as
expect(core.setOutput).toBeCalledWith('directory', '')
expect(core.setOutput).toBeCalledWith('package-ecosystem', '')
expect(core.setOutput).toBeCalledWith('target-branch', '')
expect(core.setOutput).toBeCalledWith('previous-version', '')
expect(core.setOutput).toBeCalledWith('new-version', '')
expect(core.setOutput).toBeCalledWith('alert-state', '')
expect(core.setOutput).toBeCalledWith('ghsa-id', '')
expect(core.setOutput).toBeCalledWith('cvss', 0)
})

10
src/main.test.ts
View File

@@ -119,6 +119,11 @@ test('it sets the updated dependency as an output for subsequent actions', async
expect(core.setOutput).toBeCalledWith('directory', '/')
expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget')
expect(core.setOutput).toBeCalledWith('target-branch', 'main')
expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1')
expect(core.setOutput).toBeCalledWith('new-version', '4.2.2')
expect(core.setOutput).toBeCalledWith('alert-state', 'FIXED')
expect(core.setOutput).toBeCalledWith('ghsa-id', 'GSHA')
expect(core.setOutput).toBeCalledWith('cvss', 3.4)
})
test('if there are multiple dependencies, it summarizes them', async () => {
@@ -196,6 +201,11 @@ test('if there are multiple dependencies, it summarizes them', async () => {
expect(core.setOutput).toBeCalledWith('directory', 'api/main')
expect(core.setOutput).toBeCalledWith('package-ecosystem', 'npm_and_yarn')
expect(core.setOutput).toBeCalledWith('target-branch', 'trunk')
expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1')
expect(core.setOutput).toBeCalledWith('new-version', '4.2.2')
expect(core.setOutput).toBeCalledWith('alert-state', '')
expect(core.setOutput).toBeCalledWith('ghsa-id', '')
expect(core.setOutput).toBeCalledWith('cvss', 0)
})
test('it sets the action to failed if there is an unexpected exception', async () => {