diff --git a/README.md b/README.md index b302428..411f502 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,8 @@ Subsequent actions will have access to the following outputs: - If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the CVSS value of that alert (otherwise it contains 0). - `steps.dependabot-metadata.outputs.compatibility-score` - If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0). +- `steps.dependabot-metadata.outputs.maintainer-changes` + - Whether or not the the body of this PR contains the phrase "Maintainer changes" which is an indicator of whether or not any maintainers have changed. **Note:** By default, these outputs will only be populated if the target Pull Request was opened by Dependabot and contains **only** Dependabot-created commits. To override, see `skip-commit-verification` / `skip-verification`. diff --git a/action.yml b/action.yml index 19bde71..d1cf2a7 100644 --- a/action.yml +++ b/action.yml @@ -48,6 +48,8 @@ outputs: description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the CVSS value of that alert (otherwise it contains 0).' compatibility-score: description: 'If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0).' + maintainer-changes: + description: 'Whether or not the the body of this PR contains the phrase "Maintainer changes" which is an indicator of whether or not any maintainers have changed.' runs: using: 'node16' main: 'dist/index.js' diff --git a/dist/index.js b/dist/index.js index 925dbdb..f2fa167 100644 --- a/dist/index.js +++ b/dist/index.js @@ -9993,6 +9993,7 @@ function set(updatedDependencies) { const prevVersion = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.prevVersion; const newVersion = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.newVersion; const compatScore = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.compatScore; + const maintainerChanges = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.maintainerChanges; const alertState = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.alertState; const ghsaId = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.ghsaId; const cvss = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.cvss; @@ -10006,6 +10007,7 @@ function set(updatedDependencies) { core.info(`outputs.previous-version: ${prevVersion}`); core.info(`outputs.new-version: ${newVersion}`); core.info(`outputs.compatibility-score: ${compatScore}`); + core.info(`outputs.maintainer-changes: ${maintainerChanges}`); core.info(`outputs.alert-state: ${alertState}`); core.info(`outputs.ghsa-id: ${ghsaId}`); core.info(`outputs.cvss: ${cvss}`); @@ -10020,6 +10022,7 @@ function set(updatedDependencies) { core.setOutput('previous-version', prevVersion); core.setOutput('new-version', newVersion); core.setOutput('compatibility-score', compatScore); + core.setOutput('maintainer-changes', maintainerChanges); core.setOutput('alert-state', alertState); core.setOutput('ghsa-id', ghsaId); core.setOutput('cvss', cvss); @@ -10083,12 +10086,13 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge Object.defineProperty(exports, "__esModule", ({ value: true })); exports.calculateUpdateType = exports.parse = void 0; const YAML = __importStar(__nccwpck_require__(4083)); -function parse(commitMessage, branchName, mainBranch, lookup, getScore) { +function parse(commitMessage, body, branchName, mainBranch, lookup, getScore) { var _a, _b, _c, _d, _e, _f, _g, _h; return __awaiter(this, void 0, void 0, function* () { const bumpFragment = commitMessage.match(/^Bumps .* from (?v?\d[^ ]*) to (?v?\d[^ ]*)\.$/m); const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?v?\d[^ ]*) to \S*? ?(?v?\d[^ ]*)$/m); const yamlFragment = commitMessage.match(/^-{3}\n(?[\S|\s]*?)\n^\.{3}\n/m); + const newMaintainer = !!body.match(/Maintainer changes/m); const lookupFn = lookup !== null && lookup !== void 0 ? lookup : (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })); const scoreFn = getScore !