dependabot/fetch-metadata
2
0
Fork 0
mirror of https://github.com/dependabot/fetch-metadata.git synced 2026-03-12 18:07:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

Bump dist/

Browse Source
This commit is contained in:
Barry Gordon
2022-06-30 14:43:46 +01:00
parent d882a80163
commit 6c87543e47
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dist/index.js generated vendored
View File

@@ -9065,7 +9065,7 @@ exports.getCompatibility = exports.trimSlashes = exports.getAlert = exports.getM
const core = __importStar(__nccwpck_require__(2186));
const https_1 = __importDefault(__nccwpck_require__(5687));
const DEPENDABOT_LOGIN = 'dependabot[bot]';
function getMessage(client, context) {
function getMessage(client, context, skipCommitVerification = false) {
var _a;
return __awaiter(this, void 0, void 0, function* () {
core.debug('Verifying the job is for an authentic Dependabot Pull Request');
@@ -9092,7 +9092,7 @@ function getMessage(client, context) {
core.warning('It looks like this PR was not created by Dependabot, refusing to proceed.');
return false;
}
if (!((_a = commit.verification) === null || _a === void 0 ? void 0 : _a.verified)) {
if (!skipCommitVerification && !((_a = commit.verification) === null || _a === void 0 ? void 0 : _a.verified)) {
// TODO: Promote to setFailed
core.warning("Dependabot's commit signature is not verified, refusing to proceed.");
return false;
@@ -9216,7 +9216,7 @@ function run() {
try {
const githubClient = github.getOctokit(token);
// Validate the job
const commitMessage = yield verifiedCommits.getMessage(githubClient, github.context);
const commitMessage = yield verifiedCommits.getMessage(githubClient, github.context, core.getBooleanInput('skip-commit-verification'));
const branchNames = util.getBranchNames(github.context);
let alertLookup;
if (core.getInput('alert-lookup')) {