diff --git a/README.md b/README.md index df02c34..933ed7b 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ jobs: with: github-token: "${{ secrets.GITHUB_TOKEN }}" alert-lookup: true + compat-lookup: true ``` Supported inputs are: @@ -33,7 +34,10 @@ Supported inputs are: - `github-token` (REQUIRED string) - The `GITHUB_TOKEN` secret - `alert-lookup` (boolean) - - If `true`, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs. + - If `true`, then populate the `alert-state`, `ghsa-id` and `cvss` outputs. + - Defaults to `false` +- `compat-lookup` (boolean) + - If `true`, then populate the `compatibility-score` output. - Defaults to `false` Subsequent actions will have access to the following outputs: @@ -56,14 +60,14 @@ Subsequent actions will have access to the following outputs: - The version that this PR updates the dependency from. - `steps.dependabot-metadata.outputs.new-version` - The version that this PR updates the dependency to. -- `steps.dependabot-metadata.outputs.compatibility-score` - - The compatibility score of this update (if known, 0 otherwise) - `steps.dependabot-metadata.outputs.alert-state` - If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the current state of that alert (OPEN, FIXED or DISMISSED). - `steps.dependabot-metadata.outputs.ghsa-id` - If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the GHSA-ID of that alert. - `steps.dependabot-metadata.outputs.cvss` - If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the CVSS value of that alert (otherwise it contains 0). +- `steps.dependabot-metadata.outputs.compatibility-score` + - If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0). **Note:** These outputs will only be populated if the target Pull Request was opened by Dependabot and contains **only** Dependabot-created commits. diff --git a/action.yml b/action.yml index fa9566d..80fa9cb 100644 --- a/action.yml +++ b/action.yml @@ -6,7 +6,10 @@ branding: inputs: alert-lookup: type: boolean - description: 'If true, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs' + description: 'If true, then populate the `alert-state`, `ghsa-id` and `cvss` outputs' + compat-lookup: + type: boolean + description: 'If true, then populate the `compatibility-score` output' github-token: description: 'The GITHUB_TOKEN secret' required: true @@ -29,14 +32,14 @@ outputs: description: 'The version that this PR updates the dependency from.' new-version: description: 'The version that this PR updates the dependency to.' - compatibility-score: - description: 'The compatibility score of this update (if known, 0 otherwise)' alert-state: description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the current state of that alert (OPEN, FIXED or DISMISSED).' ghsa-id: description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the GHSA-ID of that alert.' cvss: description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the CVSS value of that alert (otherwise it contains 0).' + compatibility-score: + description: 'If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0).' runs: using: 'node12' main: 'dist/index.js' diff --git a/dist/index.js b/dist/index.js index c7ee0ce..4a9adaa 100644 --- a/dist/index.js +++ b/dist/index.js @@ -9302,10 +9302,11 @@ function run() { if (core.getInput('alert-lookup')) { alertLookup = (name, version, directory) => verifiedCommits.getAlert(name, version, directory, githubClient, github.context); } + const scoreLookup = core.getInput('compat-lookup') ? verifiedCommits.getCompatibility : undefined; if (commitMessage) { // Parse metadata core.info('Parsing Dependabot metadata'); - const updatedDependencies = yield updateMetadata.parse(commitMessage, branchNames.headName, branchNames.baseName, alertLookup, verifiedCommits.getCompatibility); + const updatedDependencies = yield updateMetadata.parse(commitMessage, branchNames.headName, branchNames.baseName, alertLookup, scoreLookup); if (updatedDependencies.length > 0) { output.set(updatedDependencies); } diff --git a/src/main.ts b/src/main.ts index 0cee9c7..3a53454 100644 --- a/src/main.ts +++ b/src/main.ts @@ -28,12 +28,13 @@ export async function run (): Promise { if (core.getInput('alert-lookup')) { alertLookup = (name, version, directory) => verifiedCommits.getAlert(name, version, directory, githubClient, github.context) } + const scoreLookup = core.getInput('compat-lookup') ? verifiedCommits.getCompatibility : undefined if (commitMessage) { // Parse metadata core.info('Parsing Dependabot metadata') - const updatedDependencies = await updateMetadata.parse(commitMessage, branchNames.headName, branchNames.baseName, alertLookup, verifiedCommits.getCompatibility) + const updatedDependencies = await updateMetadata.parse(commitMessage, branchNames.headName, branchNames.baseName, alertLookup, scoreLookup) if (updatedDependencies.length > 0) { output.set(updatedDependencies)