== null && getScore !== void 0 ? getScore : (() => Promise.resolve(0)); if ((yamlFragment === null || yamlFragment === void 0 ? void 0 : yamlFragment.groups) && branchName.startsWith('dependabot')) { @@ -10104,7 +10108,7 @@ function parse(commitMessage, branchName, mainBranch, lookup, getScore) { const lastVersion = index === 0 ? prev : ''; const nextVersion = index === 0 ? next : ''; const updateType = dependency['update-type'] || calculateUpdateType(lastVersion, nextVersion); - return Object.assign({ dependencyName: dependency['dependency-name'], dependencyType: dependency['dependency-type'], updateType, directory: dirname, packageEcosystem: chunks[1], targetBranch: mainBranch, prevVersion: lastVersion, newVersion: nextVersion, compatScore: yield scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]) }, yield lookupFn(dependency['dependency-name'], lastVersion, dirname)); + return Object.assign({ dependencyName: dependency['dependency-name'], dependencyType: dependency['dependency-type'], updateType, directory: dirname, packageEcosystem: chunks[1], targetBranch: mainBranch, prevVersion: lastVersion, newVersion: nextVersion, compatScore: yield scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]), maintainerChanges: newMaintainer }, yield lookupFn(dependency['dependency-name'], lastVersion, dirname)); }))); } } @@ -10137,7 +10141,7 @@ exports.calculateUpdateType = calculateUpdateType; "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getBranchNames = exports.parseNwo = void 0; +exports.getBody = exports.getBranchNames = exports.parseNwo = void 0; function parseNwo(nwo) { const [owner, name] = nwo.split('/'); if (!owner || !name) { @@ -10151,6 +10155,11 @@ function getBranchNames(context) { return { headName: (pr === null || pr === void 0 ? void 0 : pr.head.ref) || '', baseName: pr === null || pr === void 0 ? void 0 : pr.base.ref }; } exports.getBranchNames = getBranchNames; +function getBody(context) { + const { pull_request: pr } = context.payload; + return (pr === null || pr === void 0 ? void 0 : pr.body) || ''; +} +exports.getBody = getBody; /***/ }), @@ -10357,6 +10366,7 @@ function run() { // Validate the job const commitMessage = yield verifiedCommits.getMessage(githubClient, github.context, core.getBooleanInput('skip-commit-verification'), core.getBooleanInput('skip-verification')); const branchNames = util.getBranchNames(github.context); + const body = util.getBody(github.context); let alertLookup; if (core.getInput('alert-lookup')) { alertLookup = (name, version, directory) => verifiedCommits.getAlert(name, version, directory, githubClient, github.context); @@ -10365,7 +10375,7 @@ function run() { if (commitMessage) { // Parse metadata core.info('Parsing Dependabot metadata'); - const updatedDependencies = yield updateMetadata.parse(commitMessage, branchNames.headName, branchNames.baseName, alertLookup, scoreLookup); + const updatedDependencies = yield updateMetadata.parse(commitMessage, body, branchNames.headName, branchNames.baseName, alertLookup, scoreLookup); if (updatedDependencies.length > 0) { output.set(updatedDependencies); } diff --git a/src/dependabot/output.test.ts b/src/dependabot/output.test.ts index 825d620..80d46ee 100644 --- a/src/dependabot/output.test.ts +++ b/src/dependabot/output.test.ts @@ -19,6 +19,7 @@ const baseDependency = { prevVersion: '', newVersion: '', compatScore: 0, + maintainerChanges: false, alertState: '', ghsaId: '', cvss: 0 @@ -36,6 +37,7 @@ test('when given a single dependency it sets its values', async () => { prevVersion: '1.0.2', newVersion: '1.1.3-beta', compatScore: 43, + maintainerChanges: true, alertState: 'FIXED', ghsaId: 'VERY_LONG_ID', cvss: 4.6 diff --git a/src/dependabot/output.ts b/src/dependabot/output.ts index 1add18f..3748c9f 100644 --- a/src/dependabot/output.ts +++ b/src/dependabot/output.ts @@ -27,6 +27,7 @@ export function set (updatedDependencies: Array): void { const prevVersion = firstDependency?.prevVersion const newVersion = firstDependency?.newVersion const compatScore = firstDependency?.compatScore + const maintainerChanges = firstDependency?.maintainerChanges const alertState = firstDependency?.alertState const ghsaId = firstDependency?.ghsaId const cvss = firstDependency?.cvss @@ -41,6 +42,7 @@ export function set (updatedDependencies: Array): void { core.info(`outputs.previous-version: ${prevVersion}`) core.info(`outputs.new-version: ${newVersion}`) core.info(`outputs.compatibility-score: ${compatScore}`) + core.info(`outputs.maintainer-changes: ${maintainerChanges}`) core.info(`outputs.alert-state: ${alertState}`) core.info(`outputs.ghsa-id: ${ghsaId}`) core.info(`outputs.cvss: ${cvss}`) @@ -56,6 +58,7 @@ export function set (updatedDependencies: Array): void { core.setOutput('previous-version', prevVersion) core.setOutput('new-version', newVersion) core.setOutput('compatibility-score', compatScore) + core.setOutput('maintainer-changes', maintainerChanges) core.setOutput('alert-state', alertState) core.setOutput('ghsa-id', ghsaId) core.setOutput('cvss', cvss) diff --git a/src/dependabot/update_metadata.test.ts b/src/dependabot/update_metadata.test.ts index ca00af2..83592f6 100644 --- a/src/dependabot/update_metadata.test.ts +++ b/src/dependabot/update_metadata.test.ts @@ -3,7 +3,7 @@ import * as updateMetadata from './update_metadata' test('it returns an empty array for a blank string', async () => { const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 }) const getScore = async () => Promise.resolve(43) - expect(updateMetadata.parse('', 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore)).resolves.toEqual([]) + expect(updateMetadata.parse('', '', 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore)).resolves.toEqual([]) }) test('it returns an empty array for commit message with no dependabot yaml fragment', async () => { @@ -16,7 +16,7 @@ test('it returns an empty array for commit message with no dependabot yaml fragm const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 }) const getScore = async () => Promise.resolve(43) - expect(updateMetadata.parse(commitMessage, 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore)).resolves.toEqual([]) + expect(updateMetadata.parse(commitMessage, '', 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore)).resolves.toEqual([]) }) test('it returns the updated dependency information when there is a yaml fragment', async () => { @@ -33,10 +33,18 @@ test('it returns the updated dependency information when there is a yaml fragmen '...\n' + '\n' + 'Signed-off-by: dependabot[bot] ' + const body = + 'Bumps [coffee-rails](https://github.com/rails/coffee-rails) from 4.0.1 to 4.2.2.\n' + + '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' + + '- [Changelog](https://github.com/rails/coffee-rails/blob/master/CHANGELOG.md)\n' + + '- [Commits](rails/coffee-rails@v4.0.1...v4.2.2)\n' + + '\n' + + 'Maintainer changes:\n' + + 'The maintainer changed!' const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 }) const getScore = async () => Promise.resolve(43) - const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore) + const updatedDependencies = await updateMetadata.parse(commitMessage, body, 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore) expect(updatedDependencies).toHaveLength(1) @@ -49,6 +57,7 @@ test('it returns the updated dependency information when there is a yaml fragmen expect(updatedDependencies[0].prevVersion).toEqual('4.0.1') expect(updatedDependencies[0].newVersion).toEqual('4.2.2') expect(updatedDependencies[0].compatScore).toEqual(43) + expect(updatedDependencies[0].maintainerChanges).toEqual(true) expect(updatedDependencies[0].alertState).toEqual('DISMISSED') expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB') expect(updatedDependencies[0].cvss).toEqual(4.6) @@ -72,6 +81,13 @@ test('it supports multiple dependencies within a single fragment', async () => { '...\n' + '\n' + 'Signed-off-by: dependabot[bot] ' + const body = + 'Bumps [coffee-rails](https://github.com/rails/coffee-rails) from 4.0.1 to 4.2.2.\n' + + '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' + + '- [Changelog](https://github.com/rails/coffee-rails/blob/master/CHANGELOG.md)\n' + + '- [Commits](rails/coffee-rails@v4.0.1...v4.2.2)\n' + + '\n' + + 'Has the maintainer changed?' const getAlert = async (name: string) => { if (name === 'coffee-rails') { @@ -89,7 +105,7 @@ test('it supports multiple dependencies within a single fragment', async () => { return Promise.resolve(0) } - const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/api/main/coffee-rails', 'main', getAlert, getScore) + const updatedDependencies = await updateMetadata.parse(commitMessage, body, 'dependabot/nuget/api/main/coffee-rails', 'main', getAlert, getScore) expect(updatedDependencies).toHaveLength(2) @@ -102,6 +118,7 @@ test('it supports multiple dependencies within a single fragment', async () => { expect(updatedDependencies[0].prevVersion).toEqual('4.0.1') expect(updatedDependencies[0].newVersion).toEqual('4.2.2') expect(updatedDependencies[0].compatScore).toEqual(34) + expect(updatedDependencies[0].maintainerChanges).toEqual(false) expect(updatedDependencies[0].alertState).toEqual('DISMISSED') expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB') expect(updatedDependencies[0].cvss).toEqual(4.6) @@ -114,6 +131,7 @@ test('it supports multiple dependencies within a single fragment', async () => { expect(updatedDependencies[1].targetBranch).toEqual('main') expect(updatedDependencies[1].prevVersion).toEqual('') expect(updatedDependencies[1].compatScore).toEqual(0) + expect(updatedDependencies[1].maintainerChanges).toEqual(false) expect(updatedDependencies[1].alertState).toEqual('') expect(updatedDependencies[1].ghsaId).toEqual('') expect(updatedDependencies[1].cvss).toEqual(0) @@ -136,7 +154,7 @@ test('it returns the updated dependency information when there is a leading v in const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 }) const getScore = async () => Promise.resolve(43) - const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore) + const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore) expect(updatedDependencies).toHaveLength(1) @@ -176,7 +194,7 @@ test('it only returns information within the first fragment if there are multipl '\n' + 'Signed-off-by: dependabot[bot] ' - const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot|nuget|coffee-rails', 'main', undefined, undefined) + const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot|nuget|coffee-rails', 'main', undefined, undefined) expect(updatedDependencies).toHaveLength(1) @@ -189,6 +207,7 @@ test('it only returns information within the first fragment if there are multipl expect(updatedDependencies[0].prevVersion).toEqual('') expect(updatedDependencies[0].newVersion).toEqual('') expect(updatedDependencies[0].compatScore).toEqual(0) + expect(updatedDependencies[0].maintainerChanges).toEqual(false) expect(updatedDependencies[0].alertState).toEqual('') expect(updatedDependencies[0].ghsaId).toEqual('') expect(updatedDependencies[0].cvss).toEqual(0) @@ -211,7 +230,7 @@ test('it properly handles dependencies which contain slashes', async () => { const getAlert = async () => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 }) const getScore = async () => Promise.resolve(0) - const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/api/rails/coffee', 'main', getAlert, getScore) + const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot/nuget/api/rails/coffee', 'main', getAlert, getScore) expect(updatedDependencies).toHaveLength(1) @@ -224,6 +243,7 @@ test('it properly handles dependencies which contain slashes', async () => { expect(updatedDependencies[0].prevVersion).toEqual('') expect(updatedDependencies[0].newVersion).toEqual('') expect(updatedDependencies[0].compatScore).toEqual(0) + expect(updatedDependencies[0].maintainerChanges).toEqual(false) expect(updatedDependencies[0].alertState).toEqual('') expect(updatedDependencies[0].ghsaId).toEqual('') expect(updatedDependencies[0].cvss).toEqual(0) diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts index 21594ec..f1f1f1c 100644 --- a/src/dependabot/update_metadata.ts +++ b/src/dependabot/update_metadata.ts @@ -15,7 +15,8 @@ export interface updatedDependency extends dependencyAlert { targetBranch: string, prevVersion: string, newVersion: string, - compatScore: number + compatScore: number, + maintainerChanges: boolean } export interface alertLookup { @@ -26,10 +27,11 @@ export interface scoreLookup { (dependencyName: string, previousVersion: string, newVersion: string, ecosystem: string): Promise; } -export async function parse (commitMessage: string, branchName: string, mainBranch: string, lookup?: alertLookup, getScore?: scoreLookup): Promise> { +export async function parse (commitMessage: string, body: string, branchName: string, mainBranch: string, lookup?: alertLookup, getScore?: scoreLookup): Promise> { const bumpFragment = commitMessage.match(/^Bumps .* from (?v?\d[^ ]*) to (?v?\d[^ ]*)\.$/m) const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?v?\d[^ ]*) to \S*? ?(?v?\d[^ ]*)$/m) const yamlFragment = commitMessage.match(/^-{3}\n(?[\S|\s]*?)\n^\.{3}\n/m) + const newMaintainer = !!body.match(/Maintainer changes/m) const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })) const scoreFn = getScore ?? (() => Promise.resolve(0)) @@ -58,6 +60,7 @@ export async function parse (commitMessage: string, branchName: string, mainBran prevVersion: lastVersion, newVersion: nextVersion, compatScore: await scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]), + maintainerChanges: newMaintainer, ...await lookupFn(dependency['dependency-name'], lastVersion, dirname) } })) diff --git a/src/dependabot/util.ts b/src/dependabot/util.ts index 3292590..7a0a26e 100644 --- a/src/dependabot/util.ts +++ b/src/dependabot/util.ts @@ -19,3 +19,8 @@ export function getBranchNames (context: Context): branchNames { const { pull_request: pr } = context.payload return { headName: pr?.head.ref || '', baseName: pr?.base.ref } } + +export function getBody (context: Context): string { + const { pull_request: pr } = context.payload + return pr?.body || '' +} diff --git a/src/dry-run.ts b/src/dry-run.ts index b806d55..50d3859 100755 --- a/src/dry-run.ts +++ b/src/dry-run.ts @@ -53,7 +53,7 @@ async function check (args: any): Promise { const branchNames = getBranchNames(newContext) const lookupFn = (name, version, directory) => getAlert(name, version, directory, githubClient, actionContext) - const updatedDependencies = await parse(commitMessage, branchNames.headName, branchNames.baseName, lookupFn, getCompatibility) + const updatedDependencies = await parse(commitMessage, pullRequest.body, branchNames.headName, branchNames.baseName, lookupFn, getCompatibility) if (updatedDependencies.length > 0) { console.log('Updated dependencies:') diff --git a/src/main.test.ts b/src/main.test.ts index 96bd49a..33420a6 100644 --- a/src/main.test.ts +++ b/src/main.test.ts @@ -111,6 +111,7 @@ test('it sets the updated dependency as an output for subsequent actions when gi prevVersion: '4.0.1', newVersion: '4.2.2', compatScore: 0, + maintainerChanges: false, alertState: '', ghsaId: '', cvss: 0 @@ -127,6 +128,7 @@ test('it sets the updated dependency as an output for subsequent actions when gi expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1') expect(core.setOutput).toBeCalledWith('new-version', '4.2.2') expect(core.setOutput).toBeCalledWith('compatibility-score', 0) + expect(core.setOutput).toBeCalledWith('maintainer-changes', false) expect(core.setOutput).toBeCalledWith('alert-state', '') expect(core.setOutput).toBeCalledWith('ghsa-id', '') expect(core.setOutput).toBeCalledWith('cvss', 0) @@ -176,6 +178,7 @@ test('it sets the updated dependency as an output for subsequent actions when th updateType: 'version-update:semver-minor', directory: '/', packageEcosystem: 'nuget', + maintainerChanges: false, targetBranch: 'main', prevVersion: 'v4.0.1', newVersion: 'v4.2.2', @@ -196,6 +199,7 @@ test('it sets the updated dependency as an output for subsequent actions when th expect(core.setOutput).toBeCalledWith('previous-version', 'v4.0.1') expect(core.setOutput).toBeCalledWith('new-version', 'v4.2.2') expect(core.setOutput).toBeCalledWith('compatibility-score', 0) + expect(core.setOutput).toBeCalledWith('maintainer-changes', false) expect(core.setOutput).toBeCalledWith('alert-state', '') expect(core.setOutput).toBeCalledWith('ghsa-id', '') expect(core.setOutput).toBeCalledWith('cvss', 0) @@ -247,6 +251,7 @@ test('it sets the updated dependency as an output for subsequent actions when gi directory: '/', packageEcosystem: 'bundler', targetBranch: 'main', + maintainerChanges: false, prevVersion: '1.30.1', newVersion: '1.31.0', compatScore: 0, @@ -266,6 +271,7 @@ test('it sets the updated dependency as an output for subsequent actions when gi expect(core.setOutput).toBeCalledWith('previous-version', '1.30.1') expect(core.setOutput).toBeCalledWith('new-version', '1.31.0') expect(core.setOutput).toBeCalledWith('compatibility-score', 0) + expect(core.setOutput).toBeCalledWith('maintainer-changes', false) expect(core.setOutput).toBeCalledWith('alert-state', '') expect(core.setOutput).toBeCalledWith('ghsa-id', '') expect(core.setOutput).toBeCalledWith('cvss', 0) @@ -324,6 +330,7 @@ test('if there are multiple dependencies, it summarizes them', async () => { prevVersion: '4.0.1', newVersion: '4.2.2', compatScore: 34, + maintainerChanges: false, alertState: '', ghsaId: '', cvss: 0 @@ -338,6 +345,7 @@ test('if there are multiple dependencies, it summarizes them', async () => { prevVersion: '', newVersion: '', compatScore: 34, + maintainerChanges: false, alertState: '', ghsaId: '', cvss: 0 @@ -354,6 +362,7 @@ test('if there are multiple dependencies, it summarizes them', async () => { expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1') expect(core.setOutput).toBeCalledWith('new-version', '4.2.2') expect(core.setOutput).toBeCalledWith('compatibility-score', 34) + expect(core.setOutput).toBeCalledWith('maintainer-changes', false) expect(core.setOutput).toBeCalledWith('alert-state', '') expect(core.setOutput).toBeCalledWith('ghsa-id', '') expect(core.setOutput).toBeCalledWith('cvss', 0) diff --git a/src/main.ts b/src/main.ts index 336766c..f05bc1f 100644 --- a/src/main.ts +++ b/src/main.ts @@ -24,6 +24,7 @@ export async function run (): Promise { // Validate the job const commitMessage = await verifiedCommits.getMessage(githubClient, github.context, core.getBooleanInput('skip-commit-verification'), core.getBooleanInput('skip-verification')) const branchNames = util.getBranchNames(github.context) + const body = util.getBody(github.context) let alertLookup: updateMetadata.alertLookup | undefined if (core.getInput('alert-lookup')) { alertLookup = (name, version, directory) => verifiedCommits.getAlert(name, version, directory, githubClient, github.context) @@ -34,7 +35,7 @@ export async function run (): Promise { // Parse metadata core.info('Parsing Dependabot metadata') - const updatedDependencies = await updateMetadata.parse(commitMessage, branchNames.headName, branchNames.baseName, alertLookup, scoreLookup) + const updatedDependencies = await updateMetadata.parse(commitMessage, body, branchNames.headName, branchNames.baseName, alertLookup, scoreLookup) if (updatedDependencies.length > 0) { output.set(updatedDependencies)